Malware - Viruses and Worms

Malware is becoming significant and prevalent nowadays and it is important for a computer forensic examiner to understand that digital criminals can commit crime without direct access to the computer; they can use software agents to safely and remotely perform the damage.

Malware can be directed internally, meaning that it is directed at the computer it is located on or externally, where the attack is performed remotely over the network.

Malware can also be either manual or autonomous. Manual refers to malware that is being controlled by a malicious human being while autonomous refers to malware that executes the functions according to its programmed parameters, without any human intervention.

Finally malware can be differentiated by either it is self-replicating or it must be manually distributed. Virus and worms are considered self-replicating codes. Viruses are code fragments that piggyback on other software or programs while worms are discrete programs that copy themselves to other computers over the network.

An example will be the Melissa virus and the “I Love You/Lovebug” worm. Both performing the same function, they spread via email attachments when triggered and sent copies of themselves to other email addresses in the victim’s address book. The only difference is that the virus is only found in files carrying it, e.g. in a word document while worm can exist as a standalone executable file.