Cyber-Security: Malware
Malware
Software that attempts to harm computers in different ways are known as ‘malware’.
The term comes from the term 'malicious software'.
A malware's signature is a distinctive pattern of data either in memory or in a file. Anti-malware software packages are designed to combat known malware - identifying them through their signatures. (Sadly, malware that is out there 'in the wild' - not yet identified - cannot be detected by such software).
Sophisticated malware has the ability to change its program (it is said to be polymorphic or metamorphic), disguising itself without affecting its operation, making it difficult to detect.
Reasons why malware is created include:
intellectual curiosity:
Many programmers thrive on the challenge of seeing what is possible, and set out to create a malware program even if they do not intend to do harm.
Perhaps the most famous of these 'experiments' was the 1988 Morris Worm – the first worm to spread over the internet. The supposed intent of this worm was to gauge the number of machines connected to the network. However, the result was to slow down the operation of infected machines to the point of it being unusable. Worms continue to represent a major threat, as shown by the case of the Conficker Worm of 2008.
financial gain
Malware distributing criminals do so in order to steal financial information from a user, or increasingly, from online advertisers.
corporate espionage
Malware can get into your computer through a variety of mechanisms:
Getting you to download malware by putting a link in an email, or attaching the malware to an email.
Packaging the malware within illegal copies of standard software, video games and movies is an excellent way to get malware into the machines of people who choose to use these illegal copies rather than pay for the genuine versions.
Malware can also be installed on your computer by clicking links on websites – especially sites that distribute illegal copies of software, videos and pornography or offer you incredible discounts.
Clicking on annoying pop-up windows that claim to have identified problems with your computer security is another method of distributing malware. When the 'pop-up' appears they probably haven’t infected your machine - but if you click on the prompt to run the 'virus scan' it will be!
I suggest you run your antivirus software now and remind yourself
what a genuine alert looks like on your computer.
Malware can be spread through social networking services.
Once a user has clicked on a link containing it the malware can masquerade as the real user and post messages containing links to sites that distribute even more malware.
This type of malware relies on social engineering to multiply – users of social networks are highly likely to click on links they think have come from friends and spread the infection.
Most of these social networking infections have exploited weaknesses in client software rather than the web versions of the networks, so it is important to keep social networking client software, such as the Facebook App for mobile devices, up to date.
Types of malware
A computer virus is what most of the media and regular end-users call every malware program reported in the news. But luckily most malware programs aren't 'viruses'.
They can be trojans or worms or nowadays some hybrid form.
Malware is named according to what type of naughtiness/damage is does:
Botnets |
A botnet is a network of computers taken over by a hacker using malicious software typically spread via infected web pages or email attachments.
A botnet can carry out attacks spread across a wide number of machines, making it harder to disrupt and the attacker's origins harder to trace. Those whose computers - Windows or Mac - had been hijacked would probably not know. Attackers simply use the victims' computers as vessels.
Once created an attacker controls a group of computers and uses them to gather personal information or launch attacks against others, such as for sending spam emails or flooding a website with so many requests for content that the server cannot cope, called a denial-of-service attack.
See the BBC report from 2019: 'Sextortion botnet spreads 30,000 emails an hour’
See the BBC report from 2021: 'Emotet botnet taken down by international police swoop' |
Ransomware |
This type of malware demands payment in order to refrain from doing some harmful action (such as wiping data) or to undo the effects of a harmful action (such as 'freezing' your computer - restricting access to your files). |
Spyware |
Does as it says on the tin - it spies on you!
It records the activities of the user, such as the passwords they type into the computer, and transmits this information to the person who wrote (or purchased) the malware.
It sometimes takes over your camera and/or microphone - recording things that happen in the room that houses the computer.
Spyware Spyware is most often used by people who want to check on the computer activities of 'loved ones'.
In criminal targeted attacks spyware is used to log the keystrokes of victims and gain access to passwords or intellectual property.
Removing spyware is not usually a problem but the presence of a spyware program should serve as a warning that the device or user has some sort of weakness that needs to be corrected. |
Adware |
This attempts to expose the compromised end-user to unwanted, potentially malicious advertising.
A common adware program might redirect a user's browser searches to look-alike web pages that contain other product promotions.
Removing adware is not usually a problem but the presence of an adware program should serve as a warning that the device or user has some sort of weakness that needs to be corrected. |
See here for hybid forms of malware.
Fileless Malware
Fileless malware differs from traditional malware in the way it travels and infects new systems using the file system. Fileless malware, nowadays accounts for more than half all malware and is growing.
It is malware that doesn't directly use files or the file system. Instead it exploits and spreads in memory only, or by using other "non-file" OS objects such as registry keys, APIs or scheduled tasks.
Many fileless attacks begin by exploiting an existing legitimate program, becoming a newly launched "sub-process," or by using existing legitimate tools built into the OS (like Microsoft's PowerShell).
The end result is that fileless attacks are harder to detect and stop.
Malvertising
This is not to be confused with adware - malvertising is the use of legitimate ads or ad networks to covertly deliver malware to unsuspecting users' computers.
For example, a cybercriminal might pay to place an ad on a legitimate website.
When a user clicks on the ad, code in the ad either redirects them to a malicious website or installs malware on their computer.
In some cases, the malware embedded in an ad might execute automatically without any action from the user, a technique referred to as a "drive-by download."
Cybercriminals have also been known to compromise legitimate ad networks that deliver ads to many websites.
That's often how popular websites such as the New York Times, Spotify and the London Stock Exchange have been vectors for malicious ads, putting their users in jeopardy.
The goal of cybercriminals who use malvertising is to make money, of course.
Malvertising can deliver any type of money-making malware, including ransomware, cryptomining scripts or banking Trojans.
Finding and removing malware
Sadly, finding and removing individual malware program components can be a waste of time.
It's easy to get it wrong and miss a component. Plus, once 'done' you have no way of being sure that the malware program has not modified your system in such a way that it will be impossible to make it completely trustworthy again.
Unless you're well trained in malware removal and forensics, back up the data (if needed), re-format the drive, and reinstall the programs and data when you find malware on a computer.
Artificial Intelligence and Machine Learning is improving the way in which we find and remove malware from computer systems.
You should employ a reputable up to date Virus Checker on your computers and hand held devices.
In addition to keeping software up to date and using antivirus products, there are other technological innovations that can help mitigate the threats of malware.
Sandboxes and code signing are examples of some of the technologies that developers are integrating into the software we commonly use to help protect our computers.