Malware, short for malicious software, is software designed to infiltrate a computer without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.[1] The term “computer virus” is sometimes used as a catch-all phrase to include all types of malware, including true viruses.

Malware is not the same as defective software, that is, software which has a legitimate purpose but contains harmful bugs.

Data-stealing malware

Data-stealing malware is a web threat that divests victims of personal and proprietary information with the intent of monetizing stolen data through direct use or underground distribution. Content security threats that fall under this umbrella include keyloggers, screen scrapers, spyware, adware, backdoors, and bots. The term does not refer to activities such as spam, phishing, DNS poisoning, SEO abuse, etc. However, when these threats result in file download or direct installation, as most hybrid attacks do, files that act as agents to proxy information will fall into the data-stealing malware category.

Characteristics of data-stealing malware

Does not leave traces of the event

* The malware is typically stored in a cache which is routinely flushed
* The malware may be installed via a drive-by-download process
* The website hosting the malware as well as the malware is generally temporary or rogue

Frequently changes and extends its functions

* It is difficult for antivirus software to detect final payload attributes due to the combinations of malware components
* The malware uses multiple file encryption levels

Thwarts Intrusion Detection Systems (IDS) after successful installation

* There are no perceivable network anomalies
* The malware hides in web traffic
* The malware is stealthier in terms of traffic and resource use

Thwarts disk encryption

* Data is stolen during decryption and display
* The malware can record keystrokes, passwords, and screenshots

Thwarts Data Loss Prevention (DLP)

* Leakage protection hinges on metadata tagging, not everything is tagged
* Miscreants can use encryption to port data