Basics of Malware
30 June 2019
Today I will be discussing the basics of malware. Malware is the short term for “Malicious Software”. This term encompasses viruses, trojans, worms, and other harmful programs that are used by hackers cause damage and/or gain access to sensitive information.
- Virus – This is a piece of code that injects itself into a standalone program, where it maliciously spread itself
- Trojan – Reflecting the Trojan Horse story, this is a piece of code that disguises itself as something a user may want; and when activated can cause damage to their computer
- Worm – Similar to viruses, worms can reproduce themselves and spread from computer to computer. Unlike viruses however, they do not need a host program or human to propagate
Here is some more key terminology relating to malware:
- Ransomware – This is also a subset of malware in which data becomes maliciously locked, usually by an encryption method and the hacker demands money for decrypting the data back to the user. This kind of malware can be spread through mediums such as software applications, infected websites, and even simple email attachments
- Spyware – This is a type of malware that secretly gathers a user’s data without them knowing. An example of this is a keylogger, which hackers use to record all the keystrokes a user makes. This method is great for stealing password
- Adware – This malware forces user’s browsers to redirect to other websites where free malicious apps/games are prompted for the user to download. These kinds of websites can also collect marketing data about the user
So why would someone want to create such harmful code and spread it – what are their motives? The biggest motivation is money. Ransomware is a good example where money is the primary target. Other motivations include research, political, and personal enjoyment.
Detection of malware and the tools that would help identify them are important to know. Some common tools used to detect malware are flypaper, fakenet, and process monitor. As well as detection, getting rid of malware is equally important, if not the goal. Though removing malware can be very tricky, there are many solutions out there varying in price that can help remove cryptojacking, rootkits, and ransomware for example. Hashing can also be used to detect any changes made by malware, in which hashes of newly downloaded files are stored and later compared with. This is typically what most anti-virus software perform along with signature based detection.
One interesting form of viruses are polymorphic viruses. A polymorphic virus is a harmful type of malware that can change itself, making it very difficult to be caught by anti-virus software. Even though the appearance of the code may be different over each mutation, it’s intended function usually remains the same. This can become a problem for anti-virus software where the first iteration of this virus could be caught; though the second may fail to be detected since its signature wasn’t added to the database. On the contrary, newer security technologies are rolling out with enhanced features such as machine learning where anti-virus depend moreover on behavioral analytics instead of signature based detection.
