World Informatix

logo

World Informatix Blog

By Jagriti Sahu
World Informatix Cyber Security


As we can see that cyber-crimes and frauds are taking place drastically in present time. Internet users are getting trapped by some kind of forgery, data loss and financial loss by various reasons. Malware is one of them.

Kaspersky lab and B2B international conducted a survey jointly and concluded that 45% of internet users were encountered by malware in recent one year and three fourth of the affected users were facing negative impacts.

Whats inside the article?

This article is based on Malware Defense which is a security control standardization by the SANS Institute and covers the information about malware like what are malware, how do they function, how they spread, who are the victims of malware and what are the prevention for malware?

 

What is Malware ?

The Term Malware is a combination of words Malicious and Software. Basically malware is a software/program which is intentionally developed to perform various destructive task on the victim’s system without his knowledge. Malware performs various task depending on the objective defined by its inventor. It can steal sensitive information from system and send them to the person on remote location, gain access to private computer systems, display unwanted advertising, can full system’s disk memory with garbage, delete files from system or interrupt computer operations.

 

Technical Description:

Malware is a broad term that refers to a variety of malicious programs. Malware program contains some lines of code that execute the desired task of attacker when interact with victim system. Some of malware does not require any user interaction. They work as a standalone program. Commonly malware are adware, bots, bugs, rootkits, spyware, ransomware, rootkits, keyloggers, trojan horses, viruses, and worms.

 

What are the Types of malware?

On the bases of their working functionality malware are categories on following types:

 Keyloggers:
Keyloggers are made for logging everything the user type during his/her work.They can acquire user login credentials or other sensitive information and can send these gathered information to any remote location/user if keyloggers are intended to do same.

 Rootkits:
A rootkit is a collection of programs that enable administrator-level access to a computer or computer network. It is hardest to detect and remove. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

 Trojans:
This is a most dangerous malware. Trojan misleads user to think that it is a genuine file. It can give a malicious party remote access to an infected computer. Once an attacker has access to an infected computer, it is possible for the attacker to steal data (logins credentials, financial data, even electronic money). Generally spread by social engineering tricks like via an attachment with any email.

 Worm:
A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers.

 Virus:
Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program.When the host code executes, the virus code executes as well.

 Ransomware:
A ransomware is program using which an attacker can encrypt user’s whole system data and demands for ransom. System user have to pay the demanded ransom in order to decrypt data and regain the access on his/her system.

 Adware:
Adware is the most common, least harmful and most fruitful (for its owner) malware.
They are used for advertisement.

 Spyware:
As name describes, spyware spies on your system and your activities over the internet and send similar advertisement back to you.

 Backdoor:
Backdoors are much the same as Trojans or worms, except that they open a “backdoor” onto a computer. A backdoor is a technique in which a system security mechanism is bypassed understandably to access a computer or its data. Hackers use backdoors to install malicious software (malware) files or programs, modify code or delete files and gain system and/or data access.

 Bot:
Bot is a type of malware which allows an attacker to gain complete control over the affected computer. ‘Bot’ is derived from the word “robot” and is an automated process that interacts with other network services.They often automate tasks and provide information or services that would otherwise be conducted by a human being.

 Rogue security software:
Rogue security software is a malware which misleads users by pretending itself a genuine malware removal software but it is the real malware. Cyber-criminals asks victims for money to remove the malware from their system which actually does not even exist.

 Browser Hijacker:
A Browser hijacker is a malware program that alters your computer’s browser settings and redirects you to websites on which developers want you to see. Its intention is to make money off your web surfing. This is especially dangerous when banking or shopping online.

 

How Malware can be spread?

  • Social engineering: Easiest way to propagate these malware is social engineering method. An attacker can spread his program/malware code by tricking the victim. He can craft a URL where malware code his hosted or can give him a software (which is attached with malware script) saying it is a very interesting organizing application or can trick a gamer by offering him a gaming application in which malware script is attached.
  • Via email attachment: Attacker can send an email with attachment which may contain or affected by malicious script. They can activate in system after download.
  • Via USB sticks: Malware can infect one’s system using file or any executable code copied from USB drives.
  • Via infected system within same network : Some malware can transfer their copies to the other machines which are connected to the same network and infect them too.
  • From downloading file from untrusted or unknown source.

 

What are objectives behind spreading the malware?

Objective of the malware writer may differ according to their requirement. As malware writers can come from any age group or any background, any of the following could be the reason behind their activity:

  • Gain financial profit by their malware.
  • Harm any organization and their reputation.
  • Gain fame for themselves by their activities.

 

Who are the victims of malware?

Following are some of victims who were targeted and affected by different malware:
(1) Iran’s nuclear-fuel enrichment program targeted by Stuxnet:
Stuxnet malware was used to harm the Iran’s Nuclear program.
It runs on Microsoft Window machines and could spread between two machines by the USB drive even those are not connected to the internet. It can prevent itself to be detected by antiviruses and one part of malware executes the propagated copies into the other computers.
Reportedly Stuxnet attacked PLCs, collected information about industrial system and ruined almost one fifth part of Iran’s nuclear centrifuges.
Refer following link for more details about the attack:
http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet

(2) Three US hospitals attacked by Ransomware called Locky:
The IT systems of 3 hospitals in US were affected by the malware called Locky, which encrypted whole system files, documents and the images as well.
Simplest method for propagating this type of malware/ransomware is spam e-mails. Ransomware enters in the system via documents attached with spam emails and the document requests user to enable ma cros. After activating itself, it demands for the ransom in order to decrypt the system files and sends the instruction that how victim can pay the ransom.
Refer following link for more details about the compromise:
http://www.bbc.com/news/technology-35880610

(3) Banking app malware blocks call to customer-service:
In March 2016, people of South Korea were introduced with an uncommon type of malware integrated with a banking android application. Whenever a bank customer tries to call to bank’s customer care number from his registered mobile number with the same device in which the application is running, malware prevent the call to be connected with the support team and redirects to an interactive voice response system. Malware not only blocks the outgoing call but steals user information and data from the compromised device during the Interactive Voice Response system.
Refer following link for details about the compromise:
http://www.symantec.com/connect/blogs/android-banking-malware-blocks-victims-outgoing-calls-customer-service

(4) Malware attack on Facebook users affected 10,000 victims in 2 days:
A malware is getting spread by hackers over Facebook. Within 48 hours approximately 10,000 victims are affected by the malware. Mostly users of Google chrome browser running on a windows PC are getting affected by this malware.
Affected victim receives a notification in the Facebook application or email that a friend is tagged them in comment. After clicking on the notification a Trojan get downloaded in their system on the in device and gets activate if they click on the downloaded file. After successful execution of the attack, attacker can compromise the victim’s Facebook account, data and privacy settings.
Refer the link mentioned below for detailed information:
http://www.ibtimes.co.uk/facebook-users-targeted-by-malware-that-affected-10000-victims-2-days-1568539

 

How to prevent from being attacked ?

As we saw earlier in this article how malware spread, individual should have awareness about malicious activities, its impact and the precautions to be taken to stay safe.
Following are the guidelines which should be followed in order to prevent the malware attacks on any organization and on the individual as well.

  • Email security: All e-mail attachments entering the organization’s e-mail gateway should be scanned prior to being placed in the recipients’ inbox and should alert or notify the enterprise personnel.
    As an individual do not download any attachment from un-trusted sender. Also scan the file before operating/opening if downloaded in the machine.
  • Anti-malware package: Anti-malware application should have installed on each system inside/outside the network.
  • Implementation of monitoring system: Automated tools should be implemented to continuously monitor workstations, servers, and mobile devices for active, up-to-date anti-malware protection with anti-virus, anti- spyware, personal firewalls, and host-based IPS functionality.
  • Keep system up to date: Software installed in the machine (inside the network or in the independent machine) should be up to date. Especially Browser and Browser plugins should be updated and should be free from vulnerabilities.
  • External devices security: In the organization, use of external devises should be avoided if not necessary. As already mention malware can be spread by USB sticks, unverified USB stick should not be connected to the system. Configure the machine in such way that ‘Auto-run’ for the content copied from USB drive or any removable media should be disabled.
  • Downloading files from untrusted network: Always download any file or package from official and trusted source only. Untrusted or unknown source may contain malware affected file which may cause unpleasant result.

 

References:

http://techterms.com/definition/bot
http://www.cisco.com/c/en/us/about/security-center/virus-differences.html
http://www.symantec.com
http://www.kaspersky.com
https://www.hackread.com/
http://www.tripwire.com/state-of-security

Leave a Reply