How does malware work?

Malware is able to compromise information systems due to a combination of factors that include insecure operating system design and related software vulnerabilities.Malware works by running or installing itself on an information system manually or automatically.Software may contain

vulnerabilities, or "holes" in its fabric caused by faulty coding. Software may also be improperly configured, have functionality turned off, be used in a manner not compatible with suggested uses or improperly configured with other software. All of these are potential vulnerabilities and vectors for attack. Once these vulnerabilities are discovered, malware can be developed to explo it them for malicious purposes before the security community has developed a “fix”, known as a patch. Malware can also compromise information systems due to non-technological factors such as poor user practices and inadequate security policies and procedures.

Many types of malware such as viruses or trojans require some level of user interaction to initiate the infection process such as click ing on a web link in an e-mail, opening an executable file attached to ane-mail or visiting a website where malware is hosted. Once security has been breached by the initial infection, some forms of malware automatically install additional functionality such as spyware(e.g.keylogger),backdoor, rootkit or any other type of malware,known as the payload.

Social engineering,in the form of e-mail messages that are intriguing or appear to be from legitimate organisations,is often used to convince users to click on a malicious link or download malware.For example, users may think they have received a notice from their bank, or a virus warning from the system administrator, when they have actually received a mass-mailing worm.Other examples include e-mail message sclaiming to be an e-card from an unspecified friend to persuade users to open the attached “card” and download the malware. Malware can also be downloaded from web pages unintentionally by users.A recent study by Google that examined several billion URLs and included an in-depth analysis of 4.5 million found that, of that sample,700 000 seemed malicious and that 450 000 were capable of launching malicious downloads.Another report found that only about one in five websites analysed were malicious by design. This has led to the conclusion that about 80% of all web-based malware is being hosted on innocent but compromised websites unbeknownst to their owners.

A different report found that 53.9% of all malicious websites observed are hosted in China.The United States ranks second in the same study with 27.2% of malicious websites observed located in there.Furthermore, data provided in Annex A of this report demonstrates that malware on web pages accounts for 52.8% of incident reports by mid-2007 received by the United States Computer Emergency Readiness Team (US-CERT).