Skip to main content

The Ontology of Malwares

  • Chapter
  • First Online:
Practical Information Security

Abstract

Absolute security is almost impossible. On a daily basis the security of many systems is compromised. Attackers utilize different techniques to threaten systems’ security. Among different threats to systems’ security, malware poses the highest risk as well as the highest negative impact. Malware can cause financial losses as well as other hidden cost. For example, if a company system has been compromised, the company could suffer negatively on the reputation and trust level from a publicized malware incident. This chapter provides a detailed description about different malware categories and how to protect against each type.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  • Abdelazim, H. Y., & Wahba, K. (2002). System dynamic model for computer virus prevalance. Paper presented at the 20th international conference of the system dynamics society, Palermo, Italy, July, available at: www.systemdynamics.org/conferences/2002/proceed/papers/Abdelaz1.pdf. Accessed 19 June 2013.

  • Alenezi, M., & Javed, Y. (2016). Open source web application security: A static analysis approach. Paper presented at the engineering & MIS (ICEMIS), International Conference on.

    Google Scholar 

  • Berberick, D. A. (2016). Analysis of the North Atlantic Treaty Organization’s (NATO) reaction to cyber threat. Utica College\ProQuest Dissertations Publishing.

    Google Scholar 

  • Brewer, R. (2016). Ransomware attacks: Detection, prevention and cure. Network Security, 2016(9), 5–9.

    Article  Google Scholar 

  • Buehrer, G., Weide, B. W., & Sivilotti, P. A. (2005). Using parse tree validation to prevent SQL injection attacks. Paper presented at the proceedings of the 5th international workshop on software engineering and middleware.

    Google Scholar 

  • Chien, E. (2005). Techniques of adware and spyware. Paper presented at the the proceedings of the fifteenth virus bulletin conference, Dublin Ireland.

    Google Scholar 

  • Dufel, M., Subramanium, V., & Chowdhury, M. (2014). Delivery of authentication information to a RESTful service using token validation scheme: Google Patents.

    Google Scholar 

  • Dunham, K., & Melnick, J. (2008). Malicious bots: An inside look into the cyber-criminal underground of the internet. Boca Raton: CrC Press.

    Book  Google Scholar 

  • Emigh, A. (2006). The crimeware landscape: Malware, phishing, identity theft and beyond. Journal of Digital Forensic Practice, 1(3), 245–260.

    Article  Google Scholar 

  • Farchi, E., Raz-Pelleg, O., & Ronen, A. (2012). Software bug predicting: Google Patents.

    Google Scholar 

  • FOSsi, M., Turner, D., Johnson, E., Mack, T., Adams, T., Blackbird, J., Low, M., McKinney, D., Dacier, M., Keromytis, A., Leita, C. (2009). Symantec report on rogue security software. Whitepaper, Symantec, October.

    Google Scholar 

  • Gandhi, V. K., & Thanjavur, T. N. S. I. (2012). An overview study on cyber crimes in internet. Journal of Information Engineering and Applications, 2(1), 1–5.

    Google Scholar 

  • Goertzel, K. M. (2009). Tools Report on Anti-Malware. Retrieved from https://www.csiac.org/wp-content/uploads/2016/02/malware.pdf

  • Gordon, S. (2005). Fighting spyware and adware in the enterprise. Information Systems Security, 14(3), 14–17.

    Article  Google Scholar 

  • Gralla, P. (2005). PC Pest Control: Protect your computers from malicious internet invaders. Sebastopol, CA: “ O’Reilly Media, Inc.”.

    Google Scholar 

  • Grégio, A. R. A., Jino, M., & de Geus, P. L. (2012). Malware Behavior. PhD thesis, University of Campinas (UNICAMP), Campinas

    Google Scholar 

  • Hasan, M. I., & Prajapati, N. B. (2009). An attack vector for deception through persuasion used by hackers and crakers. Paper presented at the Networks and Communications, 2009. NETCOM'09. First International Conference on.

    Google Scholar 

  • Hong, J. (2012). The state of phishing attacks. Communications of the ACM, 55(1), 74–81.

    Article  Google Scholar 

  • http://sarah-michelle-gellar.org/

  • https://www.pinterest.com/pin/194288171397349001/

  • https://www.smartz.com/blog/2011/02/01/hardware-based-keyloggers-making-identity-theft-easier/

  • https://blogs.otago.ac.nz/infosec/examples-of-phishing-emails/

  • Kapoor, A., & Sallam, A. (2007). Rootkits part 2: A technical primer. Retrieved from https://www.infopoint-security.de/open_downloads/alt/McAfee_wp_rootkits_part2_engl.pdf

  • Karlof, C., Shankar, U., Tygar, J. D., & Wagner, D. (2007). Dynamic pharming attacks and locked same-origin policies for web browsers. Paper presented at the proceedings of the 14th ACM conference on computer and communications security.

    Google Scholar 

  • Kelly, A. (2010). Cracking passwords using keyboard acoustics and language modeling. Edinburgh: University of Edinburgh.

    Google Scholar 

  • Laranjeiro, N., Vieira, M., & Madeira, H. (2009). Protecting database centric web services against SQL/XPath injection attacks. Paper presented at the database and expert systems applications.

    Google Scholar 

  • Lemonnier, J. (2015). What Is Adware & How Do I Get Rid of It? Retrieved from http://www.avg.com/en/signal/what-is-adware

  • Levow, Z., & Drako, D. (2005). Divided encryption connections to provide network traffic security: Google Patents.

    Google Scholar 

  • Li, P., Salour, M., & Su, X. (2008). A survey of internet worm detection and containment. IEEE Communication Surveys and Tutorials, 10(1). https://www.google.com/patents/US9158922

    Article  Google Scholar 

  • Liu, J. (2015). Method, system, and computer-readable medium for automatically mitigating vulnerabilities in source code: Google Patents.

    Google Scholar 

  • Mali, Y., & Chapte, V. (2014). Grid based authentication system. International Journal, 2(10). http://www.ijarcsms.com/docs/paper/volume2/issue10/V2I10-0048.pdf

  • Medley, D. P. (2007). Virtualization technology applied to rootkit defense. Retrieved from http://dtic.mil/dtic/tr/fulltext/u2/a469494.pdf

  • Morales, J. A., Clarke, P. J., Deng, Y., & Golam Kibria, B. (2006). Testing and evaluating virus detectors for handheld devices. Journal in Computer Virology, 2(2), 135–147.

    Article  Google Scholar 

  • Moya, M. A. C. (2008). Analysis and evaluation of the snort and bro network intrusion detection systems. Intrusion Detection System\Universidad Pontificia Comillas. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.462.969&rep=rep1&type=pdf

  • Muscat, I. ( 2017). What are injection attacks? Retrieved from https://www.acunetix.com/blog/articles/injection-attacks/

  • Muttik, I. (2014). Preventing attacks on devices with multiple CPUs: Google patents.

    Google Scholar 

  • Myers, M., & Youndt, S. (2007). An introduction to hardware-assisted virtual machine (hvm) rootkits. Mega Security.

    Google Scholar 

  • Nirmal, K., Ewards, S. V., & Geetha, K. (2010). Maximizing online security by providing a 3 factor authentication system to counter-attack'Phishing'. Paper presented at the Emerging Trends in Robotics and Communication Technologies (INTERACT), 2010 International Conference on.

    Google Scholar 

  • Osorio, F. C. C., & Klopman, Z. (2006). And you though you were safe after SLAMMER, not so, swarms not zombies present the greatest risk to our national internet infrastructure. Paper presented at the Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International.

    Google Scholar 

  • Patel, N., Mohammed, F., & Soni, S. (2011). SQL injection attacks: Techniques and protection mechanisms. International Journal on Computer Science and Engineering, 3(1), 199–203.

    Google Scholar 

  • Pathak, N., Pawar, A., & Patil, B. (2015). A survey on keylogger: A malicious attack. International Jourcal of Advanced Research in Computer Engineering and Technology. http://ijarcet.org/wp-content/uploads/IJARCET-VOL-4-ISSUE-4-1465-1469.pdf

  • Pérez, P. M., Filipiak, J., & Sierra, J. M. (2011). LAPSE+ static analysis security software: Vulnerabilities detection in java EE applications. Future Information Technology, 184, 148–156.

    Article  Google Scholar 

  • Rotich, E. K., Metto, S., Siele, L., & Muketha, G. M. (2014). A survey on cybercrime perpetration and prevention: A review and model for cybercrime prevention. European Journal of Science and Engineering, 2(1), 13–28.

    Google Scholar 

  • Savage, K., Coogan, P., & Lau, H. (2015). The evolution of Ransomware. Mountain View: Symantec.

    Google Scholar 

  • Schmidt, M. B., Johnston, A. C., Arnett, K. P., Chen, J. Q., & Li, S. (2008). A cross-cultural comparison of US and Chinese computer security awareness. Journal of Global Information Management, 16(2), 91.

    Article  Google Scholar 

  • Shi, P. P. (2010). Methods and techniques to protect against shoulder surfing and phishing attacks. Concordia University\Master thesis, Ottawa. http://dmas.lab.mcgill.ca/fung/supervision.htm

  • Somani, G., Agarwal, A., & Ladha, S. (2012). Overhead analysis of security primitives in cloud. Paper presented at the cloud and services computing (ISCOS), 2012 international symposium on.

    Google Scholar 

  • Sood, A. K., & Enbody, R. (2011). Chain exploitation—Social networks malware. ISACA Journal, 1, 31.

    Google Scholar 

  • Stone-GrOSs, B., Abman, R., Kemmerer, R. A., Kruegel, C., Steigerwald, D. G., & Vigna, G. (2013). The underground economy of fake antivirus software. In Economics of information security and privacy III (pp. 55–78). NewYork: Springer.

    Chapter  Google Scholar 

  • Subramanya, S. R., & Lakshminarasimhan, N. (2001). Computer viruses. IEEE Potentials, 20(4), 16–19.

    Article  Google Scholar 

  • Van Acker, S., Nikiforakis, N., Desmet, L., Joosen, W., & Piessens, F. (2012). FlashOver: Automated discovery of cross-site scripting vulnerabilities in rich internet applications. Paper presented at the proceedings of the 7th ACM symposium on information, computer and communications security.

    Google Scholar 

  • Vuagnoux, M., & Pasini, S. (2009). Compromising electromagnetic emanations of wired and wireless keyboards. Paper presented at the USENIX security symposium.

    Google Scholar 

  • Wang, S., & Ghosh, A. (2010). Hypercheck: A hardware-assisted integrity monitor. Paper presented at the Recent Advances in Intrusion Detection.

    Google Scholar 

  • Wang, Y. M., Roussev, R., Verbowski, C., Johnson, A., Wu, M. W., Huang, Y., & Kuo, S. Y. (2004). Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for spyware management. Paper presented at the LISA.

    Google Scholar 

  • Wang, J., Xue, Y., Liu, Y., & Tan, T. H. (2015). JSDC: A hybrid approach for JavaScript malware detection and classification. Paper presented at the proceedings of the 10th ACM symposium on information, computer and communications security.

    Google Scholar 

  • Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003). A taxonomy of computer worms. Paper presented at the proceedings of the 2003 ACM workshop on rapid malcode.

    Google Scholar 

  • Wilkins, R., & Richardson, B. (2013). UEFI secure boot in modern computer security solutions. Paper presented at the UEFI Forum.

    Google Scholar 

  • William, S. (2008). Computer security: Principles and practice. New Jersey: Pearson Education India.

    Google Scholar 

  • Yee, C. G., Shin, W. H., & Rao, G. (2007). An adaptive intrusion detection and prevention (ID/IP) framework for web services. Paper presented at the convergence information technology, 2007. International conference on.

    Google Scholar 

  • Zadig, S. M., & Tejay, G. (2011). Emerging cybercrime trends: Legal, ethical, and practical issues. In Investigating Cyber Law and Cyber Ethics: Issues, Impacts and Practices (p. 37). IGI global.

    Google Scholar 

  • Zhang, F., Wang, H., Leach, K., & Stavrou, A. (2014). A framework to secure peripherals at runtime. Paper presented at the ESORICS (1).

    Google Scholar 

  • Zuo, Z., & Zhou, M. (2004). Some further theoretical results about computer viruses. The Computer Journal, 47(6), 627–633.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Alsmadi, I., Burdwell, R., Aleroud, A., Wahbeh, A., Al-Qudah, M., Al-Omari, A. (2018). The Ontology of Malwares. In: Practical Information Security. Springer, Cham. https://doi.org/10.1007/978-3-319-72119-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72119-4_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72118-7

  • Online ISBN: 978-3-319-72119-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics