Computer Security: Hybrid or Exotic Malware Today, most malware is a combination of traditional malicious programs, often including parts of Trojans and worms and occasionally a virus. Usually the malware program appears to the end-user as a Trojan, but once executed, it attacks other victims over the network like a worm - so it is a hybrid! Many of today's hybrid malware programs are considered as: rootkits (A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software) and stealth programs (stealth is the term used to describe techniques used to make malware inconspicuous – that is, to conceal any changes made by the malware to the infected system). These malware programs essentially try to modify the underlying operating system so as to take ultimate control and hide from anti-malware programs. They turn your computer into a 'zombie' by using malware to turn your computer into a 'bot'. Bots are essentially Trojan/worm combinations that make individual exploited clients a part of a larger malicious network. Botmasters have one or more "command and control" servers that bot clients check into to receive their updated instructions. Botnets range in size from a few thousand compromised computers to huge networks with hundreds of thousands of systems under the control of a single botnet master. These botnets are often rented out to other criminals who then use them for their own nefarious purposes. To get rid of these types of programs, you must remove the controlling component from memory, beginning with an anti-malware scan. Example of a hybrid:A hybrid Trojan monster dubbed 'Zberp' set its sights on 450 financial institutions world wide in 2014. It had features from both its parents: Zeus and Carberp, combining to create a threat to be reckoned with. Just like Zeus, Zberp evades anti-malware scanner detection through embedded configuration updates within an image of the Apple logo. From Carberp, the new Trojan inherited the ability hooking techniques used to control browsers. |
|