12. Malware Types: Virus, Worm, Trojan, Ransomware etc

Almost everyone knows what is a computer virus, but only a few of you are aware of the term malware. A computer virus is a type of malware. Malware corroborates computer viruses, worms, Trojan horses, spyware, ransomware and far more. Now Let’s see different types of malware including the Wannacry; a form of ransomware.

What is a Malware?

  • Malicious software‘s short term is Malware
  • Malware is the biggest term used to refer to multiple forms of hostile or intrusive software such as Ransom wares, Computer Viruses, Worms, Trojan Horses, Adware, Spyware, Scareware etc.
  • This can be any file or program that is harmful to a computer user.
  • The term intents for that software that is having malicious intent.
  • Malware can be deployed even remotely on which you will have no control, and tracking the source of it, is quite a tough task.
  • It may take the form of scripts, executable code, active content, and other software.
  • These malicious programs can play multiple functions, including encrypting or deleting sensitive data, stealing, modifying or hijacking your core computing functions and can also indulge in monitoring users’ computer activity without their permission.
  • This combination has allowed commercial malware service providers to supply high black markets for both malware and the information that it collects.

Evolution of Malware

  • IT-driven technologies allowed Computer-enabled fraud along with service theft that was evolved in parallel.
  • The term malware was first used by computer scientist and security research YisraelRadai in 1990.
  • Before the term malware, malicious software was noted as computer viruses.
  • One of the first recognized examples of malware was the Creeper virus in 1971, that was created by BBN technologies engineer Rober Thomas as an experiment.

What is the purpose of creating a Malware?

  • In the beginning, it started as a prank among various software developers. However, after that, malware converted into a full-fledged industry of black and white market.
  • Black hat hackers use malware or even a few governments for monitoring their targets.
  • Organised crime syndicates and state-sponsored espionage agents creates the demand for sophisticated malware to be created.

Malware is typically used for:

  1. To steal information that can be steadily monetized. It includes login credentials, credit card and bank account numbers, and intellectual property such as computer software, financial algorithms, and trade secrets.
  2. To ransom money in Bitcoin, for example, Wannacry Ransomware.
  3. To spy on computer users for a long period without their know-how, for example, Reign Malware.
  4. It may be created to cause harm, often as sabotage, for example, Stuxnet.
  5. Extort payment for example Cryptolocker.

List of Common Malware types:

  • Adware: The least dangerous and most lucrative Malware. Adware displays ads on your computer.
  • Spyware: Spyware is software that spies on you, tracking your internet activities in order to send advertising (Adware) back to your system.
  • Virus: A virus is a contagious program or code that attaches itself to another piece of software, and then reproduces itself when that software is run. Most often this is spread by sharing software or files between computers.
  • Spam: Spamming is a process under which copies of the same message have flooded the website. Many spams are commercial advertisements sent to users as an unwanted response. Spam is sometimes referred to as e-spam electronics or spam newsgroup messages. These spam e-mails are really annoying, as it keeps your inbox full every day.
  • Worm: A program which replicates and destroys computer data and files. Worms “ate” files and data files on the device until the disk is empty
  • Trojan: A Trojan or Trojan horse is a kind of malware that is mostly dressed up as legitimate software. Trojans are written in order to locate the financial records, steal device resources of the computer and establish a “detrimental-of-service attack” on large systems that would not require a machine or network resource to be accessed. Example: Google, AOL, Yahoo or your network are not available. 
  • Backdoors: Backdoors are much the same as Trojans or worms, except that they open a “backdoor” on a computer, providing a network connection for hackers or other Malware to enter or for viruses or SPAM to be sent.
  • Rootkit: That is like the burglar hiding in the dungeon trying to pick you up, when you’re not around. There are also specialists who suggest that you erase the hard drives entirely and reinstall them all, which makes it impossible for any malware to find and thereby remove. It is intended to enable the compilation of certain malware details to get your computer’s identity data without you knowing it.
  • Keyloggers: Records everything you type on your computer to glean and send it to the keylogging program source for your login, your passwords and other sensitive information. Keyloggers are also used to collect computer usage information from businesses and parents.
  • Rogue security software: This one deceives or misleads users. It pretends to be a good program to remove Malware infections, but all the while it is the Malware. Often it will turn off the real Anti-Virus software.
  • Ransomware: If you see this screen that warns you that you have been locked out of your computer until you pay for your cybercrimes. Your system is severely infected with a form of Malware called Ransomware. Even if you pay to unlock the system, the system is unlocked, but you are not free of it locking you out again.
  • Browser Hijacker: You may have been compromised with one or the other user hijacker as the homepage changes to one that looks like the one in the pictures that are added next. This harmful malware redirects your regular search operation to send developers the results that they want. It’s about earning money from the web surfing. eWith using the homepage and not removing the malware enables  developers are able to catch your surfing preferences.

How does a Malware spread?

Cybercriminals continuously devise innovative resources to get malware into the computer. Here are some of the most common ways of spreading:

  • Email: The usage of malware attachments and links by cybercriminals tends to be assumed to originate from friends, respectable institutions or other trustworthy sources. Any fraudulent emails may also corrupt your device without your opening or uploading some attachment or link from the preview pane of the email client.
  • The Internet: Surfing the Web may feel like a private activity, but, you’re prone to unwanted contact with anyone else who has a computer and Internet access.
  • Outdated software: Malwares can crawl the Internet, looking for vulnerabilities of outmoded software to spread its influence over computer systems.
  • Local Area Networks (LANs): A LAN is a group of locally connected computers. It shares information over a private network. If one computer becomes infected with malware, all other computers in the LAN may quickly become impacted as well.
  • Instant messaging (IM) and peer-to-peer (P2P) file-sharing systems: If one is using a client for these online activities, malware may spread to your computer.
  • Social networks: Malware developers profit from various common social networks and use worms to infect large user data networks. When a social website account is tainted by a virus, it may be “caught” by someone viewing a poster profile page on their system.
  • Pop-ups: Some of the most advanced malware spreads through disguised displays like true alerts or messages. One especially devious and widespread “hoax pop-up” claims that your computer has scanned and malware detected. You’ll actually install the malware if you try to remove it as soon as you need it.
  • Computer storage media: Malware can be easily spread if you share computer storage media with others, such as USB drives, DVDs, and CDs. While it may seem safe to open a CD of photos from a colleague, it’s always best to scan unfamiliar files first for possible corruptions or security risks before you copy or open them.
  • Mobile devices: Mobile malware threats have become increasingly prevalent, as more people use their smartphones and tablets as mini-computers, helping malware problems proliferate across additional platforms.

Recent case of Malware attack: WannaCry

In 2017 May, there was a massive global ransomware attack. The attack infected more than 230,000 computers in 150 countries including India, demanding ransom payments in bitcoin in 28 languages.

What is WannaCry?

  • WannaCry is Encrypting Ransomware or Crypto Locker type of ransomware that is programmed to attack Microsoft Windows software.
  • According to some statistics, hackers extorted business and institutions for more than $209 million in Ransomware payments in the first three months of 2016. The business of Ransomware is on pace to be a $1 billion a year crime.
  • Shadow Brokers: People (Hackers) behind these attacks call themselves by this term.

Severely affected:

  • Britain’s National Health Service (NHS),
  • Spain’s Telefónica,
  • FedEx (USA)
  • Deutsche Bahn
  • Several plants of carmakers Renault and Nissan had stopped production in France and England due to the malware,
  • The Russian Interior Ministry had reported about 1,000 computers.
  • Affected Areas in India: Andra Pradesh, Kerala, some Pharma companies and over 48,000 attempts of ransomware attacks were detected in India. 60% of the attempts targeted enterprises, while 40% targeted individual customers said a cyber-security firm, Quick Heal Technologies.

What is the Origin of Wannacry attack?

  • It is said by Wikileaks that National Security Agency (NSA) of USA had these methods to have monitored over subjects.
  • This loophole was recently leaked by WikiLeaks.
  • The same vulnerability of Windows Operating system was used by ransomware.
  • However, Microsoft had released the security patches for the same earlier.

What does it do the computer?

  • Some variants of ransomware encrypt data in such a way that it is impossible to decrypt unless the user has an encryption key. These are called ‘Encrypting Ransomware’ that incorporate advanced encryption methods.
  • Another type of ransomware that is frequently circulated is Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. CryptoLocker, like WannaCry, is a malware when injected into a host system, scans the hard drive of the victim and targets specific file extensions and encrypts them.

How does it spread?

  • Wannacry encrypts the files on an infected computer.
  • It spreads by using a vulnerability in implementations of Server Message Block (SMB) of Windows systems. This exploit is known as ETERNALBLUE.
  • It encrypts hard disk/drive and then spread laterally between computers on the same LAN.
  • It also spreads through the malicious Email-attachment.

How to remain protected from ransomware?

  • Regular Data Backup: This helps restore the last saved data and minimise data loss. Ransomware also attacks servers; hence it is important to have a backup on a disconnected hard drive or external device on the pre-defined regular basis.
  • Prevention: With password-protected tools, some file extensions like “.exe” or “zip” “are identified and filtered to prevent the infiltrations of malware.   The exchange level should also be screened in e-mails that are suspicious. Several applications are now used to identify malware entry with zero-day protection features that are programmed to mimic attacks and remove attacks. Users and organizations do need to make sure the secret file extension is shown as finding them is easier.
  • User awareness: Awareness among users needs to be created to avoid opening the unsolicited attachment. Malware is typically designed to mimic identities of people that users interact with on a regular basis either on a personal or professional level.
  • Rules in IPS: It’s necessary to create rules in the Intrusion Prevention Software (IPS) to discard or disallow the opening of files with extension “.exe” from local App data folders or AppData.
  • Regular patch and upgrades: To prevent leaks or vulnerabilities in software, ensure to regularly update the software versions and apply patches released by the vendor. These patches and version are often released to wrestle with known or newly discovered exploits and can prevent known signatures of these malware, Trojans or ransomware to enter the system.
  • Install and run anti-malware and firewall software. When selecting software, choose a program that offers tools for detecting, quarantining, and removing multiple types of malware.
  • The combination of anti-malware software and a firewall will ensure that all incoming and existing data gets scanned for malware and that malware can be safely removed once detected.
  • Keep software and operating systems up to date with current vulnerability patches. These patches are often released to patch bugs or other security flaws that could be exploited by attackers.
  • Be vigilant when downloading files, programs, attachments, etc. Downloads that seem strange or are from an unfamiliar source often contain malware.

Some Initiatives by Government of India:

  • National Cyber Security Policy 2013: Indian Government already have a National Cyber Security Policy in place. The National Cyber Security Policy document outlines a roadmap to create a framework for comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country.
  • Computer Emergency Response Team (CERT-In) has been designated to act as a nodal agency for coordination of crisis management efforts. CERT-In will also act as an umbrella organisation for coordination actions and operationalization of sectoral CERTs. CERT-in will also issue early warnings.
  • Cyber Swachhta Kendra: The “Cyber Swachhta Kendra” is a Botnet Cleaning and Malware Analysis Centre (BCMAC), operated by the Indian Computer Emergency Response Team (CERT-In) as part of the Government of India’s Digital India initiative under the Ministry of Electronics and Information Technology (MeitY). Its goal is to create a secure cyberspace by detecting botnet infections in India and to notify, enable cleaning and securing systems of end users so as to prevent further infections.

Practice question:
1. Mark a difference between a Computer virus, Worms, Trojan Horses, and Spyware. How India cam tackle the problem of ransomware?

Call Now Button