The Story that /Malware/ Tells

Posted by

MalwareThe early versions of internet based Malware popped up around the late 80s with the most common one being the Morris Worm. It caught many IT professional off guard back then. However, it was just the beginning of a new era, which has seen so many developments over the last 20 or so years. From the Love bug to the present day Conficker, Mariposa and Zbot.

So what is Malware…..there is no standard definition or dictionary meaning for the coined term but here is a general definition:

/Malware/:   is a general term used to refer to malicious software or software designed with malicious intent to damage or do other unwanted actions to computers or systems. Examples include viruses, worms, Trojans, spyware, botnets, keyloggers,rootkits etc.

Most Malware is developed with the malicious to steal data, or cause some form of havoc such as deleting the entire hard drive or consuming system resources and utilise the infected computer as a zombie.

So So Many Kinds of them out there

advertisement

As highlighted above, over the years there were so many developments in the space of Malware development and proliferation. This led to a very complex and diverse Malware ecosystem made up of many variants and types. Like any ecosystem each Malware variant tries to outwit the others and stomps its position – What I call the Malware food web (Survival of the fittest).

In the early days there used to be just a few variants of Malware. However, as the use of the internet, availability of computers and the number of programming languages out there increased it brought with it millions of variants of many forms such as bots, trojans, viruses, rootkits, spyware, worms, adware.

The most notable reason for such diversification of Malware is the financial benefit for developing and spreading Malware. In the early years Malware development used to be done as a spare time hobby by teens in basements. With time, Malware development evolved and today it has become a multibillion dollar business and hence highly skilled professionals are busy at work developing and spreading various forms of Malware. At the same time the speed at which malware is developed and implemented; due to the emergence of automated tools have increased over the last say 8 years.

As a result Organisations and individuals need to ensure they protect their computers and systems any given point in time.

Hard to Detect
Rapid developments and changes in the Malware space are also making them difficult to detect. At the same time most companies are still relying on the traditional protection methods and not applying the correct vulnerability and threat management controls in place e.g. some companies are still relying on products that mainly rely on signatures to detect Malware…this is not reliable anymore as attacks and vulnerability change daily resulting in many Zero Day attacks.

Malware attacks are also constantly changing at a very fast pace and even when the protection technologies detect Malware; the Malware itself adapts and changes (Polymorphism) to avoid detection. Hence you can have only some limited confidence in technology alone to stop these threats.

The attack vectors are also changing i.e. that’s the way in which Malware exploits vulnerabilities to infect computer systems and networks. They used to propagate through emails, attachments and downloadable executable files. However, the massive use of the internet has lead to another principal channel of spreading Malware mainly using social engineering techniques to induce people to download infected files and applications, or to go to websites that then automatically download Malware to users’ systems…using a technique called phishing or some related form.

At the same time Malware is now being developed by highly skilled and trained software engineers with in-depth knowledge of cryptography and IT networks. These guys are driven by the financial gain and they know how the IT systems work and can do anything to ensure the Malware they develop is difficult to detect using the traditional anti-Malware systems.

Web 2.0: The rise of Malware
What is commonly referred to as Web 2.0 (in other words, today’s social, dynamic and functionally rich internet experience) brought with it the rise of social platforms such as YouTube , Facebook, Twitter and others, all of which depend on interactivity. The current generation of Malware thrives on this social interactive of the new platforms.

A common way through which Malware spreads on these platforms is via the uncontrolled   publication of applications (most of which are malicious) and sprouting of malicious links. Users need to extra cautious when they use these social sites.

The threat gradient is getting steeper

As information technology improves daily, the Malware problems are expected to only get worse. With time Malware will eventually attack all sorts of devices that connect to the internet; smart phones, gadgets, gaming consoles, IT systems etc.  The advancement in web 2.0 and the related technologies will increase the platform for spreading the various forms of Malware.

There is also an increase in social engineering techniques as a Malware propagating technique. Social engineering targets humans, who by nature are sometimes too easy to fool and entice e.g. put a link to an infected XXX or gambling site  in an email and send it to 10 people, chances are over 90% of them will click it.

In view of all this it is highly important that organisations should consider upgrading their Malware and threat defences. Therefore with this increase in social engineering techniques organisations should implement detailed but easy to understand user security awareness training. In the end, they say, the end user will always be the most vulnerable part of any defence against Malware.

Protection based on proactive Prevention

Moving forward, trends show that Malware will continue to spread at an alarming rate using various channels, techniques and technologies. At the same time Malware attacks are also becoming more targeted and organisations need to implement proactive measures to detect and prevent their systems from being infected. For optimal anti-Malware protection, proactive and signature-based methods should be bundled and used together.

I would want to recommend that general computer users and organisations should at least take the following measure to minimise the risk of their computer(s) being attacked:

  • Use a personal firewall on your computer.
  • Delete spam emails without opening them.
  • Avoid installing programs from untrusted sources.
  • Don’t allow untrusted websites to install software.
  • Keep your operating system and Web browser current with the latest hotfixes or security update.
  • Use a good anti-root kit program weekly to scan for rootkits.
  • Back up your system each week after a clean scan.
  • Implement content filtering techniques especially deep content inspection
  • Don’t Click links from unknown sources on your face book, youtube etc
  • Educate users about Malware protection and social engineering

5 Comments

  1. Andrew says:

    I cannot agree more…As a country beginning to enter and interact with the internet more and more, it’s up to each and every individual to learn and understand at least the basics concerning internet and data security. And this is the best time for us locally as Zimbabweans to instill such a culture and approach to data security amongst us.

    I think local ISP’s must also consider emphasis and education concerning the importance of Anti-virus, Anti-Malware, Antispyware technologies, constant updates of Operating Systems and Web browsers to their potential clients since the rapid infection of computers on a network can lead to costly and distressful scenarios for both ISP and client.

  2. Zorro says:

    Great post. I’m sure a lot of people do not realise just how important it is to have an efficient PC Internet Security manager. I use Comodo Internet Security Suite, a free (at least for now) up and coming package that offers a Firewall, AV and various other malware and spam protection tools.

    Keep these personal computing tips coming guys.

  3. LukeAlvin says:

    I developed an security system called Alvin PC Security…it needs no updates protects you from usb virus here is the Facebook page for the product http://www.facebook.com/?ref=home#!/pages/Alvin-PC-Security-2011/113583448716591?sk=info

Leave a Reply

Your email address will not be published.

css.php