Monday, January 09, 2012

Malware Ungeekified: A layman perspective

Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
- source: Malware

In short, virus, worms, trojan, adware, spyware and other exploits are all a form of malware, however, most people simply refer everything as virus. They are given different names due to their infection and concealment methods further sub divided with their exploitation methods. A malware even under the same subdivision may have different purposes, for example a spyware may be coded to spy on a specific activities that you're doing on your computer, website that you're visiting and then propose to you pop-up advertisement that you are more likely interested in.

Before moving further, keep this simple thing in mind, the purpose of the malware maybe different. They may also be a mix and match of different infection and concealment technique. They may also use different concealment technique while infiltrating different stage of the system. They can also be custom made to intrude a certain device, system or individual, depending on the purpose of the hacker. In short, they can take any form as their designer wish. Also bear in mind that unless the malware is infecting a lot of people and gain popularity, else a specific removal guide is hardly available.

Infection Method
Virus and Worms are perhaps the best-known type of malware by their infection method.

Virus embed or disguise itself as an executable software, which upon running the program spread to other software or devices.
Worm however transmit itself actively, over a network, and may infect thumb drive, external hard disks and any devices that come into contact with that device. The method of infection may be different from worm to worm.

These infectious malware may carry codes that may alter and delete files, or perform other destructive activity. They may also combine itself with other malware perform a hack and gain access to the device.

Concealment Method
These sly programmers who created the malware must find a smart way to conceal themselves so that one would run them and they must also avoid the detection of various antivirus to make their plan works.

Trojan Horse
From the old Greek myth of the Trojan war, when the Greeks wars with the Trojan and try to intrude their unbeatable the city of Troy. After 10 fruitless years to siege the city, they hid 30 strong soldiers in a huge wooden horse, and pretend to sail away. The Trojans took the horse back into the city as trophy not knowing that there are Greeks hiding inside. In the dark of the night, the Greeks sail back and with the help of the soldiers already in the city wall end the war with a victory. Trojan horse conceal themselves in similar manner, they pose themselves as fancy or helpful software that is desirable but upon installing grant remote access to the hacker. The hacker might then use their access to perform activities like:

  • Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
  • Data theft (e.g. retrieving passwords or credit card information)
  • Installation of software, including third-party malware
  • Downloading or uploading of files on the user's computer
  • Modification or deletion of files
  • Keystroke logging
  • Watching the user's screen
  • Crashing the computer
  • Anonymizing internet viewing

This concealment method is perhaps the hardest to detect and removed. They disguise themselves as root (a privileged access) which is invisible even from the administrator. They are primarily used to steal sensitive information by circumventing normal authentication and authorization mechanisms. Due to their high permission level, they may alter the detection measures installed on the computer and effectively conceal themselves, or worse, regenerate/resurrect themselves after deletion. The "perfect rootkit" can be thought of as similar to a "perfect crime": one that nobody realizes has taken place.

Backdoor as the name suggest, opens a backdoor and invite unwanted guest into your system. Ever received any email from your friend that doesn't make sense and contain a link? That's probably a computer worms which install backdoor on the affected computer so that spammer can send junk mail from infected machines. Opening of backdoor can be made through various methods.

Common Known Malicious Software Classes
There's a huge library of malicious software, some infecting more people, while some targeting a specific group or individual. With social networking becoming common, it opens up new avenue for the hackers to spread their malware. Some of them smartly disguised themselves among the news feed/stream to prey on unsuspecting targets.

Adware are primarily use to generate pop up ads, like in Windows Live Messenger, Skype, ICQ, Movie streaming software or applications. Although it's commonly available now on legitimate software some still consider them intrusive, and in the part of the world where they are getting slow internet speed, it's a waste of resources to load those ads. They are usually more towards annoying but and not harmful.

Spyware as the namesake, are software which spy on your device activities and report it back to the attacker. They collect small bit and pieces about you without you even noticing. Some of them are more harmful and some of them just want to monitor your activities to study you and recommend you to advertisement that you might be interested.

Botnet is rather a collection of compromised devices connecting via the internet to perform malicious act without the knowledge of the device owner.

Most of the malware have straight forward class name performing as the name suggest, Key logger keep a log (record) of your key stroke, and then rearrange them to find out what you typed. Dialer are rather old school, mainly used during the dial-up connection era, they will ask you to dial a connection to their premium rate call line much like the 600-xx-xxxx number in Malaysia. Browser Hi-Jack will hi-jack your browser, altering from the default browser search engine, to redirecting the search result to an ads page.

Alas, this is a simple summary showing the relationship between malware:
Of course in actual case they are way more complex than this, but this is the ungeekified version so I try to simplify things that are confusing. If you are still confused as you read, do put them down in comment so I can alter or elaborate further.

When it comes to malware it's better to be safe than sorry, don't be tempted by fancy software, and make sure you read their reviews before installing them. You will never know what's coming together with it, and while installing, read along the installation process carefully, they might ask you to download additional toolbar, adware or spyware that you want to avoid. Always remember that although curiosity is an important key to help self improvement, one should be vigilant to the dangers on the cyberspace. These malware usually spread in a certain pattern, if there's something that you received from your friend especially via apps that doesn't seems normal, please remove or ignore it. Do not attempt to comment on it or like/+1 it.

Related read:
Wikipedia: Malware
Internet irritations and dangers
Avira Virus Lab

P/S: usually the -ware suffix is referring to software. Well I think I should waste such a well written article that I wrote for someone I care about. Now that she couldn't see the real world anymore I really couldn't convince her anyway.

No comments:

Post a Comment

Clearly you have something to say, remember subscribe to comment so you will know when you have a reply?

Related Posts Plugin for WordPress, Blogger...

What is lauyeelosophy?

It was a little unexpected that this blog is still up at running after so many years, and definitely a huge chunk of inactivity. Started off with nothing but some personal nags, sharing some of the songs that I genuinely like and their lyrics, and some thoughts that I have no one around me to discuss with, bullshits that I've structured.

Soon I'll put everything into a mixing bowl, sharing lyrics with a structured bullshit story. I wouldn't update it as often as I'd like to but for people who like reading, I'm sure you wouldn't be disappointed.

Yes a picture is worth a thousand words, but it wouldn't be as entertaining as a thousand words for sure.

Sincerely yours,