Profit Implications of Malware - Annotated Bibliography Example

? Profit implications of malware Malware refers to any program or file that can harm a computer system. Despite the fact that there no standard categorization of malware, still they can be grouped based on their effects, behaviors and intentions (David A. Elizondo, Computational Intelligence for Privacy and Security). However a malware will not specifically fall into either these groups as some malwares fall into more than one category. The most common groups are virus, worms Trojan horse, rootkit, spywares and adware. Viruses are small software programs that are designed to spread replicate from one computer to another (Karen Mercedes Goertzel). They are malicious as they interfere with the normal computer operations. A virus operates either by deleting or corrupting data. There are several categories of viruses these are macro virus, email virus, multi-variant virus and radio frequency virus. Macro viruses are viruses written in the macro scripting languages of word processing, accounting or editing applications. These viruses propagate by exploiting the macro language properties in order to transfer itself from the infected file containing the macro script to another file. The most popular victims are Microsoft office application. Because they are written in the code of the applications software, macro viruses are platform independent and can spread between Mac, Windows, Linux or any other targeted applications. Electronic mail viruses are those which are delivered via email transmission. This usually exploits email attachments as they can be executed immediately upon download (Karen Mercedes Goertzel). The multi-variant viruses are implemented with slight variations so that the anti-virus scanner cannot be able to detect the one of the variants. A computer worm refers to a self-replicating computer program. It relies on computer network to send copies of itself to other computers on the network in an automatic manner. Worms are known to exploit a zero-day vulnerability that allows them to execute their copies within the same network (Effects of Malware Infections: Avoid the Dangers of Malware Programs ). There are several types of worms these are: The internet Relay Chat worms that exploit the Internet Relay Chat (IRS) unlike the Instant messenger worm that exploit the IM channel. The web or internet worm spreads via user access to a web page, file transfer protocol or by use of other internet sources. We also have the file-sharing (Peer-to-peer) worm that copies itself into a shared folder, it then use its peer-to-peer mechanism to make its existence known with the hope that a user will download it. As for the flash form these refers to the theoretical worms that spread within seconds upon activation to all vulnerable hosts on the internet. A Trojan horse is a non-self-replicating type of malware that tends to perform normal beneficial functions for the user though it facilitates unauthorized access to the user’s computer system. Recently Trojan horse is released as payloads by computer worms that give the attackers full control of the victims’ personal computer (Effects of Malware Infections: Avoid the Dangers of Malware Programs ). There are several factors that make Trojans dangerous first of all Trojans are not visible in the traditional process viewer including windows and task managers, this coupled with the fact that most virus and Trojan scanners find it difficult detecting the Trojan code. Also the Trojan code is very difficult to unload hence making it hard cleaning it. The most common type of Trojan is the proxy Trojan that once it attacks the victims computer it turns it into a proxy server (Zombie) which then operates on behalf of the remote attacker. This makes it even more difficult tracing the attack to the attacker as the trail often leads to the victim in most cases. A rootkit is a software system that is composed of several of one or more computer programs that are designed to hide the fact that a computer system has been compromised. Usually an attacker installs the rootkit to replace the vital systems files so as to conceal the files and processes that have been installed. Rootkits operate by modifying parts of the operating system or by installing themselves as drivers or kernel modules hence making itself hard to distinguish from core system modules (David C. Wyld). This makes it hard to detect and remove because they operate with the same privileges as the operating system enabling them to easily intercept or subvert operations made by the operating system. This becomes a challenge even to anti-malware agents such as antivirus software as their operations are subverted hence making them ineffective. Spyware are a type of malware that are created solely for extracting personal user information as well as submitting the extracted information to their owner for their own use. Usually spywares are used to steal personal user information such as credit card number, password as well as track their computing habits. A bot refers to a type of malware such as Trojan, worm or spywares that enables an attacker have complete control of an infected machine. A computer system that has been infected in this case is often referred to as zombie or a drone. Bot can however be further categorized by virtue of their delivery mechanism. For instance we have a spam bot that is similar to an email virus or a mass-mailing worm that depends upon the victim’s action to activate it usually through opening an attachment affixed to a spam mail or by clicking a web link within a spam email that directs a user to a website where the bot is downloaded. The maliciousness of the bot clones occurs on a much wider scale when the bot clones replicate themselves and communicate with each other thereby creating a cooperative network of bots commonly referred to as a botnet. Adware’s on the other hand are usually used to post adverts, promotion alerts, offers and notices automatically usually via a pop up window even when the user isn’t interested. These programs normally infest the system through malicious sites that the usually visits (The Effect of Spyware, Malware and Botnets on Business Security). Many windows open at the same time in a simultaneous manner and this makes it hard close them; as such it becomes a nuisance to the user as it interrupts the users operations. Crimeware refers to a category of malware that are specifically used to aid criminal activities. They are used in a variety of forms key being as email redirectors where malwares are used to intercept and relay outgoing emails to an attacker’s system. Also crimeware are evident in IM (Instant manager) redirector where malware is used to intercept and relay outgoing instant messages to the attacker’s system. Other ways in which crimeware are deployed include through clicker where victims are redirected to a malicious site as well as transaction generator and session hijacking. How malwares attacks business systems One key ways malware spreads is through email attachments. Therefore upon open such attachments the malware installs on the computer and spreads to other areas in an organization through attachment. It is always advised to avoid opening emails from unverified sources. Another way a business may expose itself to malware is through malicious websites. Such websites usually use website pop-ups and employ scare tactics by claiming your computer has been infested with viruses (Effects of Malware Infections: Avoid the Dangers of Malware Programs ). By offering deceptive options such as an antivirus download link a business may fall for this trap and instead infect their information systems. Malware infection may also come as a result of infected portable storage devices. These always happen through storage devices such as flash drives, diskettes and external hard drives that that may have hidden malware (Pan). Since they are used to transfer data over multiple computers they then act as agents of malware transmission. Also malwares can be easily spread by means of computer network. This network could either be a LAN (Local Area Network) or a WAN (Wide area network), in this case malware can spread from one computer to another through the network especially when the network is unsecured. Malware Perpetrators and their Motivations The reason for development of malwares is extensive as it involves diverse motives. However creators of malwares have often been categorized as innovators, amateur fame seekers, the copy-catters, the insiders and organized crime (Boone). Innovators refer to those individuals who devote their time and commitment into finding security holes in systems as well as exploring new environments if they are suitable for malicious codes. There key motivation is challenge where they seek to specifically overcome existing protection measures. The amateur fame seekers refers to malware creators with limited computing and programming skills and whose desire is to seek media attention by using ready-made tools and tricks. As for the insiders, these are disgruntled workers, ex-workers, contractors and consultants whose main aim is to seek revenge or carry out theft. They normally take advantage of insufficient security aided by the fact that they have privileges in the positions they occupy in the workplace. The organized crime syndicate refers to highly organized and highly motivated cyber-crooks who are usually limited in number but posses’ limitless power (Skoudis). Their main aim is profits by having a tight core of masterminds concentrated on earning money at any means possible by availing themselves with human and computer resources to make that happen. It is however worth noting that malware creators are increasing adopting complex techniques to prevent their virus code from being detected by signature matching anti-virus scanners. The techniques they use include polymorphic encryption where the virus is encrypted to avoid detection (Micahel A. Davis). Secondly they use metamorphic obfuscation where the virus code is morphed by adding non-virus logic to hide the presence of virus logic therefore making the virus signature change as the code changes thereby rendering the virus undetectable by matching the signature of the pre-morphed virus. Also code integration has been adopted whereby the virus code is mixed into the valid program code by using available tools such as Mistfall Virus Engine. Implications of malwares on business profitability The effects of malware usually have negative effects on business profitability either directly or indirectly. This tends tend to limits a business agenda of accomplishing its business objective. One of the direct impacts of malware is direct financial losses due to cases of stolen credit card information or passwords (The impact of malware on business). When these details are stolen from a business entity the attacker has the capability of siphoning money out of such accounts. This would greatly impact on the financial state of the business as they lose key assets as well as control over other financial resources. Secondly a business organization as a result of malware are more obliged to spend more on security measures such as procuring anti-malware software licenses such as antivirus, firewalls and sometimes even hiring a full time information security personnel, all these expenses have an effect of lowering a business profit margin as these measures are expensive to procure and maintain (Boone). This impact will be heavily felt on small and medium sized enterprises as they lack the resources to afford security tools or even hire an information security officer as that will prove expensive due to their low capacity. Because malwares have a tendency of lowering the performance of computing systems in a business organization this has the long term effects of lowering productivity as well. Lower productivity means that a business will not be performing optimally as its productive output will be negatively affected. Take for example a factory system that is managed by a computerized conveyor belt (David A. Elizondo, Computational Intelligence for Privacy and Security). If the computer system managing the conveyor system is malware infected chances are it will either slow down the working state of the system or prevent it working all together. This would adversely affect the production line as services rendered by the conveyor line will be limited. If this incidence is to continue over a period of time chances are that poor productivity will be evident and this would be reflected financially as a contributor of low profitability. Malwares on a public scale can have a negative impact on a business image and reputation. This will lead to mistrust as well as lack of faith by the public to rely on a business. A popular example is an incident by McAfee antivirus company that distributed a malfunctioning update in the late 2011. The result of which led to the update becoming a malware on the contrary (Effects of Malware Infections: Avoid the Dangers of Malware Programs ). It was reported that the organization lost its public image as a trusted software company. As a result of its clients seeking alternative options from other antivirus vendors, the company has had a hard time retaining its clients. This has greatly impacted negatively on its profitability. Computing systems represents accrued business investments of an organization. Because malware infestations lower computing speeds, facilitate software crushes as well as create a denial of service situations. All these factors render an information infrastructure obsolete or incapacitated (The impact of malware on business). The effects this has from a business point of view is a state in which an organization cannot account for the benefits of their investments and this could as well be considered as loses as they have no little or no benefits to a business. Malware also cause loss of information or data which may be important to the day to day running of a business organization. This may be through virus infestation that may either corrupt files or delete them entirely. This may have a great impact to the business since some data may have taken time as well as money to gather. It may also be that such damaged data may have a direct impact on the business take for instance a consulting firm that relies on providing information to its clients (Pan). If such information is destroyed, chances are that this would impact negatively on their profits. It is therefore vital that businesses protect themselves from loss of information and data as the damage may well extend just beyond the loss of their information resources. With regards to a spyware attack on a business, this would result in loss of information that a business may consider confidential. For instance a business may lose information on their marketing strategy, management goals, expansion plans, operation reports and much more crucial information that can be exploited by competitors (Pan). For instance a potential marketing strategy a business may plan to undertake in the near future can fall into the hands of competitors who can then implement them earlier and hence benefit at the expense of the original business organization. Because information represents opportunities it would be unfortunate to fall into the wrong hands and as such may affect the business profitability. A business may also incur loses indirectly as a result of malware through its dependent affiliates. This happens when an entity that a business relies on encounter a malware attack and therefore services that a business benefits upon may be adversely affected and this in turn will impact negatively on their business interests (The impact of malware on business). For example a company A would be relying on email services from company B. In the case where company B servers encounter a denial of service malware attack, this would in effect affect company A as they will be incapacitated from accessing their email services. The result of this would be diverse from poor communication between company A and their and their clients as well as poor internal communication. This would impact on the business profitability if the problem is to persist in the long run. In some instances malware attacks on a business websites for example a hacked site can be used by an attacker to propagate adware, if in any case this is not curbed such websites can be blacklisted by anti-malware tools such as anti-virus and firewalls (The impact of malware on business). Now considering the case of a business organization this would results in implications such as low traffics to their website. This could have adverse effect especially if the website is used to render commercial services as being blacklisted would divert clients away from visiting the site and carrying out their transactions. The impact of this on profitability can be catastrophic as they lose both on sales and client base. It is also worth noting that in some instances malware attacks on a business can result in its clients incurring great liability as a result. In such instances a client may be forced to take legal action so as to get compensation (Pan). A worst case scenario is when these implications affect a large client base and hence the liability to be compensated by a business maybe huge and this is not considering the legal fee they have to account in meeting its legal obligation. This can strain the company financially and have negative effects on a company’s profitability. The effects of malware to a business cannot be overemphasized as damages caused by malware often expose a business to limitless risks. Some notable malware attacks have been evidenced worldwide and as such illustrate only a fraction of what is known. For instance on December 2009 Amazon and Wal-Mart succumbed to a Denial of service attack that took down their websites (The Effect of Spyware, Malware and Botnets on Business Security). Although the incident was later brought under control the losses incurred have been reported to big considering it was an online shopping season. Another notable case of a denial of service attack in CAT 2009 an online Indian examination made it impossible for estimated 4000 students from sitting for their tests. There have also been similar attacks in Russia and Chinese banks believed to be the doing of botnets so as the hammer down banking networks. Such attacks also prompted Microsoft to offer a reward of $250,000 for perpetrators of worms that have been responsible for a number of disabled window services. These attacks from a business point of view only illustrate the concern for business entities to implement strict secure measures to prevent such losses in the future. Despite all these there have been positive statistics. Studies have found that 79 percent of attacks represented in recent malware attack reports were opportunistic. Of all attacks, 96 percent were not highly difficult, meaning they did not require advanced skills or extensive resources. Additionally, 97 percent of the attacks were avoidable, without the need for organizations to resort to difficult or expensive countermeasures. It is now believed that greater public awareness about malware threats, user education and training are vitally important in the fight against malware attacks in business settings. (David C. Wyld) It now falls upon business to take up the challenge and seek effective measures and techniques to contain the damages and losses accrued through malwares so as to protect their interests as well as secure their profitability. Ways to curb malwares Before addressing the methods a business can use to deal with malware it is important to know that malware fall into three categories. These are detection, prevention and eradication. Detection is the ability to recognize and locate malware on a system such as a file, software or a media in residing in a system. Prevention is a strategy that aims to keep malware from entering, installing or executing on a system as well as preventing malware from propagating itself an a system. It also deters malicious agents from embedding and implanting malware in software before it installs itself on a system. Eradication is the process of completely removing the malware and all its associated traces such as files, processes, system changes and restoring systems to its pre-infected state. The fact that malwares exists and will be a constant threat does not mean that business shy away from embracing information but rather seek approved solutions to counter their attack so as not to compromise there profitability (Karen Mercedes Goertzel). There are several methods however that a business can adopt to save themselves the loss that accrue as a results of malware attacks. First a business can take measures to manage email as this is one of the key ways its information systems can be intruded. This is because email attachment can come with it unwanted software. This can be curbed by ensuring that emails only from trusted sources are known. Other techniques involves being keen on attached files extensions (Skoudis). For instance files bearing a .exe extension are executable and as such pose a threat of being malicious to the system. Also files such as excel attachment should not be opened before disabling macros. A business will stand a better chance of defending itself in a networked setting if they monitor emails as this is a key route of entrance. Secondly by installing a good antivirus program malwares as well as potential threats can be easily detected and intercepted. It is therefore recommended that a business organization rely on at least one trusted antivirus if possible (Robinson). The advantage of modern day antivirus is that they come as a suite and hence are able to detect multiple varieties of threats such as adware, rootkits, Trojans, and viruses all at the same time. It is up to the business to ensure that they have to update anti-malware programs so that they can perform optimally. Popular examples of anti-malwares include Avast, AVG, Norton and Kaspersky all which guarantee protection at the cost of a license fee. A business can also prevent malware threats by ensuring their system is always up to date. This may involve regularly downloading operating systems security patches as well as making an effort of having your installed software updated from time to time. Another technique a business can consider to secure their systems is through enforcement of policies that will involve managing how security measures are undertaken within an organization. One of the key policies an organization can undertake is email policy which should limit the size of inbound email attachments with set sized for both compressed and uncompressed if the attachment is allowed (Micahel A. Davis). These policies will minimize cases of executable code that can be downloaded from internet. Secondly a business organization can enforce digital media policy that should prohibit the use of thumb drives, portable hard drives; CD’s and flash drives to curb the likelihood of users spreading malware within the organization. By a business adopting software installation policies they stand a better opportunity of deterring unapproved software downloads from being copied and installed into the network system by un-authorized personal. Work cited Boone, Kevin. Ethical Use & Social Impact of Malware. 22 March 2012 . David A. Elizondo, Agusti Solanas, Antoni Martinez. Computational Intelligence for Privacy and Security. Springer, 2012. —. Computational Intelligence for Privacy and Security. Springer, 2012. David C. Wyld, Michal Wozniak, Nabendu Chaki, Natarajan Meghanathan, Dhinaharan Nagamalai. Advances in Network Security and Applications. Chennai: Springer, 2011. Effects of Malware Infections: Avoid the Dangers of Malware Programs . 16 November 2011. 22 March 2012 . Karen Mercedes Goertzel, XXTheodore Winograd,. Information Assurance Tools Report. Report. Herndon: IATAC, 2009. Micahel A. Davis, Sean Boduer, Aaron LeMasters. Hacking Exposed Malware & Rootkits: Malware & Rootkits Security secrets & solutions. McGraw-Hill, 2009. Minimizing the Effects of Malware on Your Computer. 22 March 2012 . Pan, Jonathan. Malware's impact on e-business & m-commerce: they mean business! Report. Pearth, 2009. Robinson, Stewart J. How To Prevent Malware Threats On Your PC. 16 May 2010. 22 March 2012 . Samarati, Pierangela. Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices. Passau: Springer, 2010. Skoudis, Lenny Zeltser. Malware: Fighting Malicious code. New Jersey: Pearson Education, Inc., 2004. Sullivan, Dan. The Definitive Guide to Controlling Malware, Spyware, Phishing, and Spam. Realtimepublishers.com, 2005. The Effect of Spyware, Malware and Botnets on Business Security. 22 March 2012 . The impact of malware on business. 22 March 2012 . Read More