In general, malware, or malicious software, is unauthorized hostile or intrusive software that is used to disrupt computer operations, gather sensitive information in an unauthorized manner, or gain illicit access to private computer systems. There are many types of malware, including computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious browser help objects, and rogue security software, among others.
Some types of malware work autonomously without any interaction from any malware operator, for example, by automatically copying data from the victim machine (e.g., passwords, cookies, personal information, etc.) and sending the data outside of the victim machine to the malware operator. Other types of malware allow a malware operator to interact directly with the victim machine and the malware. For example, malware may install a backdoor or other illicit access point that allows the malware operator to bypass normal authentication and gain illegal remote access to the victim machine, usually while remaining undetected by the victim machine's legitimate operators. For example, a very common payload for worms that replicate throughout a network is a backdoor program that is installed on each infected victim computer allowing the malware operator to access the infected computers. Similarly, trojan horses, or trojans, typically include a backdoor that allows unauthorized access to and interaction with the victim computer by the trojan's operator.
There are many different types of malware operators, such as black-hat hackers, cyber espionage organizations, governments, etc., just as there are many different types of malware. Moreover, each malware operator has individual characteristics, and each typically interacts differently with the malware and the victim machine.
Because knowledge of a malware operator may help to defend against that malware operator, it may be desirable to develop improved systems, methods, and techniques that enable legitimate operators to capture and study the actions of malware operators, without the malware operators knowing.