Talk:Malware/Archive 1

I Am Currently Studying A Project on This Type Of Subject"

Can any person that visits this page who has had recent contact with the writing of such software please tell me your motivations behind this and why???.88.104.147.21 (talk) 15:10, 1 March 2008 (UTC)

Viruses work and spread"

"Viruses work and spread (within the infected system) by attaching themselves to other pieces of software (...)"

This sentence is used in the article to give a definition of computer virus. Although I think it's pretty reasonable, I don't think that this definition is completely correct. The problem, in my opinion, is the word attaching. Some viruses do not attach their code to a host program, but simply overwrite executable files (e.g. the Trivial family on the DOS platform, some bootsector-viruses). Other viruses do not write to program files of software at all, but 'infect' executable files by manipulating non-executable structures (e.g. FAT-Infectors such as Dir-II, Companion viruses in MS-DOS).

So, I think it would be more accurate to say that "A computer virus spreads by means of hosts, which typically are executable files that are a part of legitimate software. Some viruses use other types of hosts: for example, macro viruses attach themselves to documents and bootsector viruses use boot sectors of computer media. Normally, a virus attaches itself to other software in a way that ensures the virus is executed first. "Sietse 21:46, 15 Sep 2004 (UTC)

I have rewritten the paragraph about viruses in the light of your comments. I take a "virus" to mean any code that infects other executable code — a boot sector is executable code. —FOo 22:43, 15 Sep 2004 (UTC)

Thanks, that looks better to me. I have also added some other criteria to the definitions . Sietse 11:07, 16 Sep 2004 (UTC)

Reorganization Reverted

On November 1, it seemed as if the Malware article was reorganized. I have reverted the article to the previous organization. Please add additional sections to the article for your contributions. The structure as it is right now is fine the way it is. Hfguide 13:30, 3 November 2005 (UTC)

Portmanteau

Malware (a portmanteau of "malicious software")... this is not. According to [1] (in dictionary.com [2]), Mal in english is a prefix meaning Bad. Malicious is not the source. I suggest changing it.

1. The American Heritage® Dictionary of the English Language, Fourth Edition
2. http://dictionary.reference.com/search?q=mal

I'm not so sure. The fact that a string of letters can be a prefix does not mean that it is always being used as a prefix when it occurs at the start of a word. For instance, ant- is a prefix meaning "opposed", as in antonym or antithesis. However, it is not a prefix in antenna or anthrax. An antenna is not opposed to an enna. ☺

My searches suggest that the word "malware" is generally understood to be a contraction (or "portmanteau word" — Lewis Carroll's expression for a playful contraction of words) of "malicious software". See, e.g., Google define:malware or Google:malware malicious.

Moreover, as a prefix, mal- does not mean "malicious"; as you note, it simply means "bad". However, the term "malware" is not used to mean "bad software" — that is, software of poor quality, or things that are not good at being software. It is used, rather, to mean software that is written or released with the intent to cause harm. This, too, suggests that the etymology is from "malicious software" and is a portmanteau.

The portmanteau formation in -ware to refer to categories of software is very common. Consider shareware (shareable software), adware (advertisement software), or shovelware (shoveled software — a '90s term for the obligatory heap of poor-quality shareware bundled with some computers and products). —FOo 00:07, 27 Oct 2004 (UTC)

While "mal-" does simply mean "bad" or "evil" and not specifically "malicious," I think it is the more likely etymology; so does my etymology geek dad. The words malefactor, malevolent, and malignant are all as relevant as "malicious;" the common theme here is "mal-". I have changed the article. !melquiades 00:13, 26 March 2006 (UTC)

What you or your dad consider likely should not be the basis of an encyclopedia article! It's very bad for Wikipedia that "this article has been cited as a source or otherwise recommended by the mainstream press." Who knows how far the etymological nonsense and this Wikipedia error has spread. I wasn't able to find any mention of it at Wikipedia:Wikipedia as a press source.

And if your dad were more than one of millions of etymology buffs, most of whom produce and reiterate many folk etymologies, he would have provided some proof for his opinion. Etymology is an exact science, not normally a matter of opinions or likelihood, although these are also often necessary due to lack of historical records. In the case of a modern term, especially a technical one, it is usually much easier to find a record of its use, even first use, because the written words of most geeks are recorded electronically. Your naive claims contradict everything i have ever seen on this topic in any reputable source. Here are some samples:

http://www.wordspy.com/words/malware.asp Earliest Citation: Computer viruses that attack IBM PCs and compatibles are nearing a milestone of sorts. Within the next few months, the list of viruses will top 1,000, according to Klaus Brunnstein, a noted German computer virus expert. He has published a list of known malicious software for MS-DOS systems that includes 979 viruses and 19 trojans. In all, there are 998 pieces of "malware," Brunnstein said. —"Inside lines," ComputerWorld, July 29, 1991

http://dictionary.reference.com/search?q=malware&r=66 software, such as viruses, intended to damage or disable a computer system; short for malicious software; also written mal-ware Etymology: 1998-2003 Webster's New Millennium™ Dictionary of English, Preview Edition (v 0.9.6) Copyright © 2003-2005 Lexico Publishing Group, LLC

http://en.wiktionary.org/wiki/malware Blend of malicious and software

http://www.netlingo.com/lookup.cfm?term=malware http://www.pcwebopaedia.com/TERM/M/malware.html http://whatis.techtarget.com/wsearchResults/1,290214,sid9,00.html?query=malware http://www.geocities.com/ikind_babel/babel/babel.html#M --Espoo 16:50, 24 September 2006 (UTC)

Overuse of the term "virus"

Referring to the section "overuse of the term 'virus'", it's worse than you think. I've even seen people use "virus" to refer to accidental ill effects, such as the Y2K bug, which was called the "Y2K virus" in Finnish media.

Worse - I've heard the term "trojan horse virus" being used recently, most notably in an ISP TV ad. That bugs me (no pun intended) since by definition, something can't be a trojan horse and a virus at the same time. A trojan can be a dropper for viruses though.

I also saw an article on the malware that spreads via emails with a Michael Jackson subject, that used the words spam, trojan horse, virus, and malware, and only malware was used correctly. oh well.

Mike 04:33, Jun 14, 2005 (UTC)

WAIT. I am not convinced that it is an overusage of the term Virus to have it refer to Viruses, Trojan horses, malware (an admittedly inverted subclassification), worms, etc. I believe that the common usage of the term allows it as an umbrella term for all malware. Specifically: the term Malware itself is not in the common dialect AFAICT. It might be an unfortunate assumption within this article that such common usage is limited to the common usage of [we] engineers, and it absolutely should not. - Thomas G. Marshall

I'm afraid this is a misuse of the term virus, which is a technical term with a precise and specific meaning. There are quite a few people who refer to the hard disk as the memory, and the screen as the computer, but it is utterly inappropriate for an encyclopedia to follow such uninformed people down the trail of incorrect usage! Similarly when discussing "real" disease causing agents, there are people who don't get the distinction between bacteria and viruses - yet we'd be rightly ridiculed if we followed suit. An encyclopedia cannot and should not cave in in the face of ignorance - whether from the public, or from trade journalists who really should know better! - Paul 12:02, 11 June 2007 (UTC)

Phishing

Does Phising fall under this?--Jondel 08:52, 31 Mar 2005 (UTC)

Phishing is a form of fraud. It does not involve getting any software installed upon the victim's computer, so it is not malware. --FOo 15:27, 31 Mar 2005 (UTC)

What about changing "URL injection" into "URL injectors", if it is meant to denote a piece of software and _not a method_? Or, "Injected URLs"?

I'd suggest this goes in a more general "computer security" or personal computing security or internet security article. Paul 15:37, 25 October 2005 (UTC)

It is considered a type of Malware. Phishing is used to provide a false sense of security and incise the user to leave sensitive information. For example in website phishing, Server side code is executed to "POST" back the data, and thus has a very malicious intent. Malware, Malicious Software or Malicious Code (malcode) all mean the same thing. Code is executed to "exploit" a weakness in the security chain, in our case its people. See "methodology that attacks a particular security vulnerability"

http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html [User:Spazz_rabbit|Spazz_rabbit] 20:27, 16 Jan 2012(UTC)

A client's browser uses POST to transmit the data, which is a standard command in the HTTP. The code residing on the server may be used with malicious intent, but the code itself is not malicious, and therefore cannot be classified as malicious code or malicious software. An attacker may use something as trivial as a crafty e-mail requesting a user to provide their credentials in a reply message. This would not be considered a malware attack, even though there is a significant amount of code involved behind sending and receiving e-mail.

A security vulnerability is not the same as the security chain, so exploiting a vulnerability is not akin to exploiting a weakness in the security chain. The argument above is flawed based on this mistake. Bottom Line: Phishing is not malware; Phishing is a form of fraud. — Preceding unsigned comment added by 199.198.251.106 (talk) 21:30, 16 January 2012 (UTC)

Directory Harvest Attacks

I've heard of Directory Harvest Attacks, but I'm not sure where they should go. Does it belong in Malware, or somewhere else? KellyCoinGuy 19:10, September 5, 2005 (UTC).

Types of malware: How spread and effect

The discussion on "types of malware" can be simplified by classing first between how the malware is spread (virus, worm, trojan, direct placement by someone with access to the hardware) and what is its effect (destruction of files, spyware, adware, key capturing, spam server and so on.) I propose such a classification. Opinions?

I don't think this is a bad idea, but it certainly wouldn't 'simplify' any discussion of malware. It would probably make it a more precise discussion, but not a simpler one.Tpstigers 02:17, 18 October 2005 (UTC)

I agree with the suggestion - and was about to make a similar one until I saw the comment above. Tpstigers is correct that this would make the discussion more precise. However, I suggest that structuring the article in such a way would also address a major area of confusion and unclear thinking, and make it easier for readers to understand how, for example, a Virus or Trojan Horse can also include Spyware.

My suggestion would be "delivery method" and "function", but there may be better ways of phrasing this. - Paul 15:48, 25 October 2005 (UTC)

Well, the categories of malware given here are based pretty much on the way people use the terms. (Though it would be worth noting that "virus" has pretty much come to include "worm" for most users.) Since the category of "malware" is defined based on the intention of the creator (malicious software) rather than on any technical detail of the software, it would seem reasonable to keep the "traditional" categories somehow.

agreed - the traditional categories and current information in the article should not be lost - Paul

The thing is, categories are only useful insofar as they express distinctions that are useful to speakers and readers. One can't simply define words once, ignore the changes of history, and then call people "wrong" for using the word "virus" to refer to a network-spreading infection. Word usages change: today, as far as I can tell, Windows technicians talk about viruses and network security people talk about worms. :)

(One problem is that the trade-rag press love to come up with new words to express trivial distinctions and pass them off as actual technical terms ... or, equivalently, to harp on minor historical distinctions in order to sound more precise. I don't give trade-rag neologisms any status; technical terms have to come from technical work, not from hype.) --FOo 05:23, 26 October 2005 (UTC)

I worry a bit about including some of the "sillier" definitions. It might be worth noting these with phrases like some sources use the term (or just removing them)?

Distinctions based on what it does are useful to the reader because they indicate how big or small a problem the software poses, and how important it is to protect against or treat outbreaks.

Distinctions based on how you catch it are useful to the reader because they indicate how to protect against the problem.

Placing the common terms in these contexts can only clarify the meaning to readers. If they don't understand the warnings, what hope have they got? Fortunately the terms are still widely, correctly and consistently understood by the technical community and many commentators (unlike, say, the term "hacker") so it is feasible, and the right thing, to document the distinct meanings clearly as possible. - Paul 02:27, 27 October 2005 (UTC)

URL Injection / Stealware

This claim seems odd:

Moreover the user is not allowed to edit the extension to remove the malicious codes. If an user is caught doing so, he may be liable for legal consequences.

Is it true? Source? - Paul 15:50, 27 October 2005 (UTC)

No, it's not true. It's a comment by zottmann. How would the user be caught? Oh, the new line of code that sends the amazon affiliate id back to the cow site? OK, again, the user per se will be caught how? Hence my comment in the post-vandalism restored section 'protect privacy.. must violate the license" - me 10:13, 19 December 2005 (PST)

Confusion regarding URL Injection/ Stealware???

I think there was some confusion regarding URL Injection. I remember this section from an earlier version. It seemed to be vaguely referring to what is known as a "browser hijacker" -- that is, a program that takes over a person's browser settings and redirects it to another web site. A browser hijacker can do *more* than just redirect to a page (it can also reset someone's home page and add bookmarks). However, the point is that A) I don't think that "stealware" is what this section was about initially. B) If it was, then it might really fall under the larger umbrella of "Browser Hijacking." Hfguide 14:01, 29 October 2005 (UTC)

What the original article described was not what is known as URL injection in the security community. What it did describe was what is commonly known as Stealware. Stealware and Browser Hijackers can overlap but aren't exactly the same thing. --RainR 08:25, 30 October 2005 (UTC)

Hi! In response to what you have said: I know that stealware and browser hijacking aren't exactly the same thing, which is why I qualified my remarks by saying that it *might* fall under the umbrella of browser hijacking, in case someone wanted to come along and give a definitive confirmation one way or the other. ;-)

At any rate, here is an excerpt from the earlier revision to explain why I thought there was some confusion involved:

"This software modifies the browser's behavior with respect to some- or all domains. It modifies the url submitted to the server to profit from a given affiliate scheme by the content provider of the given domain."

Therein lies the confusion. The definition above is so broad that it is really more a definition of "browser hijacking" than it is of "stealware" and could easily be intepreted as such. Stealware is definitely more specific than something that "modifies URLs" and "browser behavior". In fact, unless I'm not mistaken it refers to a type of theft that occurs in which commission that would have been earned by a web site through an affiliate scheme is stolen by someone else through the fradulent replacement of a cookie in the user's browser.

Because the original definition under this section sounded like the one for browser hijacking, I could only assume that the label of "URL Injection" was purely accidental and was supposed to be "Browser Hijacker" instead. (Either that, or the person who did this section really meant to write about URL Injection, but wrote a poor definition of it). Adding to the confusion was what appeared to be a glaring omission of "Browser Hijacking" from the table of contents, since it's one of the most prevalent types of malware around. Since the definition of "URL Hijacking" matched it perfectly, I only assumed that this section was about it, but that it was simply mislabeled.Hfguide 10:17, 30 October 2005 (UTC)

URL injection was no accident. It apptly describe's what Carlo's firefox extension does. It itself is not entirely malware, but only in part, hence the clarifing category, which incidentally is now an accepted use of the phrase hence my comment "(see: google results)". NOT giving the user the power to disable the affiliate code injection (hence URL injection) renders in it part malware. Its installation is not surreptitious but its revenue generating powers are. Contrary to claims by the extension author this power is NOT made clear to the average user: most users never dig into the about menu, and there's no on-install or post-install explanation of the affiliate injection notice which is not technically challenging as earlier versions of Text Zoom extension (different author) once did. Browser Hijacking is a completely different beast and "Better"Search is not of them. Nor is "Better"Seach really StealWare. Its whole intent is not theft, so it properly ought not be in that category. Again, this is why URL injection is the perfect category. It describes essentially the mal-nature of the firefox extension. URLwatcher02 10:26 19 December 2005 (PST)

Rootkit - control not needed

It is not necessary to "take control" of a machine to install a rootkit; by "take control" I mean have the machine do what you want it to do, even when it has been programmed to do something else - an Exploit (computer security). All that is needed is a suitable level of access, such as sufficient access to install software or mount removable media. Many consumer oriented general purpose machines - other than those running normal software such as Linux or Mac OS X run in this state all the time - all that is needed is physical access and normal use of the machine! In some cases merely operating a web browser or sending an email to a user on that machine.

The "Rootkit" section could be completely removed and replaced by a reference to the Rootkit page!

The "rootkit" has not been listed as "malware", but as a tool used in malware. And I don't think it should be removed. Several articles online have mentioned "rootkits" as a major component of malware.

Microsoft

Techworld

If you'd like to add a line or two to clear some ambiguity (that in itself, it isn't malware but can be used in malware), I think that would be great. However, I think that the malware section should remain. Hfguide 19:39, 8 November 2005 (UTC)

Actually, I am in broad agreement with you. My real beef is that this page ought not to define rootkit, [The page has: "A rootkit is software inserted onto a computer system after an attacker has gained control of the system", whereas it is at least arguable that defining characteristics of a rootkit are that it causes you own system to lie to you, and effectively parameterises the OS by changing how the OS behaves to various inputs; and not i) that it was inserted, or ii) that an attacker installed it, or iii) that an attacker had control of the system. More importantly, these points belong on the rootkit page not not the malware page], but refer to the Rootkit page for that definition and for fuller (and possibly more accurate) information. Also I suspect there was a thinko, you probably had in your mind: The 'Rootkit' section on the malware page should remain.

Having said that, I would argue that statements such as

• "A rootkit is commonly deployed during a successful infection with malware in order to conceal the latter", or
• "The presence of an unsuspected rootkit is consistent with, and always strongly suggestive, of malware", or the slightly stronger:
• "An unauthorised rootkit is pathognonomic of malware"

belong on the rootkit page as these are characteristcs of rootkits rather than malware in general - though the first perhaps does belong here as a true and concise example of the relationship between malware and a rootkit (malware wastes your resources and may compromise your privacy, a rootkit lies to you). Finally, I am not confident that I could render the phrase "can be used in malware" into brief and accurate English, though I think that its meaning is identical to my expression: " ... in order to conceal [the presence of malware]"

I am new to wikipedia. I would have thought that adding even a few lines should not be done without considering that this may mean 'bloating' the page and actually removing duplicate (or low value) material would be better.

If I were new to Malware, I would like to read that that it is an aggregate category (a bit like 'Intellectual Property') with no definable meaning, I would like to know what kinds of software or code can be classified as Malware: Worms, Viruses, BHOs, Dialers ...; and that malware is only found in commerical software, and for that matter where there is a monopoly position in the provision of core code. Actual details of Computer_worms, Computer_viruses et cetera belong on their own pages, and perhaps some very, very simple simple information on avoiding and detecting the presence of malware

Thank you for taking the trouble to respond. --Ben.the.mole 22:11, 8 November 2005 (UTC)

Spyware - Malware?

According to the Common Malware Enumeration (CME) spyware and adware cannot be considered malware due to their non-destructive nature. Have a look here (A3. What is "malware"?) http://cme.mitre.org/about/faqs.html . Do you guys think spyware should be included in this article? Viruswitch 01:03, 15 January 2006 (UTC)

-Spyware destroys privacy.

I dont disagree. Non-destructive was referring to hardware-software. Although one could claim spyware modifies the operating system as it istalls itself in it. Still, on strickt theoretical terms, is spyware malware? There must be a global academical defition for it. Isnt the CME an authority on this? If not, who is then? Viruswitch 16:01, 17 January 2006 (UTC)

PJTraill 10:46, 17 April 2006 (UTC) They are malware – anything intended to make a system behave contrary to its owners rightful expectations should be considered malware. That leaves the open question what one has a right to expect from ones system (DRM?), but using my system to pester or snoop on me is clearly out. As to CME, "CME defines malware as ..." doesn't mean we have to accept it, rather indicates there may be other opinions. I would go so far as to suggest this definition as preferrable to "software designed to infiltrate or damage a computer system, without the owner's consent".

ALL ware is f***ing evil and destructive.

-H —Preceding unsigned comment added by 134.117.158.83 (talk) 10:07, 21 January 2008 (UTC)

Bad site

I know this website that I would like to warn people about, how would I do that? WWW.CRACKZ.WS is a hacker front for malware DON'T GO THERE!!! Instead go here http://forums.spywareinfo.com/lofiversion/index.php/t61280.html, how would I warn on wikipedia or the public about this site? Pseudoanonymous 04:36, 17 February 2006 (UTC)

Keep in mind What Wikipedia is not, specifically "Wikipedia is not a soapbox" and "Wikipedia does not give advice". If you have a reputable source for the information, you might write something like "Malware can be caught in downloads from websites, for example, according to source, the site name of site has downloads that ... more details." --RainR 09:44, 17 February 2006 (UTC)

A script kiddie site. Is it any wonder that actual coders put malware into the files to infect the script kiddies who cant make/compile their own files? 68.49.72.210 04:44, 24 July 2006 (UTC)

A correction regarding virus detection

The page originally stated:

Cohen's faculty advisor, Leonard Adleman (the A in RSA) presented a rigorous proof that algorithmically detecting the presence of a virus in the general case is Turing undecidable [Ad88].

This is easy to read in a way that suggests that one cannot construct software that is recognizably free of viruses. If by a virus, we mean code that can access unintended machine resources, this is clearly false. Code implemented on top of a virtual machine whose operations access only limited resources can itself access only limited resources. I changed this to a slightly more awkward, but substantially more clear form:

Cohen's faculty advisor, Leonard Adleman (the A in RSA) presented a rigorous proof that, in the general case, algorithmically determining whether a virus is or is not present is Turing undecidable [Ad88].

I also added:

This problem must not be mistaken for that of determining, within a broad class of programs, that a virus is not present; this problem differs in that it does not require the ability to recognize all viruses.

I think that this addition is important, because this mistake has, in fact, often been made, and as a consequence has discouraged work that could help to reduce the virus problem in the real world. Harold f 07:25, 23 May 2006 (UTC)

PJTraill 18:53, 29 July 2006 (UTC) But how did they formally define a virus? And how did they define the execution environment? As a Turing machine? I should have thought a real-life TM-virus would be one that corrupted the look-up table, which is only possible in a flaky TM implementation. Since it essential to malware that is disregards the user‘s wishes, I doubt it can be adequately formalised to distinguish malware from a bona-fide patch-tool for executables. And does this discussion not belong in virus (computing), rather than in malware?

Etymology

There seems to have been at some point a bit of an etymology war going on in the opening paragraph. I wrote it to reflect both points of view (to really settle this, someone ought to track down the first known use of the term, and figure it out from there, a la OED--though if we don't, I'm sure they'll get around to it eventually, stuffy old coots though they are). I also removed the French language segue for offenses against punctuation and necessity. I think most English readers are probably aware of the meaning of the prefix mal- and can click on the link if they're not. Also, French is a fairly arbitrary choice; the prefix is common to all Romance languages, and standard practice is to go back to the Latin. Durito 22:53, 16 August 2006 (UTC)

Can you cite any source for the prefix mal- being relevant? "Malicious software" is pretty widely accepted as the origin. See, e.g. define:malware on Google. --FOo 04:50, 17 August 2006 (UTC)

POV

This article has a few POV problems. Words like "unfortunately" do not belong in an encyclopedia article. There are also citations needed for some claims in this article that seem pretty far fetched. 68.43.121.42 04:00, 21 August 2006 (UTC)

The whole "Fighting Malware" section needs citations from reputable sources and needs to be rewritten to present only facts. Wikipedia is not an instructional guide, and encyclopedia article doesn't tell users what they "should" or "should not" do. 68.43.121.42 19:59, 21 August 2006 (UTC)

Well, 'Mr Anonymous', it's even more POV to delete the entire section when the deleter has an economic conflict of interest. In fact, I think it's considered vandalism. CFLeon 07:26, 28 August 2006 (UTC)

I used the talk page to explain why the article needs to be fixed, and received no response/objections. Several days later, another editor removed the offending section and cited the Wikipedia policy that tells us the article shouldn't contain how-to guides or tutorials. Instead of making accusations and reverting, you should try explaining why an article that violates WP:NOT should be allowed to remain. The section is being removed because it is a a how to guide with phrases telling readers "Do not" do this and "Avoid" doing this. Feel free to request mediation if you don't understand.

68.43.121.42 13:10, 28 August 2006 (UTC)

badware, malware called "virus" by most normal users

Nagle, "badware" is not only not in any standard dictionary but also not in any of the slang or the many computer dictionaries normally listed at www.onelook.com. (Compare http://www.onelook.com/?loc=bm3&w=virus ) In fact, the only reference found by Onelook is Wikipedia. That means it's an extremely rare word, which is confirmed by the search http://www.google.com/search?as_q=%22badware%22&num=10&as_epq=&as_oq=dictionary+glossary+words+terms+lexicon&as_eq=&lr=lang_en&as_occt=any&as_dt=i&as_sitesearch=&safe=off

which produces only very few glossary results that can (almost) be taken seriously such as the following:

• http://www.urbandictionary.com/define.php?term=Badware
• http://download.stopzilla.com/docs/zillabar/webhelp/About_Spyware.htm
• http://www.internetsecurityzone.com/ver~text/Glossary/Badware

This seems to indicate that "badware" is at most jargon and only of a very small group of people. The only serious use of the word i could find was at http://www.technewsworld.com/story/48490.html and http://www.pcworld.com/article/id,126928-c,aol/article.html which seems to indicate that it's a very new word, perhaps even originally the name of the website mentioned in both articles http://www.stopbadware.org

Especially in light of this situation, i find it quite amusing that you added this very rare word while removing the information that most normal computer users never use the word "malware" and instead use "virus" as the generic term. This change was especially uncalled for because you say my edit was "uncited". A quick look in some general dictionaries would have shown you that it's unnecessary to provide a source. This is especially true since i'm describing a situation that anyone who is in contact with normal people knows to be true. In fact, although some dictionaries do give the "geeky" i.e. professionally correct description of "computer virus", these are actually prescriptionist and therefore incorrect according to the guidelines of these same dictionaries. You seem to be a computer professional with very little contact with normal users, otherwise you'd know what more than about 90% of all computer users call "malware".

Your edit was also not good because your use of "hostile code" means nothing to most Wikipedia users. It should at the very least be "programming code" or "computer code". That is why i changed your edit

Malware is a generic term covering a variety of forms of hostile code. The term "badware" is a synonym for "malware".

of my version

However, many normal computer users are still unfamiliar with the term, and most never use it. Instead, "virus" is more commonly used in common parlance to describe all kinds of malware.

to

Malware is a general term used by computer professionals to mean a variety of forms of hostile computer code. Another term used for this is "badware", but this new term was apparently coined to mean any "software that fundamentally disregards a user's choice over how his or her computer will be used." (http://www.stopbadware.org/home/faq) In that sense, "badware" is a more general term that encompasses "malware", which then means only malicious software. In addition, many normal computer users are still unfamiliar with the term, and most never use it. Instead, "virus" is more commonly used in common parlance to describe all kinds of malware.

http://www.askoxford.com/concise_oed/virus?view=uk a piece of code surreptitiously introduced into a system in order to corrupt it or destroy data.

http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=virus 4 : a computer program that is usually hidden within another seemingly innocuous program and that produces copies of itself and inserts them into other programs and usually performs a malicious action (as destroying data)

http://en.wiktionary.org/wiki/virus

1. A computer virus; often mistakenly used where malware would be the correct word.

http://www.bartleby.com/61/97/C0539700.html A computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. It may be benign or have a negative effect, such as causing a program to operate incorrectly or corrupting a computer's memory.

And last but not least, Computer virus.

--Espoo 23:21, 24 September 2006 (UTC)

The term "badware" is a deliberate neologism coined by the StopBadware.org people. It is intended to raise users' awareness of potentially harmful software.

It is not technical jargon, as it doesn't have any precise or specific meaning to people in the trade. Security professionals do not discuss problems in terms of "badware". And, of course, authors of the programs themselves do not call them "badware". (In contrast consider the term "computer virus". Both security professionals and authors of viruses, as well as the mainstream press, use the term "virus".)

"Badware" has no more currency as a technical term than does "poopware" or "craptacularware" or "dorkusware". It's just a marketing term for a particular public-awareness campaign. --FOo 05:58, 25 September 2006 (UTC)

OK - that was 2006, and it's now well into 2008. A quick google shows almost only people using the term "badware" are StopBadware (quoted in a couple of articles), one blog, and Wikipedia. As Fubar pointed out in 2006, it wasn't a widely used term then, and it isn't now. It's inappropriate for an encyclopedia, and its time has come. I'm removing it from the article. Say no to poopware, and have a good St Patrick's day! - Paul (talk) 17:46, 17 March 2008 (UTC)

A Different Type

There is one thing that we could add to this page that isn't discussed at all. What about software that doesn't try to intentionally harm your computer, but the programmers weren't exactly the best in the business and so their uninstall fails. It ends up leaving parts of the program in your computer and unless you get some specific but risky software to edit the registry, you can't get it off your computer ever. This has happened to me a few times with software demos that came with magazines. 216.191.40.149 18:58, 17 October 2006 (UTC)

What about Wikipedia's recent malware attack? Its on Google News that some hackers hacked Wikipedia. --66.218.11.146 07:33, 5 November 2006 (UTC)

Software distribution box

I changed the distribution box into an HTML comment, because malwaare is a type of software, not a liscence/distribution type. --ÆAUSSIEevilÆ 19:34, 29 November 2006 (UTC)

TopTenREVIEWS

I suggest we delete all links in WP to TopTenREVIEWS (once accidentally or purposely misname Anti-spyware-review.com) on the basis of http://www.castlecops.com/a5466-Don%e2%80%99t_Always_Believe_What_You_Read.html In fact, we should probably even write an article on TopTenREVIEWS. Their 2007 firewall software report even includes a "review" of Sygate, which has been discontinued... --Espoo 22:06, 15 December 2006 (UTC)

DRM?

Why is DRM included in the links? While many don't like DRM, it is entirely "passive" (it prevents you from being doing something) in contrast to malware which is generally "Active". —The preceding unsigned comment was added by 72.53.43.209 (talk) 06:35, 9 March 2007 (UTC).

I only see it mentioned under "See also", along with Firewall, also passive. --CliffC 20:04, 9 March 2007 (UTC)

the distinction being that a Firewall can be used to detect malware or prevent malware sending information, or infecting your computer. Arguably DRM can only be loosly associated with malware (by some drm schemes that use rootkits and such) but by the same logic, one must also link malware with fancy cursors and smilies etc.--81.198.151.187 11:52, 3 October 2007 (UTC)

Pain?

Computers are so defective these days, i just think that malware programs should be free, i think you buy a computer and get malware, but you buy a console and do not. Why pay for something that doesnt work. Do i pay for xbox 360 updates? -no — Preceding unsigned comment added by 69.255.42.105 (talk) 19:10, 18 November 2011 (UTC)

merge from grayware?

I know the two terms are used in slightly different ways but still, I think it would make sense to have a single article as there is a very important overlap in the two notions. Pascal.Tesson 18:47, 15 March 2007 (UTC)

I don't think so; grayware is defined as "annoying or undesirable", while malware is just plain evil. Malware deserves its own article, just as its authors deserve their own special place in hell. --CliffC 14:34, 16 March 2007 (UTC)

I do think so. The Grayware article needs deletion or serious work - it currently includes several types of malware (spyware, rogue diallers, and remote access "back doors"), and some unrelated categories (spyware and "joke" programs). I'm not sure there is much need for an article about a term that practically nobody uses, that seems to include only spyware and practical jokes. But you're right about the malware authors' place in hell! - Paul 23:45, 9 June 2007 (UTC)

I'm up for "serious work", if anyone would care enough to help just a bit. Perhaps a merger or a redirect to Foistware? Zeratul ^{En Taro Adun!}_{So be it.} 16:04, 9 July 2007 (UTC)

I agree with Pascal; I don't think the definition of Malware is that strict. There are certainly types of malware which are worse than others (and whose creators are 9th-ring-bound) but I have always heard the term malware used broadly to encompass those things classified as grayware in the seperate article, such as spyware and adware. The term grayware might be worth a mention in this article, although I have worked on malware issues a lot and never heard it before. -Lciaccio (talk) 08:49, 6 January 2008 (UTC)

Trend Micro considers some spyware/grayware/adware to not be malware: "ADW_BONZIBUDDY.C". Trend Micro. 2004-06-08. Retrieved 2007-07-14. -- Jeandré, 2007-07-14t08:53z

I've notice the Trend Micro differentiation as well, but the G/W page does encompass a broader range of definitions than is warranted. It seems to me that Grayware could have a simple definition and a couple examples and then a 'See Mallware/Adware/'etc. series of links for other similar/related/despised applications or installations. 20:13, 6 August 2007 (UTC)

Grayware seems like a bogus term to begin with, an attempt to classify commercially-produced and "joke" malware as something "less bad" than malware --FOo 04:56, 7 August 2007 (UTC)

Agreed. The section might be deleted, providing only a definition and citations--- What might be preferable is a longer definition explaining how greyware differs from malware--- Isn't it just another name for malware??? Perhaps a game or chat program that is extremely insecure, yet provides some use/entertainment for a user??? Maybe someone can provide such an explanation. I can't Cuvtixo (talk) 20:14, 24 April 2008 (UTC)

I added a 2-paragraph section about grayware. Feel free to mention that the term is questionable. This was requested from the feedback page, I support this request. Jesus Presley (talk) 19:59, 27 November 2012 (UTC)

Visualisations of Malware

Thought this was interesting. I don't edit Wikipedia, but if someone else find this interesting enough to add to this page, go nuts. 211.28.215.95 (talk) 06:41, 15 March 2008 (UTC)

Bundestrojanerwarnung 30.04.2008 Kein Prozessor funktioniert ohne Strom und Spannung (Staatsabwehr Bundestag:Batteriebetrieb?)

"Auch bei der Datenübertragung über das Stromnetz könnten Störungen auftreten."

• http://www.manager-magazin.de/it/technikimtest/0,2828,550448,00.html —Preceding unsigned comment added by 193.40.193.11 (talk) 07:43, 30 April 2008 (UTC)

Data stealing malware merger

• Merger Approved and applied this date* Sephiroth storm (talk) 18:13, 9 November 2008 (UTC)

I'm proposing a merger of the new data stealing malware article with the Malware article to eliminate redundancy and forking.—Largo Plazo (talk) 20:16, 24 October 2008 (UTC)

• Support Jclemens (talk) 20:53, 24 October 2008 (UTC)
• Support Sephiroth storm (talk) 03:07, 26 October 2008 (UTC)

merger?

I think the greyware part should be merged with the Nagware page

do You think so?

24.185.213.227 (talk) 18:24, 16 April 2009 (UTC)

I'll get back to you on that. Sephiroth storm (talk) 22:16, 16 April 2009 (UTC)

"damage"

"Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner's informed consent."

I am removing the term "damage." Malware is typically -not- designed to damage a computer system. That is illogical. "Damage" implies rendering a computer physically unusable. A criminal cannot make money by causing a computer to stop working. As such, it is not a typical characteristic and I am removing that word. Screen317 (talk) 06:19, 12 August 2009 (UTC)

I'm going to edit this back in. I disagree. Damage is basically injury, which is defined as "Injury or bodily injury is damage or harm caused to the structure or function of the body caused by an outside agent or force". Many types of malware cause damage, whether intentional or not, the deletion, modification of files can be considered damage. See US court cases when hackers have been convicted of causing a company damage when installing software, or performing other activities. Remember also, that is currently common for the definition of malware to include the word damage. In addition, even the slowing down of a user's computer is seen as damage to the user, in this way, adware is considered to cause damage. This can lead to a DoS condition, which is certainly damaging to a persons time and resources, and could cause long term damage to a computer system. Defining it as software that is "designed to infiltrate a computer system without the owner's informed consent." is a definition of a specific type of malware. Malware can indeed be designed to cause destruction of data, and may not always be designed to infiltrate a users computer without consent. I can download a virus to my computer deliberatly. It has not infiltrated without consent, but it will certainly cause damage. Sephiroth storm (talk) 20:36, 1 November 2009 (UTC)

I'm sorry, but I disagree. Your definition of "damage" applies to humans and other living entities only.

You say "Many types of malware cause damage, whether intentional or not, the deletion, modification of files can be considered damage" and that is only partially correct. That is not a typical characteristic of malware and only occurs in certain cases. Malware is not defined by its ability to delete or modify files. This is an encyclopedia and specific cases should be given a section of their own, and should NOT be applied to the broad definition.

You say "See US court cases when hackers have been convicted of causing a company damage when installing software" which is correct, but notice what you actually say: "causing a COMPANY damage..." This is NOT an article about companies but rather about computers.

You say "Remember also, that is currently common for the definition of malware to include the word damage." What is that based off of, besides the erroneous Wikipedia definition??

You say "In addition, even the slowing down of a user's computer is seen as damage to the user, in this way, adware is considered to cause damage." First of all, adware doesn't deliberately "slow down" a computer-- it deliberately pops up advertisements. Since "slowing down of a user's computer" happens ON ITS OWN (without proper maintenance), it cannot be attributed as a typical characteristic of malware.

You say "Defining it as software that is "designed to infiltrate a computer system without the owner's informed consent." is a definition of a specific type of malware." No it isn't. ALL malware infiltrates without the owner's informed consent. NOT all malware damages computers. That is where the bottom line lies, and THAT is how the definition needs to be stated.

You say "I can download a virus to my computer deliberatly." Besides the spelling error, "infiltrating a computer system" does NOT mean downloading it to your Desktop. A "virus" is only malicious when it is executed.

As such, I am returning the definition to not include the word damage. Please discuss it further here BEFORE changing it back.Screen317 (talk) 00:10, 24 December 2009 (UTC)

The refernces are against you here. Several websites, and i'm sure hundreds of books do mention damage in their definitions of malware. At wikipedia, we cannot insure that our definitions are correct 100% of the time, especially in the comsec world where threats change in a matter of minutes. deliberate intent is basicly wothless in determining whether code is malicious in nature. If I include a EULA with my copy of trojan.downloader whatever that states, "this will insert a backdoor into your computer, and by installing this proram you give me permission to use that access as I see fit", and you make a decision to install anyway, or don't read the EULA, this is still malware, that was installed with by definition, "informed consent". A system administraor can also install keyloggers to monitor employees actions, the police do install them to catch criminals. Though they are installed with informed consent they are still malicious in nature. As for my references, see [1], [2], CompTIA Security+ Study Guide ISBN: 978-1-59749-426-7, ect. The truth of the matter is, we don't have one concrete definition for malware. Even if we had a legal definition, it would not be the only one. As wikipedia editors, we cannot decide what is true, or right, we can only include relevant information, and include references to allow the user to make up their own mind. I have another definition here that states that malware is: "any element of software that performs an unwanted or undesired function from the perspective of the legitimate user or owner of a computer system." Personally, I prefer this definition. But, its not referenced in the article. Your reasoning for removing the word isn't in line with our policies, and is based in possibilities. "A criminal cannot make money by causing a computer to stop working." making money is the porpoise of many malware writers these days, but not all. There are individuals who will write code simply to cause damage to a user's computer, it doesn't have to be physical, as long as they accomplish there goal, they are happy. We can't edit the definition to just include a majority. Sephiroth storm (talk) 01:24, 24 December 2009 (UTC)

Another reference. Doesn't include the word damage, but rather another definition. [3] Sephiroth storm (talk) 01:26, 24 December 2009 (UTC)

I appreciate you coming and replying, and I thank you for stating your case in a clear manner. Maybe the issue is that the place we started wasn't the best. I do like the definition from the source you quoted: "Short for malicious software. Programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior." It contains the "abusive behavior" that you call damage, and it includes the more broad terminology that I am looking for. I think this is an excellent compromise. We use that for the definition and cite the source. How does that sound?Screen317 (talk) 07:35, 24 December 2009 (UTC)

Sounds great. Would you like to do the honors? Sephiroth storm (talk) 07:23, 25 December 2009 (UTC)

Not sure how to put references on Wiki, sorry. Would you mind doing it?Screen317 (talk) 02:35, 5 January 2010 (UTC)

Windows platform more prone to malware

The article misses to stress the very important point that pretty much all malware runs on Windows, and that other alternatives, especially Linux, are pretty much malware-free. Yes, it is "implied" by the article, but not said in clear, layman terms. As such the article is poor in terms of quality-of-information. What is the sue of it being precise, when it is hard to understand? when its information is, because of being obscure, mostly useless? yamaplos 21:15, 9 March 2010 (UTC) —Preceding unsigned comment added by Yamaplos (talk • contribs)

Please read WP:NPOVJasper Deng (talk) 01:47, 20 January 2011 (UTC)

"99.4 percent of all new malware of the first half of this year [2010] was written for Microsoft’s operating system" (Windows malware dwarfs other viral threats – I think that The Register is a reliable secondary sourse so this fact can be included in the article itself.) --Лъчезар☭共产主义万岁★ 08:01, 7 April 2012 (UTC)

Rootkit - Not malware

Arguably a rootkit is not necessarily malware; An employer might install a rootkit to undetectably monitor, say network accesses or even keystrokes, without that monitoring being ever disabled or subverted. A publisher with pre-release content might deploy a rootkit on clearly labelled "Not for distribution" plastic (perhaps) optical disks that 'root' machines into which they are inserted, to disable standard optical hardware - turning a general purpose machine (probably on the premises of the publisher) into a playback-only one. People handling pre-release content would understand this and know not to put such contaminated disks into normal machines (or face the consequences). It like a customised OS without needing to recompile the kernel or have access to its source.

The "Rootkit" section could be completely removed and replaced by a reference to the Rootkit page!

— Preceding unsigned comment added by 62.190.123.102 (talk) 17:09, 8 November 2005‎ (UTC)

Should have a "prevention" section near the top

The article should include a section on what can be done to prevent infection with malware. One of the most basic methods is to stop logging on as "administrator" all the time. Under versions of Windows prior to Vista, it was normal for a home user to use an account with full administrator rights all the time. Vista and Windows 7 now use UAC to prevent background installs of software, but even Win 2000 / Win XP users can benefit from creating a separate low-privilege "User" account and using that all the time, and only using a higher-privileged administrative account in those rare situations where programs need to be installed or removed.

The same applies to other operating systems, though both OSX, linux, and other unix variants seem to have this fairly well sorted out: don't logon as administrator all the time.

DMahalko (talk) 01:50, 19 December 2011 (UTC)

I was thinking the exact same thing - when someone searches for Malware, one of the first things that should be near the top of the article is how to effectively protect computers and user information. I think this should be done from a high-level perspective in keeping with an encyclopedic entry that doesn't get into any more technical detail than necessary. Hopefully in so doing it will be useful to audiences who have little or no prior knowledge about malware or computer security. PatrickCarbone (talk) 17:41, 9 March 2012 (UTC)

New sections contemplated for removal and cleanup

I would like to add the following, but need to find cites first. So, temporary save here for now.

Removal and clean-up

Removing malware from within a running and compromised system can be extremely difficult, to impossible. Malware programmers know that people will attempt to remove the software so they take steps to make removal as hard as possible.

• A common tactic is for the software to disable removal tools, or disable the self-update capabilities of those tools.
• The software can also run several processes concurrently so that if one is killed the others can continue to run and start new processes.
• New scheduled tasks may be added to the system task scheduler, to attempt to periodically redownload the software again at a later time.
• The payload can be extremely small, through the use of executable packers, allowing for quick re-downloading in the event of removal.
• Process and service names used to run the malware or to combat removal can be made to appear to be legitimate, generic, or innocuous.
• The system may be modified so it is not removed by "system restore" or "safe mode" operating system features.
• The system may be modified so that any attempt to run other programs will always restart the malware if it has been killed.

Offline Removal

In many cases the surest and most effective way to scan for and remove malware and viruses is to not run the infected system at all, so that the malware is unable to actively combat the removal process. There are generally two ways to do this:

• Using the infected computer, use a separate storage media to boot the infected computer using a different operating system. Options include using an external hard drive, flash USB memory, CDROM, and PXE network booting.

• Using a different computer, either disconnect or remove the infected hard drive and connect it to the other computer. The connection can be accomplished by connecting the infected drive directly to the system motherboard or using USB to IDE/SATA external adapters made for this purpose. Care must be taken to avoid booting the infected drive, as it could infect the machine that is intended to be used for cleaning.

Cleanup following infection

Often it is not simply a matter of removing the known malware files. While running on the system, the malware may have changed a wide range of system configuration settings that will continue to cause malfunctions, may have broken any installed security software, and may both leave the system less secure than it was before, as well as leaving behind seed code intended to attempt to trigger a re-infection again using the Internet, at a later time.

In many cases the only way to find out what specific damage malware does is for the software to be run in a controlled environment such as a virtual machine, or in a regular system with disk snapshotting enabled, and then monitoring what changes it makes to the system. This information is then used to create a repair script that is used by anti-malware software to restore an infected system's configuration to its pre-infection state.

DMahalko (talk) 06:34, 21 December 2011 (UTC)

This article should be considered for clean-up, merging, or break-down

This article has a lot of good content - quite a bit actually! There is so much it seems like it could really benefit from being broken into sub-pages for History of malware, or Academic research, or other sections that are almost an article in length in their own right. Maybe there could be a paragraph or two that is then continued with additional info on another page? Right now it just seems to me that the page is a little hard to navigate and might be daunting for a reader who is not familiar with the topics discussed in the Malware article. PatrickCarbone (talk) 17:51, 9 March 2012 (UTC)

Something

Well, at the bottom of the article it shows a HTML element. What if a hijacker was looking for a quicker way to hijack and they looked there?

98.28.183.68 (talk) 02:40, 20 June 2012 (UTC)

Concretisation

This article presents the usual terms, "Trojan horses", "viruses", "worms"! Certainly useful! But would it be possible to make it more concrete/technical! Or if this is out-of-scope for an encyclopaedic article, a reference to such a more technical/detailed article of high quality.

How and when is the execution of the "malware" started? By a modified boot-sector starting "malware" instead of the operating system. By the modification of the list of "services/daemons" the operating system starts. For Windows, possibly an entry in "Autoexec"?

At least for one special example! One gets the impression that in this field it is more about the authors copying each other than to come with hard facts! In other words, the rumours are flourishing! To the benefit of firms providing security software! Searching with Google one finds a lot of adverts for such software but not much useful information!

Stamcose (talk) 14:29, 9 January 2013 (UTC) Logically, it should be two stages

-The malicious code is written to the victim's disc

-Some configuration files are modified in such a way that the operting system automatically transfers the control to the malicious software after power-up

Explain for at least one example!

Stamcose (talk) 10:38, 10 January 2013 (UTC)

• This Malware article and the Computer virus article have been reorganized and rewritten so as to be more useful. LittleBen (talk) 13:22, 12 January 2013 (UTC)

grayware/PUPs

Imho it should be noted, that most anti-malware programs do not only consider software possibly unwanted by the user as PUPs, but also software unwanted by content owners (e.g. filesharing-prograes, Keygens and software like AnyDVD or CloneCD). --MrBurns (talk) 01:16, 19 January 2013 (UTC)

GA failed

This article is not ready for GA as a number of sections are entirely unreferenced. A GA reviewer might also consider the article to be lacking in illustrations which should be provided "if possible" — surely true here. It is also advisable for a nominator new to an article to consult with editors who have been working on the article, if not to participate in editing and improving it until it is clear that it is ready to submit. The text appears reasonably stable and not excessively point-of-view so once citations have been supplied and checked the article should be well worth re-submitting for GA review. Chiswick Chap (talk) 13:35, 22 March 2013 (UTC)

Adobe Flash

Why Adobe Flash is not on the spyware list? — Preceding unsigned comment added by 70.197.196.122 (talk) 02:16, 13 December 2014 (UTC)

Known good

I deleted the section about "Known good", as it appeared to be very tangential to the main flow of the section, and when I looked into which editor added it, I strongly believe that editor has an affiliation with Nexor, and so the content could be construed as there only for self-promotion purposes. - CoLocate (talk) 19:04, 22 May 2015 (UTC)

Hardware

No mention in the article of any hardware-based malware - USB micro-code, BIOS, routers etc. 122.106.249.198 (talk) 09:54, 15 July 2015 (UTC)

first sentence

the source cited (techterms.com) does not actually say what that first sentence does. it's related, but it doesn't appear to be a good source for the text as it appears here.Colbey84 (talk) 21:18, 30 January 2016 (UTC)

Mal = Malicious or Mal = Bad?

I was under the impression that the "mal" in malware was merely from the Latin for "bad." Lots of malware isn't necessarily malicious (it might just be poorly written and insecure, opening up security holes on computers running it), but it is all bad. Should we change this? I see that the term "badware" is referenced. I have never heard someone say badware in my life, and in my experience, most people say malware for software which is unintentionally bad.

35.2.151.60 (talk) 18:47, 4 March 2016 (UTC)

Do you have a source that supports the idea that the mal in malware is Latin, as opposed to the word malicious? All the sources I'm able to find suggest it is short for malicious, rather than the Latin root mal. - Aoidh (talk) 18:54, 4 March 2016 (UTC)

Interesting question. I'd never thought about this before, but your way certainly makes more sense to me. I want this to be true, but I have no idea. As Aoidh says, it's pretty much up to whatever the sources have to say about it. --Bongwarrior (talk) 19:08, 4 March 2016 (UTC)

...and where do you think the root prefix "mal" in the world "malicious" comes from? (Related: Online Etymology Dictionary malicious and mal-) Charlesreid1 (talk) 08:06, 24 June 2016 (UTC)

External links modified

Hello fellow Wikipedians,

I have just modified 3 external links on Malware. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20120621103611/http://www.microsoft.com/security/pc-security/malware-removal.aspx to http://www.microsoft.com/security/pc-security/malware-removal.aspx
• Added archive https://web.archive.org/web/20120622074348/http://www.microsoft.com/en-us/download/details.aspx?id=17 to http://www.microsoft.com/en-us/download/details.aspx?id=17
• Added archive https://web.archive.org/web/20140715193841/http://www.spywareloop.com/news/grayware to http://www.spywareloop.com/news/grayware

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 10:47, 31 May 2017 (UTC)

Proposed Solution to Merging PE Infection Page

I suggest merging the PE infection page into the Viruses subheading under Concealment. The section would then read:

• A computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs or files, and that usually performs a malicious action (such as destroying data).^[1] An example of this is a PE infection, a technique, usually used to spread malware, that inserts extra data or executable code into PE files.^[2]

An alternative to this would be to include it into the header section under Concealment, making it read as follows:

• The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any specific types of behavior. The term computer virus is used for a program that embeds itself in some other executable software (including the operating system itself) on the target system without the user's consent and when that is run causes the virus to spread to other executables. An example of this is a PE infection, a technique, usually used to spread malware, that inserts extra data or executable code into PE files. It can be done by adding a new section to the PE file, or by expanding the last section of the PE file.^[2] On the other hand, a worm is a stand-alone malware program that actively transmits itself over a network to infect other computers. These definitions lead to the observation that a virus requires the user to run an infected program or operating system for the virus to spread, whereas a worm spreads itself.^[3]

^Above proposed 19OCT17. I made the changes outlined in the first paragraph on 21OCT17. --Baumergrl (talk) 17:17, 21 October 2017 (UTC)

References

1. "What are viruses, worms, and Trojan horses?". Indiana University. The Trustees of Indiana University. Retrieved 23 February 2015.
2. Peter Szor (3 February 2005). The Art of Computer Virus Research and Defense. Pearson Education. p. 204. ISBN 978-0-672-33390-3.
3. "computer virus – Encyclopædia Britannica". Britannica.com. Retrieved 28 April 2013.

Lock-screens

Added some facts and links about this type of ransomware for Android devices. Plus added some info about the new version of RAT trojan for Mac. Catwilmore (talk) 11:35, 19 October 2017 (UTC)

Evasion points

"The most common evasion technique is when the malware evades analysis and detection by fingerprinting the environment when executed." I have not read the book linked, but fingerprinting would be a good way to detect the malware, NOT a good way for the malware to avoid detection. This bullet point does not seem to make sense. It should either be removed, or, if someone understands how it makes sense, then it should be edited for clarity. — Preceding unsigned comment added by 202.83.241.189 (talk) 03:09, 2 March 2018 (UTC)