IT1914

Ontology of Malware
Spyware
Spyware is unwanted software that infiltrates a computing device and steals Internet usage data and sensitive
information. It is classified as a type of malware (or malicious software) designed to gain access or damage
computers, often without one’s knowledge. It also gathers personal information and relays it to advertisers,
data firms, or external users.
Spyware is used for many purposes. Usually, it aims to track and sell Internet usage data, capture credit card
or bank account information, or steal an identity. It monitors Internet activity, tracks login and password
information, and spies on sensitive information. It is, therefore, a threat to businesses and individual users
since it can steal data and harm the network.
Some types of spyware can install additional software and change the settings on a device. As such, always
use secure passwords and keep devices updated.
There have been many victims of identity theft or credit card fraud. In fact, cybercrime statistics mention that:
• According to Norton Cyber Security Insights Report Global Results (authored by Symantec employee,
2017), a total of 978 million people in 20 countries were affected by cybercrime in 2017.
• Victims of cybercrime globally lost $172 billion.
• According to Philippine Star, data from the Philippine National Anti-Cybercrime Group (ACG) showed
that 4,103 cybercrimes were recorded in 2018, higher by 79.64 percent when compared to 2017
where 2,284 cases were reported.
There are four (4) main types of spyware that will be discussed on the succeeding topics: adware, Trojan,
tracking cookies, and system monitors. Each uses unique tactics to track a user.

How Devices Get Spyware

Spyware can affect PCs, MACs, and iOS or Android devices. Although Windows operating systems may be more
susceptible to attacks, attackers are becoming better at infiltrating Apple’s operating systems as well. Some
of the most common ways a computer can become infected with spyware include the following:
• Accepting a prompt or pop-up without reading it first.
• Downloading software from an unreliable source.
• Opening e-mail attachments from unknown senders.
• Pirating media such as movies, music, or games.

How to Recognize Spyware on a Device

Spyware can be difficult to recognize on a device. By its nature, it’s meant to be deceptive and hard to find.
But some clues can help a user identify whether the device has been infected by spyware. A device may have
a spyware issue if it shows these symptoms:
• The device is slow and crashes unexpectedly.
• The device is running out of hard drive space.
• There are pop-ups when a user is online or offline.

How to Prevent Spyware

• Do not open e-mails from unknown senders.
• Do not download files from untrustworthy sources.
• Do not click on pop-up advertisements.
• Use reputable antivirus software.

06 Handout 1 *Property of STI

 [email protected] Page 1 of 5
 IT1914

Adware
Adware is the unwanted software designed to throw advertisements up on the screen, most often within a
Web browser. Some security professionals view it as the forerunner of the modern-day PUP (potentially
unwanted program). Typically, it uses an underhanded method to either disguise itself as legitimate or
piggyback on another program to trick a user into installing it on a PC, tablet, or mobile device.
Here are a few typical telltale signs that a device has adware in its system:
• Advertisements appear in places they shouldn’t be.
• The Web browser’s homepage has mysteriously changed without the user’s permission.
• The typically visited Web pages are not displaying properly.
• Website links redirect to sites different from what is expected.
• The Web browser slows to a crawl.
• New toolbars, extensions, or plugins suddenly populate the browser.
• MAC starts automatically installing unwanted software applications.
• The browser crashes.

How Devices Get Adware

• Downloading a program that is usually freeware or shareware quietly installs adware without the
user’s knowledge or permission. That is because the program’s author signed up with the adware
vendor.
• Insidious, a user is visiting a website. S/He may think it is a trusted site, but it is a sketchy one. It can
be infected with adware, which takes advantage of a vulnerability in the user’s Web browser to deliver
a drive-by download. After it burrows in, the adware starts collecting the user’s information,
redirecting him/her to malicious websites and throwing more advertisements into the browser.

How to Prevent Adware

• Use caution and practice safe computing. That means thinking twice before immediately downloading
and installing any new software – especially freeware. Read the terms and conditions like a lawyer
before agreeing to them, and quit out the download process if anything smells like permission to load
adware. Avoid torrent sites, illegal downloads, and never open an app from an unknown source, even
if it comes to you and the guise of known email contact.
• Finally, even before all the above precautions, download a reputable cybersecurity program for your
PC or mobile phone. Perform scans frequently, and keep your updates up to date.

Rootkits
A rootkit is a clandestine computer program designed to provide continued privileged access to a computer
while actively hiding its presence. The term “rootkit” is a combination of the words “root” and “kit.” Originally,
a rootkit was a collection of tools that enabled administrator-level access to a computer or network. “Root”
refers to the admin account, and “kit” refers to the software components that implement the tool. Today,
rootkits are generally associated with malware such as Trojans, worms, viruses that conceal their existence
and actions from users, and other system processes.
A rootkit allows someone to maintain command and control over a computer without the user/owner knowing
about it. Once a rootkit has been installed, the controller of the rootkit can remotely execute files and change
system configurations on the host machine. A rootkit on an infected computer can also access log files and spy
on the legitimate computer owner’s usage.

06 Handout 1 *Property of STI

 [email protected] Page 2 of 5
 IT1914

Rootkit Detection
It is difficult to detect rootkits. There are no commercial products available that can find and remove all known
unknown rootkits, although there are various ways to look for a rootkit on an infected machine. Detection
methods include behavioral-based methods, signature scanning, and memory dump analysis. Often, the only
option to remove a rootkit is to rebuild the compromised system completely.

Rootkit Protection
Many rootkits penetrate computer systems by piggybacking with a trusted software or with a virus. A system
can be safeguarded from rootkits by ensuring it is kept patched against known vulnerabilities. This includes
patches from the operating systems, applications, and up-to-date virus definitions. Additionally, don’t accept
files or open e-mail file attachments from unknown sources.
Static analysis can detect backdoors and other malicious insertions such as rootkits. Enterprise developers, as
well as IT departments buying ready-made software, can scan their applications to detect threats including
special and hidden-credential backdoors.

Well-Known Rootkit Examples

• Lane Davis and Steven Dake – They wrote the earliest known rootkit in the early 1900s.
• NTRootkit – This is one of the first malicious rootkits targeted at Windows OS.
• HackerDefender – This early Trojan altered/augmented the OS at a very low level of function calls.
• Machiavelli – This is the first rootkit that targeted Mac OS and appeared in 2009. This rootkit creates
hidden system calls and kernel threads.
• Greek wiretapping – In 2004/05, intruders installed a rootkit that targeted Ericsson’s AXE PBX.
• Zeus – First identified in July 2007, this is a Trojan horse that steals banking information by man-in-
the-browser keystroke logging and form grabbing.
• Stuxnet – This is the first known rootkit for industrial control systems.
• Flame – This is a computer malware discovered in 2012 that attacked computers running Windows
OS. It can record audio, screenshots, keyboard activity, and network traffic.

Ransomware
Ransomware is a form of malicious software that, once it’s taken over the computer, threatens with harm
usually by denying the user access to his/her data. The attacker demands a ransom from the victim, promising–
not always truthfully–to restore access to the data upon payment.
Users are shown instructions on how to pay a fee to get the decryption key. The costs can range from a few
hundred dollars to thousands, payable to cybercriminals in Bitcoin.

Targets of Ransomware
• There are several different ways attackers choose the organizations they target with ransomware. For
instance, attackers might target universities because they tend to have smaller security teams and a
disparate user base that does a lot of file sharing, making it easier to penetrate their defenses.
• Some organizations are tempting targets because they seem more likely to pay a ransom quickly. For
instance, government agencies or medical facilities often need immediate access to their files. Law
firms and other organizations with sensitive data may be willing to pay to keep news of a compromise
quiet; these organizations may be uniquely sensitive to leakware attacks.

How to Prevent Ransomware

• Keep the operating system patched and up-to-date to ensure there are fewer vulnerabilities to exploit.

06 Handout 1 *Property of STI

 [email protected] Page 3 of 5
 IT1914

• Don’t install software or give it administrative privileges unless you know exactly what is and what it
does.
• Install antivirus software that detects malicious programs like ransomware as they arrive and
whitelisting software which prevents unauthorized applications from executing in the first place.
• Back up files frequently and automatically. This will not stop malware attacks, but it can make the
damage caused by one much less significant.

Worms
A computer worm is a type of malware that spreads copies of itself from a computer. A worm replicates itself
without any human interaction and does not need to attach itself to a software program to cause damage.
How to Tell if the Computer Has a Worm
• Keep an eye on the hard drive space. When worms repeatedly replicate themselves, they start to use
up the free space on the computer.
• Monitor speed and performance.
• Be on the lookout for missing or new files. One of the functions of a worm is to delete and replace files
on a computer.

How to Prevent Computer Worms

• Since software vulnerabilities are major infection vectors for computer worms, make sure that the
computer’s operating system and applications are up to date with the latest versions. Install these
updates as soon as they’re available because updates often include patches for security flaws.
• Phishing is another popular way for hackers to spread worms. Always be extra cautious when opening
unsolicited e-mails, especially those from unknown senders that contain attachments or dubious links.
• Be sure to invest in a strong Internet security software solution that can help block these threats. A
good product should have an anti-phishing technology, as well as defenses against viruses, spyware,
ransomware, and other online threats.

Trojan Horses
Trojan horse is a type of malicious code or software that looks legitimate but can take control of one’s
computer. A Trojan is designed to damage, disrupt, steal, or inflict some other harmful action on tour data or
network in general.
A Trojan acts like a bona fide application or file to trick a user. It seeks to deceive users into loading and
executing the malware on their device. Once installed, a Trojan can perform the action for which it was
designed.

How to Prevent Trojans

• Computer security begins with installing and running an Internet security suite. Run periodic
diagnostic scans on the software. It may be set up, so the program runs scans automatically during
regular intervals.
• Update the operating system’s software as soon as updates are made available from the software
company. Cybercriminals tend to exploit security holes in outdated software programs. In addition to
operating system updates, check for updates on other software that are used on the computer as well.
• Protect accounts with complex, unique passwords. Create a unique password for each account using
a complex combination of letters, numbers, and symbols.
• Keep personal information safe with firewalls.

06 Handout 1 *Property of STI

 [email protected] Page 4 of 5
 IT1914

• Back up files regularly. If a Trojan infects the computer, this will help in restoring data.
• Be careful with e-mail attachments. To help stay safe, scan an e-mail attachment first.

Backdoors
Backdoor is a type of malware that negates normal authentication procedures to access a system. As a result,
remote access is granted to resources within an application, such as databases and file servers, giving
perpetrators the ability to issue system commands remotely and update malware.
Backdoor installation is achieved by taking advantage of vulnerable components in a Web application. Once
installed, detection is difficult as files tent to be highly obfuscated.
Web server backdoors are used for several malicious activities, including:
• Data theft • Distributed Denial-of-Service attacks
• Website defacing • Infecting website visitors
• Server hijacking • Advanced persistent threat

How to Prevent Backdoors

• Change your default passwords. The hardworking people in a company’s IT department never
intended for “guest” or “12345” to be the actual password. If the default password is left in place, the
user has unwittingly created a backdoor.
• Monitor network activity. Any weird data spikes could mean someone is using a backdoor on the
system. To stop this, use firewalls to track inbound and outbound activities from various applications
installed on the computer.
• Choose applications and plugins carefully. Cybercriminals like to hide backdoors inside of seemingly
benign, free applications and plugins. The best defense is to make sure that application and plugin are
from reputable sources.
• Use a good cybersecurity solution. Any good anti-malware solution should be able to stop
cybercriminals from deploying the Trojans and rootkits used to open up those backdoors. For example,
if a website has cybersecurity solutions for Windows, Mac, and Chromebook, then all the devices can
stay protected.

References:
Adware. (n.d). In Malwarebytes. Retrieved from https://www.malwarebytes.com/adware/ on May 14, 2019
Backdoor. (n.d). In Imperva. Retrieved from https://www.imperva.com/learn/application-security/backdoor-shell-attack/ on May 14, 2019
Tupas, E. (2019, March 29). Cybercrime up by 80% in 2018. Retrieved from https://www.philstar.com/headlines/2019/03/29/1905544/cybercrimes-
80-2018
Fruhlinger, J., (2018, December 19). What is a ransomware? How these attacks work and how to recover from them. CSO Security News. Retrieved
from https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html on May 14, 2019
Fruhlinger, J., (2019, May 9). What is phishing? How this cyber-attack works and how to prevent it. CSO Security News. Retrieved from
https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html on May 14, 2019
Kim, D. & Solomon M. (2018). Fundamentals of information systems security (3rd ed.). Massachusets: Jones & Bartlett Learning
Knapen, R., (2018, June 13). 20 interactive teaching activities for the interactive classroom [Web log post]. Retrieved from
https://www.bookwidgets.com/blog/2018/06/20-interactive-teaching-activities-for-in-the-interactive-classroom on May 15, 2019
Kostopoulus, G.K. (2018). Cyberspace and Cybersecurity (2nd ed.). Boca Raton, FL: Taylor and Francis Group
Maina, A., (2017, February 16). What is spamming? Hint: It involves more than just email [Web log post]. Retrieved from
https://smallbiztrends.com/2017/02/what-is-spamming.html on May 14, 2019
Rootkit. (n.d). In Veracode. Retrieved from https://www.veracode.com/security/rootkit on May 14, 2019
What is a computer worm, and how does it work? (n.d). In Norton™. Retrieved from https://us.norton.com/internetsecurity-malware-what-is-a-
computer-worm.html on May 14, 2019
What is spyware? And how to remove it. (n.d). In Norton™. Retrieved from https://us.norton.com/internetsecurity-how-to-catch-spyware-before-it-
snags-you.html on May 14, 2019
What is a Trojan? Is it a virus or is it malware? (n.d). In Norton™. Retrieved from https://us.norton.com/internetsecurity-malware-what-is-a-
trojan.html on May 14, 2019

06 Handout 1 *Property of STI

 [email protected] Page 5 of 5