This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Malware, malicious software in short form, is a generic term which is used to represent any software that is malicious in nature and. It is installed without the victim's knowledge and approval that cause problems, damage and disrupt a computer system. Therefore, it compromises the CIA- confidentiality, integrity, or availability of the data or operating system (Whitman & Mattford, 2012). Of all kinds of threat, Trojans dominate the threat landscape.
Virus is what non-IT people know and is aware of as it comes to malware as it is the first generation of malware that spread in the 1980s. It is the most common type of malware. As the malware acts similarly to a biological virus, the computer virus propagates and infects other programs replicating itself by copying to other program. Virus is a parasite which has to rely on a host program and cannot exist alone as it does not have automatic replication capabilities. The virus becomes active when the user runs or opens the program or file.
Here are a number of types of viruses:
Boot Sector Virus
As the first type of virus, boot sector virus is widespread during the time when users have to boot from a floppy disk regularly. It is stored in the disk boot sector hiding itself in the executable code and automatically gets executed ones the computer is turned on, destroying the master boot record of a computer (Grimes, 2001).
Executable File Virus
This type of virus is stored in non-executable data that are part of the operating system which increases the propagation when the user turns on the computer, then open the files such as .exe. Some variation of this virus overwrites the executable file with virus code at the first part making the program crash when executed. This shows that there is an obvious infection in an important system file (ISECOM, 2004).
Terminate and Stay Resident (TSR) Virus
This virus is often used with DOS programs that are closed but still remain in the background as the application loads into the memory which enables the computer to run normally. An example would be that this virus would attach themselves to the 'DIR' command and infect every files listed in the directory (ISECOM, 2004).
The virus make themselves look entirely different each time they replicate by changing encryption and rearranging the code as early types of virus are already known.
The Macro Virus infects software such as MS Word, Excel and Outlook by using the Visual Basic codes in it for attaching the malicious codes to the document for automatic propagation to other MS office files (Cannon, Caudle, & Chiarella, 2009).
Worm is a malware that propagates over computer networks which causes maximum damage to data and information. It replicates by itself via networks without the need for human intervention after accessing a program and sustains itself using email or search engines to infect and spread to others. Two types of worms are: (Souppaya & Scarfone, 2012)
Mass mailers - use Simple Mail Transfer Protocol for propagation via email networks.
In- memory- spread through the automatic execution in TCP/HTTP which exploits the vulnerabilities in the system
Based on the concept of the Trojan horse in Homer's epic poem Iliad, this malware spoofs, resembles and disguises a legitimate, useful or desirable program in order for the user to run it unknowingly unleashing a hidden malicious purpose into otherwise a secure computer system. It then installs a backdoor or rootkit into the system. Trojans have non-replicating code and is parasitic as it needs a legitimate program to hide its true identity (Whitman & Mattford, 2012).
There are several different kinds of Trojan, each is designed to carry out a specific purpose - i.e. backdoor trojans permits system access by an uninvited party potentially allowing remote administration of system, often including the keylogger that records every key pressed in the hope of finding out the victim's password or some other piece of confidential data. Other types of Trojan includes trojan downloaders that downloads updated codes to the computer (Shields, 2008).
It is a piece of malware that bypasses normal authentication with the method of listening on certain ports or programs which will hide processes in memory and modify log files. It is an alternative and unknown entry point to a system commonly created by programmers during the system design phase for trouble shooting, testing, maintenance, but left accidentally by mistake (Whitman & Mattford, 2012). More often than not, hackers compromise the computer to retain and continue easy accessing into the system in the future.
Rootkits alter and modify the operating system behavior and functionality to hide the malicious code either at a user level or kernel- level. User-level rootkit replaces or modifies system admin and user's executable files while kernel-level rootkit manipulates the kernel of the operating system to hide and create backdoors. Basically, rootkits replace operating utilities such as user settings, system tools, registry entries, or kernel with its own program. An example is that the malware creates an additional user in a password file which has privileges access, most likely the malicious activity is overlooked because of filtering done before displaying results on screen (Shelly, Vermaat, Quasney, Sebok, & Freund, 2012).
It is used for monitoring user behavior during web browsing often installing itself from the website one visit unknowingly. The installed malware then spies on the user's activities stealing valuable information ranging from web usage statistics to credit card number and other identity theft activities (Williams & Sawyer, 2012). The spyware can cause irritating pop up advertisement all over the screen.
It is a program that delivers marketing promotions such as advertising banners and popups to the user's screen. This carries hidden codes to track user's online usage and purchasing activity, basically collecting information that is used for social engineering and identity theft (Williams & Sawyer, 2012).
Logic Bomb and Time Bomb
It is a type of malware that triggers and executes the instruction codes upon meeting certain conditions based on the logic written by the author to compromise the information system. Logic bombs triggers on certain event condition and release its payload while time bombs triggers on time condition and release its payload. This malware is created with ill intent by disgruntled employees seeking revenge or hacking for financial gains. For example, the malware can be set that failure of the administrator to log in for a certain time would cause the data of the system to be deleted. Logic bombs and time bombs cannot self-replicate and they can be stand-alone, or part of other malware like worms or viruses (ISECOM, 2004).
Malicious mobile code
Recent Trend in Malware
More recently, we see the emergence of hybrid threats that combine of functionality of different malwares in one package, providing hackers flexibility in method of attack. Ones cyber criminal is in control of a computer, they can do pretty much anything from collecting confidential data to sending spam, etc.
First they typically do is connect the computer with other infected computers effectively creating an effective network commonly known as a botnet. A bot, botnet if it is a network of bots, does the work or action based on the instructions of the master or controller (Hardikar, 2008). The master can control the other bots and these can be used for the purpose of accomplishing malicious tasks of the masters. Botnets aggravates the damage done by other malware attacks. These effective group of machines can be instructed by the criminals in control of the botnet to do any number of things from sending out thousands of spam messages to launching targeted attacks on specific organisations. One example of this would be distributed Denial of Service attack. This is where thousands of machines sends small amounts of data to one target to interupt the normal running of a website, email server, or any other business system.
How malware spreads
There are several ways in which malware spreads such as visiting seemingly harmless website. Hackers look for security loopholes in web servers which may hosts more than one website by hiding their codes in pages stored on the server. When someone views the website, the malware automatically transfers to the user's computer which is referred to as "drive-by" download (Reavis, 2012). Malware is also spread through traditional storage media such as CDs or USB thumb drive but the use of physical media makes the spread of the malware slower. Malware takes advantage of holes in software known as vulnerabilities to infect other devices. These vulnerabilities or bugs are found within operating system or in widely used software such as Java, Adobe PDF Reader, MS Office and other apps. These flaws are not uncommon and hackers exploit them in order to run the malware. With the ever increasing range of malware being created and multiple ways it enters networks, individuals and organizations need to ensure that computers are protected (Shelly, Vermaat, Quasney, Sebok, & Freund, 2012).
How malware evolves
When malware first emerged it simply cause damage with no financial gain, commonly referred to as cyber vandalism. This includes the deletion of file, renaming of data or the erasing of data storage media, some were designed to do nothing at all but with unintended side effects. While viruses might not have been visibly running, the victim could sometimes feel them through sluggish machine or slow internet connection.
Role in Cybercrime
Nowadays, the majority of malware is created to make money illegally, often by collecting confidential data to the victim's computer. To do this, malware is designed to install as discretely as possible. A damage offline machine is of no value to the hackers but an infected machine is a powerful asset able to perform on any number of tasks. There is always lots of speculation about the financial impact of cybercrime which cost hundreds of millions of dollars. The growing volume of attacks makes it clear that it is highly profitable for those involved in cybercrime. The number of targeted attacks is growing, such attacks are aimed at one business. The motives can vary such as to steal confidential business or customer data, damage a company's reputation, sabotage the normal running of an organisation, or even make a political statement. It is highly sophisticated but often tricking individuals into disclosing information that allows the attacker to access corporate systems. The widespread use of social networking sites and the information we post online makes it easy for to set up such attacks.
Cybercrime is using malware for profit. One objective is stealing sensitive information such as online banking logins, credit card number, or IP which is known as identity theft. Hackers use the stolen information in a number of ways such as simple theft, digitally laundering money or selling the data to other criminals. Another objective is to extort money with ransomware intended for information extortion (Olzak, 2011) .
South Korea Cyber Attack 2013
On 20th March 2013, South Korea suffered a powerful cyber-attack which affected a wide range of sectors in the country. On 1400h that day, computer networks of broadcasters KBS, MBC, and YTN, banks Shinhan, Nonghyup, Jeju and Woori, several insurance firms, an internet service provider and Korea Gas Corporation partially or completely stopped functioning from an hacking attack.
It caused the computer network of public channel KBS to be paralyzed. Cable channel YTN's broadcast editing equipment also got paralyzed not only its computer network. Shinhan Bank suffered disruptions with its computer network which slowed business in its branches. Not only that, Shinhan's Internet banking, smartphone mobile banking and ATM were affected for few hours. Nonghyup Bank's telecom network was disrupted in its branches. Korea Gas Corporation's routed networks went offline as well (Chang, 2013). Aside from that, LG U+ internet network provider's website was defaced with images of skulls and sound effects (Rashid, 2013).
The Korea Communications Commission found out hours later that hacking of unknown origin caused the massive network failures. Therefore, it raised the cyber alert level to Level 3, being Level 5 the most severe for fears of additional hacking. The government and internet security firms have identified the culprit as malware, more specifically Trojan with the help of backdoor and time bomb. The cyber-attack shows the vulnerability of computer networks and the ability of attackers to strike incognito.
Latest news on 10th April 2013 indicated that South Korea's Internet and Security Agency found out that the cyber-attack on South Korea are perpetrated by North Korean military's General Reconnaissance Bureau. The situation on the Korean peninsula is tense as threats of war are prevailing. As a proof, the investigators traced the attack to 6 North Korean PCs, even the attackers tried to mask the origin by using Internet protocol in 40 different countries (VOA News, 2013).
Malware used for the attack
The cyber-attack caused problems to at least 48,000 computers and servers of the affected parties for several days. It is also said that the victims suffered from a locked error screen on their computers which could not be restarted (Chang, 2013).
This latest large scale attack is not new at all. Cyber-attacks have hit South Korea over the past 4 years. A Distributed Denial of Service attack against South Korean networks on March 2011 was caused by "Trojan.Koredos" which overwrites specific file types and destroyed the Master Boot Record. In this latest attack, "Trojan.Jokra" caused no DDoS but only overwrites the MBR and the wipe out the data of hard drive regardless of file format. Investigators have discovered and named the Trojans as "wipers" by the nature of their work. In both cases, the Trojans deactivates the antivirus program when activated, words Roman words "PRINCIPES"and "HASTATI" was used overwrite the MBR; and some of the variant has a time bomb component of waiting for 2pm of March 20 to unleash the malware (Gallagher, 2013).
By the nature of the malware backdoor, there should be a prior incident to infect the network and come back in the future for more attacks. The backdoor was sophisticated and inflected the files discretely. The malware named "Backdoor.Proxier" which was found in the March 2013 attack was the similar one discovered, coincidentally or intentionally, during the attack on the same month of March in 2011 (Symantec Security Response, 2013).
According to the analysis and investigation conducted by internet security firm Symantec (2013), they found out that there is a connection between the Trojans and the Backdoors of 2011 and 2013. Symantec (2013) also concluded that a contractor or an employee of the affected organization was compromised and deliberately stored the malware into the computer's work folder based on forensics which eliminates the suspicion that an independent hacktivist is behind the cyber-attack.
Virus Protection Software
An antivirus software prevents, detects and removes viruses and other types of malware from the computer. The anti-malware vendor analyzes over tens of thousands of unique virus samples everyday. The nulk of these modifications of existing viruses commonly referred to as variants. Historically, antivirus solutions have worked by searching for snippets of code that identify unknown virus, worm or Trojan. These snippets or commonly known as signatures (Shelly, Vermaat, Quasney, Sebok, & Freund, 2012). The vendor adds thousands of new signatures to its database daily. There is a flood of malware in recent years, so malware protection using signatures are not sufficient anymore. These vendor provide a range of proactive technologies to secure users from malware, including heuristic analysis, sandboxing, application whitelisting, behavioral analysis etc (ISECOM, 2004). These vendor also has extensive cloud-based infrastructure security network that provides intelligence on what's happening across the internet and enables the antivirus software to deliver a more comprehensive protection. All these technologies are used in combination to ensure that even if a virus is new or unknown, it can be detected without a signature. By applying multiple layers of detection, the antivirus provider can achieve swift, accurate and comprehensive analysis, offering the best protection against all the latest threats with minimal impact to system performance (Armorize Technologies Inc., 2009).
A firewall is a software program or piece of hardware designed to permit or deny network transmissions based upon a set of rules and is used to protect networks from unauthorized access while permitting legitimate communication path. It helps keep out hackers, viruses and worms that try to reach the user's network or the internet. It is often installed between the private and public network to prevent incoming requests from directly accessing internal resources (Kurose & Ross, 2009)
Intrusion detection system
Network Intrusion Detection System or NIDS has IDS sensors installed components on the network itself which gather information off the wire. The way the sensors gather information is by being connected to the wire using a device called a tap which is like a splitter that allows the traffic to flow across the wire but at the same time a copy of everything that's going across the wire also gets sent down to the sensor. Those sensors will then send that information down to the collector which analyse the data to be a threat or not. The IDS manager can be a PC or laptop that contains clients software on it that allows the user of this computer to manage the configuration of these particular IDS devices. NIDS has the primary responsibility of protecting the whole network so any traffic coming across the network will be scoped out and analysed by the network-based system (Kurose & Ross, 2009).
Furthermore, Host Based Intrusion Detection System or HIDS has the function of protecting the very specific endpoints such as email server, file and print server, web server. Each of these servers may get attacked differently because of the way that these servers function. By putting a HIDS on the endpoints, the user can customize the way IDS works on that device to protect it from those particular types of attacks (Olzak, 2011).
Thus, both NIDS and HIDS become a relatively formidable defence against malware attacks.
How to stay protected
To avoid malware from inflecting a computer, there are few protection guidelines. First, upgrade the operating system and all of the software to the latest versions. Check for new versions regularly, and turn on automatic updates. Also, be careful not to click on links that has unknown destination or download files from a untrusted source. Similarly, the user should trust the sender before downloading email attachments or click links in an email. Finally, make sure that the computer runs up-to-date anti-virus software. If the computer is probably have malware, use antivirus software to detect and remove it. There are programs that can remove common malware, although there is a need to try more than one to catch every instance on your computer. Remember to keep all the antivirus software up-to-date.
Secure business network from malware
Data theft associated with targeted malware attacks is a growing concern for many organizations. Because these attacks abuse the privileges of people inside the organization, they can be difficult to discover and medicate.
Securing the network and all individual gadgets i.e. laptop, desktop and smartphone that connect to it is one of the most important things one can do for the business security. Weak network on the hardware endpoint security can take down the company's network. Needless to say, this can translate to loss work, missed deadlines, unhappy customers and lost revenues. In worst case, some businesses never recover from network security breaches. Here are some smart tips on how businesses secure their network and personal devises to reduce the risk and to protect the business: (Souppaya & Scarfone, 2012)
1. Enforce smart password policies
Smart differs from strict as people take shortcuts on strict. Password policies must strike the balance between the ideal and the practical.
2. Install a hardware -based network firewall
A lot of companies don't have a dedicated firewall at the network level, relying instead on the built-in Windows firewalls on their machines. Hardware firewalls such as CISCO and other leading providers will give the company significantly more protection from outside threats.
3. Always Check for Updates
Software updates often contain important security patches that will protect one against the emerging threats. Update the anti-virus tools as keeping the antivirus software current is the best way to help protect vulnerable machines from malicious software and files. When dealing with Windows platform, it is absolutely crucial to keep everything in its current as possible.
4. Use content filtering to protect from malware
There are certain phrases and keywords that should be filtered based on their history of causing problems. It is not being suspicious of employees. However, the truth is content filtering is a very effective way to eliminate exposure to malware and losses.
5. Develop Smart Telecommuting Policies
Try to limit the telecommuting and burdensome security processes, as it is a recipe for greater network vulnerability. Educating the workforce about the risks and vulnerabilities will have a greater impact and simply enforce tough restrictions.
6. Get Smart about Phishing Threat
Phishing is a type of fraud into obtaining a user's personal or confidential information and typically involve some sort of fraudulent email or social media message designed to lure a user to a spoof website. Many businesses are complacent about phishing as studies shown.
7. Browse Smarter
The browser application used to view pages on the web is a common point of weakness exploited by malware so it is very important to use the right browser and avoid loading add-ons developed by unknown third parties because these add-ons often contain even more vulnerabilities and in some cases are actively harmful themselves.
Few people agree on the safest browser to use but most agree that using outdated browser is asking for trouble whether is an old version of Microsoft Internet Explorer, Google Chrome or Apple Safari.
In closing, securing the business network and personal devises can be a constant battle. Given the stake, its worth fighting for. With the right tools and strategies, the network will be much safer place for productivity.