Malware

So what is Malware?

Malware (mal´wãr) (n.) Short for malicious software, malware refers to software designed specifically to damage or disrupt a system, such as viruses, spyware, worms, zombies or Trojan horses. Programmers have been authoring malware since there has been legitimate software. It can be created as a prank, a test, an experiment or an intentional act of crime or sabotage. There are many incentives to create malware, but almost any malware you’ll see today is intended to gain illegal profit.

In this article we will examine the most common types of malware and examine the kind of damage that can inflict on individuals, corporations and nations.

What is a computer virus?

Computer viruses are small software programs that are capable of self-replication and are designed to spread from one computer to another. The primary goal of a virus may not be to cause damage, as much as to clone itself onto another host, so that it can spread further. A well designed virus generally has a very small footprint and can remain undetected for a long period of time. Undetected by stealth techniques to keep it unnoticed, so that it can continue to spread.

Some viruses are time or event activated, allowing them to spread for a number of days, months, or even years and then suddenly activated to do damage. A computer virus might corrupt or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk. Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential you never open email attachments unless you know who it’s from and you are expecting it. Viruses can be disguised as attachments or funny images, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or programs you might download.

To help avoid computer viruses, it’s essential that you keep your computer current with the latest updates and antivirus tools, stay informed about recent threats, run your computer as a standard user (not as administrator), and that you follow a few basic rules when you surf the Internet, download files, and open attachments.

Once a virus is on your computer, its type or the method it used to get there is not as important as removing it and preventing further infection.

What is a Computer Worm?

Similar to a virus, a computer worm is a form of malicious software application designed to spread via computer networks. A computer user typically installs worms by inadvertently opening an email attachment or message containing executable scripts.

The biggest difference between a worm and a virus is that a worm is network-aware. A virus is designed to replicate itself amongst the files on the same computer, and will have a hard time moving from one computer to another. Worms overcome this computer-to-computer obstacle by bridging the network to find a new host on the network.

Once installed on a computer, worms spontaneously generate additional email messages containing copies of the worm.

Being embedded inside everyday network software, computer worms easily penetrate most firewalls and other network security measures.

This is an important difference: in the past, viruses could take years before moving across network, corporate, or global boundaries. Worms are capable of going global in a matter of seconds. This makes it very hard for them to be controlled and stopped.

What is a Computer Trojan?

Mostly people confuse the term computer Trojan with computer virus. They think they are identical. No doubt they both infect your computer, but they have slightly different characteristics. A Trojan is a malicious program that cannot replicate itself like the computer virus but can cause serious security problems. It appears as a useful program but in reality it has a secret code that can easily access your system.

The term ‘Trojan’ is derived from the Trojan Horse story in Greek mythology, which explains how the Greeks were able to enter the fortified city of Troy by hiding their soldiers in a big wooden horse given to the Trojans as a gift. The Trojans were very fond of horses and trusted the gift blindly. In the night, the soldiers emerged and attacked the city from the inside.

A computer Trojan behaves in the same way. A common trick is to conceal the Trojan inside a seemingly harmless game or message. Trojans also come disguised as videos, pictures and even legitimate software packages. In each case, the disguise is something designed to tempt the user into running it on his or her machine.

Cyber-crooks often use viruses, Trojans and worms together. They design a Trojan that ‘drops’ a virus or worm onto the victim’s computer thus initiating a brand new infection. This virus or worm is usually called the ‘payload’ of the Trojan. Trojans also drop spyware, a type of malware that I will explain next.

What is Spyware?

The primary function of spyware is to snoop on a user’s activity and send back the information it gathers to a hacker. Spyware does not have any infection mechanisms. It is usually dropped by Trojans (and also by viruses and worms). Once dropped, it installs itself on the victim’s computer and waits silently to avoid detection.

Once spyware is successfully installed it will begin collecting information. It is very common for spyware to log all the keys that the user types. This type of spyware is called a key logger and can capture interesting information such as user names, passwords, credit card numbers and email addresses. Key loggers capture every key stroke, so entire emails, documents and chats can be read by the malicious hacker.

There are more sophisticated forms of spyware that hook themselves to the network interface and siphon off all network data that enters or leaves the infected computer. This allows the hacker to capture entire network sessions giving them access to files, digital certificates, encryption keys and other sensitive information.

They have Zombies, too?

A zombie works in a similar way to spyware. The infection mechanisms remain the same, however the scope is different. A zombie does not usually collect information from the computer. Instead, it just sits there waiting for commands from the hacker. At times, hackers can infect tens of thousands of computers, turning them into zombie machines. Each of these machines is now at the disposal of the hacker who usually issues commands so that all of them instantaneously send network requests to a target host, overwhelming it with traffic. This is called a distributed denial of service attack and is usually successful, even against the largest Internet organizations.

Infected Websites

Security experts have noticed a new and scary trend in malware – website infections. When a website is infected, all the visitors to that particular website can potentially catch the bug and further spread the malware.

Websites are vulnerable targets; they are much more exposed than normal users. They are directly connected to the World Wide Web and are continuously serving content to large numbers of users, some of whom might be malicious.
New malware has now emerged that takes advantages of bugs in frameworks and their plug-ins; popular frameworks like WordPress and Joomla have vulnerabilities that allow them to be exploited and used as virus-serving mechanisms. Sometimes malware does not infect a website automatically, but a hacker breaks into the site and implants the malware manually.

If your website gets infected the damage can be devastating. Your website can be restored, but the trust of your users and customers can easily be destroyed. Furthermore, if you are discovered serving malware your site will be blacklisted in hundreds of blacklists worldwide. Removing yourself from these blacklists is a very lengthy and difficult task, so even after you have cleaned the virus, the damage will continue to linger for a long time.

Malware is not going away.

Malware writers went on a record-breaking tear in the second quarter of 2012, pumping out some 100,000 new samples per day, according to a report from McAfee.

McAfee says there was a 1.5 million increase in malware since the first quarter of 2012, closing in on a rate of nearly 100,000 unique malware samples per day. “Unique malware samples in our ‘zoo’ collection number 1.5 million more this quarter than last. At this rate we will almost certainly see 100 million samples by next quarter and possibly the first 10-million-sample quarter,” McAfee said in its new report.