Malware (malicious software)

Malware, or malicious software, is any program or file that is harmful to a

computer user.

Types of malware can include computer viruses, worms, Trojan horses and
spyware. These malicious programs can perform a variety of different
functions such as stealing, encrypting or deleting sensitive data, altering or
hijacking core computing functions and monitoring users' computer activity
without their permission.

History

The term malware was first used by computer scientist and security
researcher Yisrael Radai in 1990. However, malware existed long before this.
One of the first known examples of malware was the Creeper virus in 1971,
which was created as an experiment by BBN Technologies engineer Robert
Thomas. Creeper was designed to infect mainframes on ARPANET. While the
program did not alter functions, or steal or delete data, the program moved
from one mainframe to another without permission while displaying a teletype
message that read, "I'm the creeper: Catch me if you can." Creeper was later
altered by computer scientist Ray Tomlinson, who added the ability to self-
replicate to the virus and created the first known computer worm. The concept
of malware took root in the technology industry, and examples of viruses and
worms began to appear on Apple and IBM personal computers in the early
1980s before becoming popularized following the introduction of the World
Wide Web and the commercial internet in the 1990s.
How malware works

Malware authors use a variety of physical and virtual means to spread

malware that infect devices and networks.

For example, malicious programs can be delivered to a system with a USB

drive or can spread over the internet through drive-by downloads, which
automatically download malicious programs to systems without the user's
approval or knowledge.

Phishing attacks are another common type of malware delivery where emails
disguised as legitimate messages contain malicious links or attachments that
can deliver the malware executable to unsuspecting users. Sophisticated
malware attacks often feature the use of a command-and-control server that
allows threat actors to communicate with the infected systems, exfiltrate
sensitive data and even remotely control the compromised device or server.

Emerging strains of malware include new evasion and obfuscation techniques

that are designed to not only fool users but security administrators and anti-
malware products as well. Some of these evasion techniques rely on simple
tactics, such as using web proxies to hide malicious traffic or source IP
addresses. More sophisticated threats include polymorphic malware, which
can repeatedly change its underlying code to avoid detection from signature-
based detection tools, anti-sandbox techniques, which allow the malware to
detect when it is being analyzed and delay execution until after it leaves the
sandbox, and file less malware, which resides only in the system's RAM in
order to avoid being discovered.
Common types of malware

Different types of malware contain unique traits and characteristics.

Types of malware include:

 A virus is the most common type of malware which can execute itself and
spread by infecting other programs or files.

 A worm can self-replicate without a host program and typically spreads

without any human interaction or directives from the malware authors.

 A Trojan horse is designed to appear as a legitimate program in order to

gain access to a system. Once activated following installation, Trojans can
execute their malicious functions.

 Spyware is made to collect information and data on the device user and
observe their activity without their knowledge.
 Ransomware is designed to infect a user's system and encrypt the data.
Cybercriminals then demand a ransom payment from the victim in
exchange for decrypting the system's data.

 A rootkit is created to obtain administrator-level access to the victim's

system. Once installed, the program gives threat actors root or privileged
access to the system.

 A backdoor virus or remote access Trojan (RAT) secretly creates

a backdoor into an infected system that allows threat actors to remotely
access it without alerting the user or the system's security programs.

 Adware is used to track a user’s browser and download history with the
intent to display pop-up or banner advertisements that lure the user into
making a purchase. For example, an advertiser might use cookies to track
the web pages a user visits to better target advertising.

 Keyloggers, also called system monitors, are used to see nearly everything
a user does on their computer. This includes emails, opened web-pages,
programs and keystrokes.

Mobile malware

Malware can also be found on mobile phones and can provide access to the
device's components such as the camera, microphone, GPS or
accelerometer. Malware can be contracted on a mobile device if the user
downloads an unofficial application or if they click on a malicious link from an
email or text message. A mobile device can also be infected through a
Bluetooth or Wi-Fi connection.

Malware is found much more commonly on devices that run the Android OS
comparatively to iOS devices. Malware on Android devices is usually
downloaded through applications. Signs that an Android device is infected
with malware include unusual increases in data usage, a quickly dissipating
battery charge or calls, texts and emails being sent to the device contacts
without the user's knowledge. Similarly, if a user receives a message from a
recognized contact that seems suspicious, it may be from a type of a mobile
malware that spreads between devices.

Apple iOS devices are rarely infected with malware because Apple carefully
vets the applications sold in the App Store. However, it is still possible for an
iOS device to be infected by opening an unknown link found in an email or
text message. iOS devices will become more vulnerable if jailbroken.

How to detect and remove malware

A user may be able to detect malware if they observe unusual activity such as
a sudden loss of disc space, unusually slow speeds, repeated crashes or
freezes or an increase in unwanted internet activity and popup
advertisements. An antivirus tool may also be installed on the device that
detects and removes malware.These tools can either provide real-time
protection or detect and remove malware be executing routine system scans.

Windows Defender, for example, is a Microsoft anti-malware software which is

included inWindows 10 operating system (OS) under Windows Defender
Security Center. Windows Defender protects against threats such as spyware,
adware and viruses. Users can set automatic “Quick” and “Full” scans, as well
as set low, medium, high and severe priority alerts.

Malware bytes is another anti-malware tool which can remove malware from
Windows, macOS, Android and iOS platforms. Malwarebytes can scan
through a user’s registry files, running programs, hard drives and individual
files. If detected, malware can then be quarantined and deleted. However,
users cannot set automatic scanning schedules.
Virus(Vital Information
Resources Under Seize)
 VIRUS
• Computer Virus is a kind of malicious software
written intentionally to enter a computer
without the user’s permission or knowledge,
with an ability to replicate itself, thus
continuing to spread. Some viruses do little
but replicate others can cause severe harm or
adversely effect program and performance of
the system.
 Types of VIRUS and Related Threats
Resident Viruses
This type of virus is a permanent which lives in the
RAM memory. From there it can overcome and
interrupt all of the operations executed by the
system like:
corrupting files and programs
that are opened, closed, copied,
renamed etc.
Examples include: Randex, CMJ, Meve, and
MrKlunky.
 Boot Virus
This type of virus affects the boot sector of a floppy or
hard disk. This is a crucial part of a disk, in which
information on the disk itself is stored together with a
program that makes it possible to boot (start) the
computer from the disk.
The best way of avoiding boot viruses is to ensure that
floppy disks are write-protected and never start your
computer with an unknown floppy disk in the disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

 Macro Virus
Macro viruses infect files that are created using
certain applications or programs that contain
macros. These mini-programs make it possible to
automate series of operations so that they are
performed as a single action, thereby saving the
user from having to carry them out one by one.

Examples of macro viruses: Relax, Melissa.A,

Bablas, O97M/Y2K.
 Polymorphic Virus
• Polymorphic viruses encrypt or encode
themselves in a different way (using different
algorithms and encryption keys) every time they
infect a system. This makes it impossible for anti-
viruses to find them using string or signature
searches (because they are different in each
encryption) and also enables them to create a
large number of copies of themselves.

Examples include: Elkern, Marburg, Satan Bug, and

Tuareg.
 Parasitic Viruses
Parasitic viruses modify the code of the infected file.
The infected file remains partially or fully functional.Parasitic
viruses are grouped according to the section of the file they
write their code to:
• Prepending: the malicious code is written to the beginning
of the file
• Appending: the malicious code is written to the end of the
file
• Inserting: the malicious code is inserted in the middle of
the file.
Inserting file viruses use a variety of methods to write code
to the middle of a file: they either move parts of the
original file to the end or copy their own code to empty
sections of the target file.
 WORMS
• A computer worm is a self-replicating
computer program.
It uses a network to send copies of itself to
other nodes (computers on the network) and
it may do so without any user intervention.
Unlike a virus, it does not need to attach itself
to an existing program.
 LOGIC BOMB
A Logic Bomb is a piece of code intentionally
inserted into a software system that will set off a
malicious function when specified conditions
are met. For example, a programmer may hide a
piece of code that starts deleting files (such as
the salary database trigger.
 TROJAN HORSE
Trojan Horse is a program downloaded and installed on
a computer that appears harmless, but is, in fact,
malicious.
Unexpected changes to computer settings and unusual
activity, even when the computer should be idle, are
strong indications that a Trojan is residing on a computer.
The Trojan horse is hidden in an innocent-looking email
attachment or free download. When the user clicks on
the email attachment or downloads the free program,
the malware that is hidden inside is transferred to the
user's computing device. Once inside, the malicious
code can execute whatever task the attacker designed it
to carry out.
 MALWARE (Malicious Software)
Malware is a
software designed
to infiltrate or
damage a computer
system without the
owner's informed
consent.
 SPYWARE
Spyware is computer software that is installed
surreptitiously on a personal computer to collect
information about a user, their computer or
browsing habits without the user's informed
consent.
Any software can be classified as spyware if it is
downloaded without the user's authorization. it
can violate the end user's privacy
 Spyware
Spyware is software that is installed on a computing device without the end
user's knowledge. Any software can be classified as spyware if it is
downloaded without the user's authorization. Spyware is controversial
because even when it is installed for relatively innocuous reasons, it can
violate the end user's privacy and has the potential to be abused.

Spyware can be difficult to detect; often, the first indication a user has that a
computing device has been infected with spyware is a noticeable reduction in
processor or network connection speeds and in the case of mobile devices --
data usage and battery life. Anti-spyware tools can be used to prevent or
remove spyware. Anti-spyware tools can either provide real-time protection by
scanning network data and blocking malicious data, or detect and remove
spyware already on a system by executing scans.

To prevent spyware, users should only download software from trusted

sources, read all disclosures when installing software, avoid clicking on pop-
up ads and stay current with updates and patches for browser , operating
system and application software. To reduce the probability of infection,
network administrators should practice the principle of least privilege (POLP)
and require remote workers to access network resources over a virtual private
network (VPN) that runs a security scan before granting access privileges.
Types of spyware

Spyware is not just one type of program. It's an entire category of malicious
software that includes adware, Trojans, keystroke loggers, and information
stealing programs.

Adware - Malicious adware is often bundled in with free

software, shareware programs and utilities downloaded from the internet, or
surreptitiously installed onto a user's device when the user visits an infected
website. Many internet users were first introduced to spyware in 1999 when a
popular freeware game called "Elf Bowling" came bundled with tracking
software. Adware is often flagged by antimalware programs as whether the
program in question is malicious or not.

Cookies that track and record users' personal information and internet
browsing habits are one of the most common types of adware. An advertiser
might use cookies to track what web pages a user visits in order to target
advertising in a contextual marketing campaign. For example, an advertiser
could track a user’s browser history and downloads with the intent to display
pop-up or banner advertisements to lure the user to make a
purchase. Because data collected by spyware is often sold to third parties,
regulations such as GDPR (General Data Protection Regulation) have been
enacted to protect the personally identifiable information (PII) of website
visitors.

Keyboard loggers - Keyloggers are a type of system monitor that are often
used by cybercriminals to steal personally identifiable information (PII), login
credentials and sensitive enterprise data. Keyloggers may also be used by
employers to observe employees' computer activities, parents to supervise
their children's internet usage, users to track possible unauthorized activity on
their devices or law enforcement agencies to analyze incidents involving
computer use.

Hardware keyloggers resemble a USB flash drive and serve as a physical

connector between the computer keyboard and the computer, while software
keylogging programs do not require physical access to the user's computer for
installation. Software keyloggers can be downloaded on purpose by someone
who wants to monitor activity on a particular computer, or they be downloaded
unwittingly and executed as part of a rootkit or remote administration Trojan
(RAT).

Trojans - Trojans are typically malicious software programs that are disguised
as legitimate programs. A victim of a Trojan could unknowingly install a file
posing as an official program, allowing the Trojan to have access to the
computer. The Trojan can then delete files, encrypt files for ransom or allow
others to have access to the user’s information.

Mobile spyware - Mobile spyware is dangerous because it can be transferred

through Short Message Service (SMS) or Multimedia Messaging Service
(MMS) text messages and typically does not require user interaction to
execute commands. When a smartphone or tablet gets infected with mobile
spyware that was sideloaded with a third party app, the phone's camera and
microphone can be used to spy on nearby activity, record phone calls, log
browsing activity and keystrokes. The device owner's location can also be
monitored through GPS or the mobile computing device's accelerometer.

Anti-spyware tools

Malware bytes is an anti-malware/spyware tool which can remove spyware

from Windows, macOS, Android, and iOS. Malware bytes can scan through
registry files, running programs, hard drives, as well as individual files. Once a
spyware program is detected, a user can quarantine and delete it. However,
users can’t set up automatic scanning schedules.

Trend Micro House Call is another anti-spyware tool which doesn’t require
user installation. Because it doesn’t require an installation, HouseCall uses
minimal processor and memory resources, as well as disk space. Users
cannot set automatic scans, however.

Windows Defender is an anti-malware Microsoft product included in Windows

10 operating system (OS) under Windows Defender Security Center. The
software is a lightweight, anti-malware tool that protects against threats such
as spyware, adware and viruses. Windows Defender includes multiple
features such as Application Guard, Exploit Guard, Advanced Threat
Protector and Analytics. Windows Defender users can set automatic “Quick”
and “Full” scans, as well as set alerts for low, medium, high and severe
priority items.