273Malicious software (or malware) is any program that works against the inter-
ests of the system’s user or owner. Generally speaking, computer users expect
the computer and all of the software running on it to work on their behalf. Any
program that violates this rule is considered malware, because it works in the
interest of other people. Sometimes the distinction can get fuzzy. Imagine what
happens when a company CEO decides to spy on all company employees.
There are numerous programs available that report all kinds of usage statistics
and Web-browsing habits. These can be considered malware because they
work against the interest of the system’s end user and are often extremely dif-
ficult to remove.
This chapter introduces the concept of malware and describes the purpose
of these programs and how they work. We will be getting into the different
types of malware currently in existence, and we’ll describe the various tech-
niques they employ in hiding from end users and from antivirus programs.
This topic is related to reversing because reversing is the strongest weapon
we, the good people, have against creators of malware. Antivirus researchers
routinely engage in reversing sessions in order to analyze the latest malicious
programs, determine just how dangerous they are, and learn their weaknesses
so that effective antivirus programs can be developed. This chapter opens with
a general discussion on some basic malware concepts, and proceeds to demon-
strate the malware analysis process on real-world malware.