What is Malware? A term that scares all modern day users of computers away. What does it actually do ?

Overview

The term “Malware” is a short-form of Malicious Software. It refers to any piece of software that has the potential to damage or disrupt any normal operations.

These are some examples of malware which we are familiar with:

1. Viruses — Like their biological namesakes, viruses attach themselves to clean files and infect other clean files. They can spread uncontrollably, damaging a system’s core functionality and deleting or corrupting files. They usually appear as an executable file (.exe).
2. Trojans — Disguises itself as legitimate software, or is hidden in legitimate software that has been tampered with. It tends to act discreetly and create backdoors in your security to let other malware in.
3. Spyware — Designed to spy on you. It hides in the background and takes notes on what you do online, including your passwords, credit card numbers, surfing habits, and more.
4. Ransomware — Locks down your computer and your files, and threatens to erase everything unless you pay a ransom.

There are other malware which I have not mentioned. You can read more at : https://www.avg.com/en/signal/what-is-malware

Malware programmers

Malware programmers/developers utilises malware to perform activities that range from simple email advertising to complex identity theft and password stealing. Here are some of the examples that malware programmers develop and use it to:

1. Attack browsers and track websites visited
2. Affect system performance, making our systems work slower than operating speeds.
3. Causes hardware failure, in some cases, it renders the system inoperable
4. Steal personal information of users
5. Erase valuable data, in extreme cases, it can cause substantial data losses
6. Similar to a virus infection, a compromised system can be used to attacker other systems in the network
7. Spam inboxes with advertising emails

Components of Malware

Crypter — This refers to a software that conceal the existence of malware. Attackers use this software to elude anti-virus or firewall detection. This also serves as a protection for malware. Some specialists will use reverse engineering or analysis to inspect the malware. Hence, a crypter reduces the chances of a malware getting detected by the security mechanism

Downloader — This is a type of trojan that downloads other malware (or) malicious code and files from the Internet onto the personal computer (PC) or system. This is usually the first step for attackers if they want to first gain access to a system.

Dropper — Attackers need to install the malware program or code on the system to make it run. This program can do the installation task secretly/discreetly. The dropper can contain unidentifiable malware code undetected by the antivirus scanners and is capable of downloading additional files needed to execute the malware on a target system.

Exploit — This usually refers to part of a malware that contains code or sequence of commands that can take advantage of a bug or vulnerability in a digital system or device. It is the code the attackers use to breach the system’s security through software vulnerabilities to spy the information or to install malware. There are two types of exploits, but these are based on the type of vulnerabilities they abuse, inclusive of local exploits and remote exploits.

Injector — This usually refers to a .BAT file that injects the exploits or malicious code available in the malware into other vulnerable running processes and changes the way of execution to hide or prevent its removal.

Payload — Part of the malware that performs desired activity when activated. The payload may be used for deleting, modifying files, affecting system performance, opening ports, changing settings or any form of compromising the security.

Malicious code — This refers to the piece of code that is the backbone of the malware and it contains commands that result in security breaches. A very common yet effective example are browser plug-ins

Countermeasures

Malware is commonly used by an attacker to compromise target systems. Preventing malware from entering into the system is a far better solution than trying to eliminate it from an infected system, which is a far more difficult task.

1. Avoid opening email attachments received from unknown senders
2. Block all unnecessary ports at the host and firewall
3. Avoid accepting programs transferred by instant messaging
4. Harden weak, default configuration settings and disable unused functionality including protocols and services
5. Monitor the internal network traffic for odd ports or encrypted traffic
6. Avoid downloading and executing applications from untrusted sources
7. Install patches and security updates for the operating systems and applications
8. Scan external USB drives or DVDs ( external storage ) with antivirus software before using
9. Restrict permissions within the desktop environment to prevent malicious applications from being installed
10. Run host-based antivirus, firewall and intrusion detection software

Malware penetration testing

As for industrial systems, it is necessary for systems for perform malware penetration testing as attackers wants to find loopholes or vulnerabilities in order to gather information and gain unauthorized access into the system.

Scanning systems for open ports, suspicious running processes, registry entries are important for penetration testers. Followed by collecting more information about startup programs or autorun applications in Windows. System logs, security logs and applications logs will also help penetration testers to find any malicious or unusual activities.

The penetration tester will then document all their findings to help determine what is the next course of action.

Quadrant360 offers specialised Malware Penetration Testing and Consulting services, so do contact us at +65-31383788 or click here to email us at enquiry@quadrant360.com for more information

Summary

Malware is a malicious software that damages or disables computer systems. It sometimes gives limited or full control of systems to the malware creator / developer for ill-intentions, especially for theft or fraud. There are different types of malware, viruses and components of malware. However, it is important to note that it is easier to prevent malware for penetrating into a system than getting rid of malware from an infected system.