Malware

Malware

Student Name

Course

Date

Instructor Name

Malware

Malware is a general term used to describe a daunting list of intrusive or hostile software. Malware defined by Webopedia is, short for malicious software; malware refers to software designed specifically to damage or disrupt a system, such as a virus or a Trojan Horse. There are many different types of malware ranging from the well-known virus, Trojan horse, and worm to spy/adware, rootkit, and backdoors. The complexity and growth of the IT environment allows malware to live, adapt, and grow. We as security professionals need to be aware of the threat and know how to protect our systems to avoid problems with our networks that this malicious code could produce.

Types of Malware

Three types of malware that are common in today's IT environment are backdoors, Trojans, and worms. These specific types of malware have an array of different names, but the one thing that is certain is that they are there to get sensitive data from your network. Backdoor malware allows a hacker to gain remote access to an affected computer. An example of this type of malware is Bifrose KV. Bifrose.KV is a backdoor that allows attackers to gain access remotely to any computer that has been infected to carry out actions that may compromise the confidentiality of users and impede the computer from performing tasks (Panda Security, 2015). This type of malware does not spread automatically, user's intervention is necessary in order for the malicious code to reach the affected computer. In other words, the attacker needs the user to complete some sort of user action to spread the virus such as using infected  removable media (i.e. floppy disks, CD-ROMs, or DVDs), opening an email messages with infected attached files, conducting downloads from the Internet or peer-to-peer (P2P) file sharing networks. Once the attacker has delivered the payload, it can causes the information stored on the computer to be compromised or lossed, either specific files or data in general. It affects the network to which it's connected, the productivity of the computer, or other remote sites, carrying out actions which decrease the level of security of the computer. Backdoors are designed to be difficult to detect. One thing to keep in mind is that if your system has been compromised the possibility of a backdoor being installed in your system is very high. An organization should monitor the network after a possible breach and review the network intrusion detection system (NIDS) thoroughly. From a network monitoring perspective, such backdoors frequently run over protocols such as Telnet, Rlogin, or SSH.

TechTarget defines a Trojan horse as a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. An example of a Trojan in today's IT environment is the Banker.CTD. This Trojan monitor if the user accesses websites belonging to certain banking entities, in order to obtain passwords. Then, the gathered information is sent to an email address (Panda Security, 2015).. Like the backdoor previously mention it also needs user intervention in order to spread. Like any other malware, it can be detected by antivirus (AV) software, but that is not enough. An attacker can easily subvert antimalware products using advanced methods such as obfuscation. Simply repacking the malicious code several times will change the way it appears to AV software increasing the chance that it can get by undetected.  Again AV software can detect most Trojans but definitions need to be up-to-date, and it should be a part of a multi-layered defense.

This leads to the last piece of malware, the worm. A worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself (Techtarget, 2015). Worms are a bit more sophisticated than the normal virus. Worms can replicate without user interventions. An example of a worm that is active today is Conficker.C. Conficker.C is a worm that exploits a vulnerability in the Windows Server Service, which allows remote code execution. It is the vulnerability MS08-067 (Panda Security, 2015). How this little devil accomplishes this is by sending malformed RPC request to other computers in which it attempts to copy itself. It also spreads via removable media. This particular worm if a little more difficult to recognize since it does not display any type of message or warning that it has infected the computer. Usually with a worm, it will go unnoticed until its spread has affected system resources causing a  slowing or halting of other tasks.

With the advances in malware, it is becoming more difficult to detect malware right from the start of an infection, and usually the system is already infected when the malicious code if found. The best way for organizations to protect themselves from infection from malware is two-fold. Take preemptive measures and deploy a multi-layered defense. Training employees on the dangers of malware and its delivery methods, updating AV definitions/signatures, implementing firewalls in the network, regular system scans, and keeping the OS updated are all integral parts of a multi-layered defense to keep your network/system healthy and thriving. By employing simple measures like these you increase your network security and decrease the chance of becoming infected with malware.

References

Grannerman, J. (2013). Antivirus evasion techniques show ease in avoiding antivirus detection. Retrieved from http://searchsecurity.techtarget.com/feature/Antivirus-evasion-techniques-show-ease-in-avoiding-antivirus-detection

Kassner, M. (2009). The 10 Faces of Computer Malware. Retrieved from http://www.techrepublic.com/blog/10-things/the-10-faces-of-computer-malware/

Malware. 2015. Webopedia. Retrieved from http://www.webopedia.com/TERM/M/malware.html

Panda Security. 2015. Virus, worms, antivirus and Security Information. Retrived from http://www.pandasecurity.com/usa/homeusers/security-info/