Malicious softwares - Essay Example

MALICIOUS Introduction There have been a lot of researches conducted to illustrate the activities of malware programs that compromise the security level of an organization. There are various classes of malware programs; however, the main ones include worms and viruses. Worms and viruses form up the malicious softwares whose sole purpose are designed to disrupt, damage, as well as inflict unauthorized action on data and network. A virus is a malware program that has the ability to propagate itself into more copies and end up being a part of another program in the computer. This paper will analyze the different malware programs along with their effects to the computer system and system users. Most viruses are normally attached to an executable file in which they cannot become activated unless a user runs the host program. A worm is much similar to a virus as it replicates in numerous copies. Worms have the ability to cause damage just as the viruses. There is, however, a major difference between a worm and a virus. A virus requires a host in which it can attach itself in order to propagate. A worm, on the other hand, operates independently and does not require a host program (Harley 2007). These malware programs tend to infect systems and bundle other programs by attaching themselves as macros to computer files. These malware programs are also installed through the exploitation of a vulnerable spot in an operating system, a network spot, or even a hole that is existent in a browser. For these programs to cause harm to the computer, they have to multiply; which is a basic characteristic for them. Worms and viruses have the ability to alter the normal operation of an operating system; inflicting various kernel-level items (Christodorescu et al. 2007). These kernel items carry specific information with them that act as an indicator to existence of malware programs in the computer. As these malwares attach themselves to the computer, they tend to interact with various programs and increase their level of sophistication in order to combat anti-malware solutions. Some types of viruses enter into the user computer systems through the email systems as well as the address books. These viruses present themselves in a manner to suggest their validity and objectivity from coming from a trusted host source. The execution of the host code supplements the execution of the viral code. The virus program is then able to destroy the host program and attach itself into the computer. However, not all viruses have the ability to overwrite other programs especially with their replicate copies (Gragido 2013). Some only infect the boot sector and move the data in the selected boot sector. Infected e-mail attachments, file sharing, and network sharing facilitate the spread of the virus from one computer to another. These malware attackers have special and complex devised techniques that they use to avoid recognition by anti-malware softwares. Various scholars have listed these techniques that are applied. Some of them include obfuscation techniques and Polymorphism, metamorphism, and encryption argued to be a paramount technique by Andress, Winterfeld & Rogers (2011). The malicious activities caused by viruses are frequent owing to the existing nature of numerous viruses each possessing its own malicious activity separate from the other. Since the viruses are differentiated, every virus ought to be assessed critically in order to establish the type and extent of damage it may cause to system users. Types of Virus Stealth Virus This type of virus is an example of a computer virus that tends to apply various techniques in an effort to avoid detection by counterpart antivirus softwares. Stealth in a more general term implies the ability to do something cautiously to avoid being noticed. This group of virus also encompasses the viruses that escape notice even when not designed to act so and virus that affect programs because of the user’s failure to update consistently their antivirus softwares. During the running of antivirus software, the virus hides in the system memory. Stealth virus also has the ability to hide the various damages or alterations that it has done to boot records, as well as system files. This virus also has the knack to copy and keep an original copy of the data that is uninfected and monitor its activity, as well as the monitor system. In the event of a program trying to access the altered data, the stealth virus has the ability to redirect it to the area of storage that it maintains the uninfected and authentic data (Basar & Alpcan 2010). Polymorphic Virus A polymorphic virus has the ability to multiply in different codes and form numerous modifications that it uses to perform its operations. This type of virus is difficult to detect because of its ability to differentiate from its multiple copies (Sikorski & Honig 2012). In a basic form, polymorphic codes tend to mutate in a designed way that supplements its effort to maintain the original algorithm unharmed. Polymorphic viruses use code encryption to conduct their activities and they tend to change with each infection. Even though the virus tends to encrypt codes, some codes are simply left out for the decryption process in order to run the rest of the data. Antivirus software programs utilize this few codes to reverse and counter change the activities that this type of virus does to the computer system. Script Virus Malin, Casey & Aquilina (2013) suggest that this type of virus is the common virus to the public in the past couple of years. Users with web surfing experience frequently come across this webpage virus. This type of virus springs out from commercials and advertisements from webpages, making it the most common type of virus. A Script virus has the ability to alter and modify the front cover of a selected network browser. A script virus also has the ability to alter the registry and cause slower performance of the system. It destroys system files and sabotages the computer performance. These script viruses have various features. They are able to prefix themselves and appear in a script language that incorporates operation at a very high level of abstraction. Such high levels programming languages include JavaScript, Visual Basic, or Microsoft Windows Script Host. A simple written HTML file has the ability to make the browser operate infinite tabs that create chances of paralyzing the system. This feature also suggests that the virus may access personal contacts and may send multiple copies to the contacts or access vital files in the system and alter them. Tunneling Virus A Tunneling virus has the ability to alter the processes and functions of the antivirus programs. The tunneling virus installs itself within the antivirus program and monitors its activities. During clean up processes, the virus is able to interfere with the operations of the antivirus software and take up the role of the operating system. Since the antivirus program relies on the feedback it obtains from the operating system, the virus gains the ability to relay system calls from the antivirus and pretends to be the operating system intercepting the call. In an effort to avoid detection, it intercepts the call to stop the antivirus program from scanning the system and relays information that the computer system is fully functional and efficient (Middleton 2005). Malware Tools Botnets Botnets may be defined as a collection of compromised computers. At times, these computers are generally referred to as zombies (Aquilina, Malin & Casey 2008). A common method in which the bot enters the computer system is exploiting a vulnerable spot when a user visits a harmful website. A bot may also become activated into the system in form of a program that is plunged from another malware’s payload. These Botnets are generally infected with malware programs that tend to allow attackers to obtain their control. The botnet owners, botmasters, tend to control the computers in their botnet. Such action is done by using various means such as covert channels. There are various steps that are devised and applied to botnet usage. In the first step, a hacker sends malicious codes in the form of a payload. The bot software is then able to log into a covert channel or a server. An example of a covert channel is the Internet Relay Chat (IRC) that in most cases issues command for the inception of malevolent activities. These channels become the regulatory server. Lastly, a hacker and a spammer enter into a lucrative deal that allows them to manipulate the systems and send out spam texts via the controller server. These activities have a negative effect of putting the computer system at risk. Such activities include sending spam mails, stealing vital information, mining digital currency such as the bitcoins, as well as distributed denial-of-service attacks at, also known as DDoS attacks. Recent studies reveal that the size of a botnet is almost 20,000 machines. Other advanced types of botnets such as the Zeus, TDL-4, Conficker, and the BredoLab contain up to a million machines (Barile 2006). Botnets tend to cause severe damage to the security of individuals. In a direct way, the connected resources and the data found in systems may be forced into a botnet in which case it fails to be under the exquisite control of the authentic user. Trojan Horses Malin, Casey & Aquilina 2012 define a Trojan horse as a destructive program that conceals itself in a benevolent application. These programs are, however, different from viruses as they do not replicate themselves into copies. The activities of this malware types have greatly increased over the past few years. A Trojan horse program may portray itself as a system cleaner that rids off viruses from the computer but instead supplements the existence of viruses into the computer. They tend to set up back up doors and also install keystroke loggers (Dunham 2009). Apart from these activities, they have the ability to install and implement bot software into the computer system. Trojan softwares are the most malware tools that a criminal utilizes to collect vital information from a computer. Types of Trojan horses such as the Remote Access Trojan allow criminals to access a computer from a distant point. Criminals or hackers may also employ various programs to supplement their operation such as the Netbus, Subseven, as well as the Back Orifice. If successful, the hacker compromises the system and can install bot softwares or alter important files. They possess the ability to counterfeit the operations of authorized programs in the system that is used in administering various functions. They also operate in disguised codes such as ActiveX or Java applets. Rootkit Dalziel (2015) defines a rootkit as an application that has the ability to hide its existence in other host applications that are found in the computer system. These applications hide in the lower levels of the operating system such as the undocumented Operating System utilities or the API utility redirection. Some rootkits are legitimate while others are malicious. The legitimate rootkits are normally installed as components of legitimate applications. All rootkits, however, supplement the setting up of processes, hidden files, and unauthorized user accounts, as well as unauthorized files into the system OS. The ability to hide in these levels of the operating system makes them invisible to various anti-malware programs. They are also difficult to detect because their activation occurs before the Operating System completely boots up. Rootkits intercept important information from various network connections and terminals. Spyware The spyware is a malware tool that acts as a ‘spy’ and is secretly installed in a computer where the culprits use it to acquire private information about the legitimate user. The bot network may supplement the operations of spyware through the use of conceded computers that sell out important information (Masud et al. 2012). This information is then utilized lucratively and sold to the black market and the spyware creators are able to earn profits. Spyware, just like the other malicious programs, can alter the system, interfere with web browsers and set up suspicious programs among others. Adware Holt and Schell (2013) suggest that adware programs mostly deal with internet advertising. An adware may manipulate ads and generate their occurrence through pop-ups or utilizing interface components. An adware may harm the computer system but not as harmful as other malware tools. Adware programs are mainly targeted to the generation of profit resulting from the advertisements. These programs can, however, manipulate the systems and install programs that seize browsing sessions when a user is logged in and use them to allow ad sites. This program has the ability to monitor user activity through the installation of various programs. It is these programs that discourage web browsers from providing the required sites that the user tries to access online. Some applications may contain adware programs that tend to track the surfing behavior of a particular user with the sole aim of serving ads (Tittel 2005). In order to access this information, the program has to violate privacy and security measures installed in the computer system. In other instances, an adware is legit because it is offered as an alternative to people that are unwilling or do not have the ability to pay for software products. Motives Malware motives range from beneficial to destructive aims. For the beneficial part, the current malware has only one goal; to make financial profit or take advantage of lucrative situations (Van, John & Falkinder 2005). Hackers and online criminals are slowly sophisticating their operations in a shadow economy that aims at making money. New malwares are being created each day. Some of these malware tools include mass blog-posting tools, key logging programs, volume spamming tools, botnet management tools, as well as account generating tools. Botnet management tools have the ability to acquire unauthorized profits. Botnet techniques are numerous as they range from spamming mails to the manipulation of stock in the stocks market. In causing damages to systems, a malware program may choose to crush the Operating System or even interfere with the detection of internets domain by various browsers. The interference of these malwares with imperative information compromises the validity of the system information. Attacks targeted towards various computer systems normally include a component of intrusion, as well as pursuance. The pursuance is normally done from various extreme phases such as the reconnaissance phase to the ex-filtration phase (Kanellis & IGI Global 2006). These attacks incorporate the use of various sophisticated virtual tools and procedures. Malware attacks are done from a small scale basis to large scale basis. Attacks range from stealing personal information and data from individual users to high profile corporate security attacks. Some of these organizations include government institutions, corporate businesses, as well as civil society organizations. Conclusion A lot of the cyber-attacks are geared to accessing and increasing the vulnerability of various types of information. The cyber criminals are proficient and highly experienced in ensuring their intrusion operations are successful as they obtain relevant and lucrative information. The theft of personal information in an online platform is happening at a very alarming rate. Malware infections and attacks are being conducted with the sole purpose of accessing, altering, or destroying unauthorized information. With all the above description and analyses of malware programs, it is evident that these programs target the breaching of the private and secured information of a particular individual. References Andress, J., Winterfeld, S., & Rogers, R. (2011). Cyber warfare: Techniques, tactics and tools for security practitioners. Amsterdam: Syngress/Elsevier. Aquilina, J., Malin, C. H., & Casey, E. (2008). Malware forensics: Investigating and analyzing malicious code. Burlinton, MA: Syngress/Elsevier. Barile, I. (2006). Protecting your PC. Boston, Mass: Charles River Media. Basar, T., & Alpcan, Tansu. (2010). Network Security. Cambridge University Press. Christodorescu, M., Jha, S., Maughan, D., Song, D., & Wang, C. (2007). Malware Detection. Advances in Information Security. Springer. Dalziel, H. (2015). How to defeat advanced malware: New tools for protection and forensics. Dunham, K. (2009). Mobile malware attacks and defense. Oxford: Elsevier Science. Gragido, W. (2013). Blackhatonomics: An inside look at the economics of cybercrime. Amsterdam: Syngress. Harley, D. (2007). AVIEN malware defense guide for the Enterprise. Burlington, MA: Syngress. Holt, T. J., & Schell, B. H. (2013). Hackers and hacking: A reference handbook. Santa Barbara, California: ABC-CLIO, LLC. Kanellis, P., & IGI Global. (2006). Digital crime and forensic science in cyberspace. Hershey, Pa: IGI Global (701 E. Chocolate Avenue, Hershey, Pennsylvania, 17033, USA. Middleton, B. (2005). Cyber-crime investigators field guide. Boca Raton: Auerbach Publications. Malin, C. H., Casey, E., & Aquilina, J. M. (2013). Linux Malware Incident Response: An Excerpt from Malware Forensic Field Guide for Linux Systems. Burlington: Elsevier Science. Malin, C. H., Casey, E., & Aquilina, J. M. (2012). Malware forensics field guide for Windows dystems: Digital forensics field guides. Waltham, MA: Syngress. Masud, M., Khan, L., & Thuraisingham, B. M. (2012). Data mining tools for malware detection. Boca Raton, FL: CRC Press. Sikorski, M., & Honig, A. (2012). Practical malware analysis: The hands-on guide to dissecting malicious software. San Francisco: No Starch Press. Tittel, E. (2005). PC magazine fighting spyware, viruses, and malware. Indianapolis, IN: Wiley Pub. Van Beveren, John, & Falkinder, Samuel. (2005). Understanding the motives of Malware creators. International Academy of E-Business (IAEB). Read More