Malware and its Different Kinds to Understand & Antivirus Software
Malicious software has been around since the beginning of private and commercial use of networks and always pursues only one goal: access to the data processing of other users.
Malicious software can spread not only via e-mails but also via network shares, insecure or unset passwords, and weak points in the operating system and is still one of the biggest security problems in the operation of IT infrastructures. In the current blog post, we introduce you to the most popular forms of malware.
The Malware Threat Lurks Everywhere
Malicious software, also known as malware, are malicious programs to penetrate a system and execute a previously programmed malicious function. The term malware encompasses the various types of programs, with computer viruses, computer worms, and Trojans being among the most well-known types of malware. However, scareware, ransomware, and scamming also cause considerable economic damage every year.
The problem: Since the danger of infecting your PC with malicious malware can lurk everywhere, it is difficult for users to detect such malware.
Computer Viruses - the Senior Among Malware
The computer virus is one of the oldest and probably the best-known form of malware. In a biological context, a virus is a microorganism that does not have its own metabolism and therefore relies on a host cell to survive. This basic principle can be easily transferred to the computer virus because it too is dependent on a host system. That is a computer virus lodges in other programs and could not run without these "hosts". A computer virus only has an impact on a running system and, like a virus, is reproducible.
Basically, it is difficult to describe the structure of a computer virus because there are many different types of computer viruses. However, they can contain the following components:
· Decryption routine (decryption and execution of data in the case of encrypted computer viruses)
· Reproductive part (reproduction of the virus)
· Detection part (checking whether the program is already infected)
· Damage part (program part harmful to the host system)
· Condition part (specification of conditions under which the damaged part should be carried out)
· Camouflage part (protection against detection by ANTIVIRUS SOFTWARE)
Due to the diverse structure and the different types of computer viruses, the effect is of course very different. It ranges from harmless, for example when the display of the user interface is changed, to complete data and hardware destruction of the infected computer system.
In addition, viruses usually pose a threat to the integrity and confidentiality of data.
Computer Worm - Warning, the System Has Crashed
Compared to a computer virus that requires a host system, a computer worm is an autonomous program, but it also has the ability to reproduce. What is significant is that a computer worm burrows into the depths of the infected system. This ensures that they are also started when the system is restarted.
A computer worm can reproduce in several ways. For example, he can send himself a copy to an email address he found on the host system and hope for the naivety of the recipient who (hopefully) opens the file attachments. Since this is usually the most successful way, there is hardly any need for other camouflage mechanisms such as those used by computer viruses. Worms can also be spread via text-based chat rooms or by attacking distributed resources such as networks.
Just like computer viruses, worms can have different structures but mostly consist of parts of the spread and the so-called payload, which contains the actual effect of the worm. A worm can also consist of other program parts, which are called worm segments. When the worm reproduces, it usually does so while communicating with other worm segments.
A computer worm aims to crash the target system. Depending on the type and payload, this can cause little to devastating damage. In most cases, successful distribution is enough to cause massive damage, as the reproduction of the worm consumes massive network and computer resources, mailboxes overflow and mail servers can collapse.
Just like computer viruses, computer worms are a threat to integrity and confidentiality and are also a threat to availability (denial of service attacks).
Trojan Horse - It's Not What It Looks Like
You are sure to know the legend of the battle for Troy, in which the Greeks sent the Trojans a wooden horse as a gift to mark their retreat after a ten-year battle. Confident of victory, the Trojans pulled the horse into their city and celebrated their (supposed) victory. During the night, however, the situation took a surprising turn because Greek soldiers were hiding inside the wooden horse, taking advantage of the Trojan's certainty of victory and burning Troy down.
If this legend is translated into IT language, the Trojan horse explains itself as malware almost by itself: a program that pretends to fulfill a specific purpose, but does other things in the background that remain hidden from the user. Or in short: the specified target function does not match the implemented actual function. The target function is also carried out, but also functions that are usually not desired by the user.
The aim of a Trojan horse is therefore to control the infected computer and to spy out stored data. This can be implemented, for example, by implementing spy software that can intercept keystrokes. Trojan horses can, however, also be word processing programs or editors that copy the contents of edited databases unnoticed or even manipulated databases through which sensitive data can reach the attacker.
Incidentally, the proportion of Trojan horses among the malware programs in Germany is much higher than that of viruses and worms.
Backdoor - Likes to Leave a Back Door Open
The so-called backdoor software creates an interface to bypass the usual access protection for system access. This "back door" enables access to a target system that is either manipulated, destroyed, or used as a loophole for the implementation of further malware. For example, there may be a security gap on a system, which is why a worm is placed through the backdoor that generates such a vulnerability itself.
Basically, backdoors don't always have to be negative. In some cases, they are even desirable. For example, if a smartphone owner can no longer access their device because they have entered the PIN and Super-Pin incorrectly several times. In this case, customer service comes to the rescue, using a complicated sequence of numbers and characters to get his cell phone working again. This backdoor is thus a hidden but useful gateway through which a certain sequence can take place.
The scenario only becomes negative if an attacker accesses this backdoor and infiltrates malware. If the backdoor is deliberately built-in by the developer, for example as remote maintenance access, then the risk can usually be calculated. However, due to the high complexity of modern operating systems, it is difficult to monitor all entrances (as in large office buildings).
If the attacker got through the backdoor, he usually has complete access to the target system of the victim. With the help of a Trojan horse, files can be easily intercepted, the webcam and microphone can eavesdrop and passwords can be identified. For this reason, backdoors are one of the greatest threats to IT security.
Spyware - Beware, Digital Espionage
Spyware is software that spies on the user behavior of the affected computer. Together with other valuable data, such as passwords and user names, the information is collected and sent to the attacker. The spied data is, for example, email traffic or the URLs of websites visited.
Spyware comes in different degrees. There are comparatively harmless variants that “only” log surfing behavior to place targeted advertising. However, there are also aggressive variants that collect everything to spy out the target system completely.
Scareware - the Business of Fear
Scareware is made up of the terms “scare” and “ware” of software. So it is malware that aims to scare users. In doing so, it plays supposedly dangerous behavior for the user to get him to actively execute malware. For example, the scareware tricked the user into thinking that their computer was infected with viruses, computer worms, or Trojan horses and instructs the user to buy an expensive program to remove the alleged malware.
The problem with scareware is that it is not easy to recognize, as the perpetrators usually imitate the names and brands of reputable antivirus manufacturers so that the user feels safe because he is installing a supposedly safe program from a well-known company. Once the user has downloaded the program voluntarily, dialog windows are loaded that look like a virus scanner but do not remove viruses. So the user paid money for something that never was.
In most cases, the scareware is difficult or impossible to remove. The only remedy is to uninstall Windows to get rid of the scareware. Most of the time, users catch the scareware via the Internet, whereupon a pop-up window suddenly pops up while surfing, which looks like a virus program dialog window. As mentioned above, this indicates alleged threats that the user should remove as soon as possible.
You should be particularly suspicious if warning messages or windows suddenly appear on the monitor that has never been there before and that point out alleged pests with particular urgency and encourage action.
Bots and Bot Networks - Targeted Remote Control of Computers
A bot network is a network of (up to several thousand) infected computers, so-called bot computers. These communicate with each other and are usually controlled and remotely controlled by a central server.
Consequently, from the point of view of IT security, a bot is a program that is specifically remote-controlled by an attacker and thus waits for an external command to carry out or start a predefined process.
For users, this does not necessarily have to cause damage. Since very simple processes are also carried out, the user usually does not even notice the application. However, bots are traditionally distributed using malware such as worms, Trojan horses, or viruses.
The main target of bots is denial-of-service attacks on providers of Internet services. With a sufficiently large network of bot computers, the attacker has the chance of overloading the attacked server provider by sending large amounts of data. Bot programs can also carry out attacks on infected bot computers themselves.
The target systems, i.e. the bot computers, are taken over by the attackers as inconspicuously as possible. A client is then installed on the target system, which waits for further commands from outside.
Ransomware - Ransom or Lost Data
This malware is very common for ransom extortion. The term ransomware is derived from the combined terms malware and ransom (English, ransom). The malware penetrates foreign computers and encrypts the data on the local hard drive of the foreign computer. This means that they can no longer be reached by the user.
The victim's data is encrypted using a complicated method and can only be decrypted with a password. To do this, the attacker usually demands a large amount of money, usually in the form of an Internet currency such as bitcoins or through payment via online payment systems such as PayPal.
After a successful attack by the ransomware, a window opens on the victim, which explains in text form that the computer has been infected and the data has been encrypted. The text also contains clear instructions on the steps with which the data can be decrypted again.
If a computer is infected with ransomware, the demands of the blackmailers should not be accepted. Instead, you should switch off the PC immediately and pull out the network cable. Then the chance is high that at least the majority of the data can be saved.
Phishing - the Tried Big Catch (for Confidential Data)
Phishing is an Internet fraud that aims to steal login credentials such as passwords, account and credit card numbers and other confidential information from users.
They are usually distributed in phishing messages in the form of fake notifications from Internet service providers, banks, and other organizations, in which the user is asked to update his account data for supposedly urgent reasons, such as data loss or system failure. Such messages can also contain threats, whereby the user is requested to check or update his data by a certain point in time. Otherwise, his account will be blocked.
Those who comply with this request are usually directed to a website that is very similar to that of a legitimate company and, due to its well-made input masks, appears serious and/or even looks familiar to the user. There are only small characteristics that can be used to identify fraud, including for example:
· Additional words in the URL (www.login-beispielbank.com instead of www.beispielbank.com)
· Use of dots instead of slashes (www.examplebank.com.personal.login or www.example bank.com-personal.login instead of www.examplebank.com/personal/login).
Scamming - the Fraud Business with Trust
The word “scamming” means “cheating” and defines scams on the Internet in which money is to be stolen from users. It is easy for attackers to find potential victims via social networks and various portals, not least because of the high level of anonymity on the Internet.
So-called romance scamming is a particularly popular and widespread method. The fraudster enters into an online relationship with the victim on dating portals or on other social networks. Once the victim's trust has been won, the fraudster specifically asks for money that he supposedly needs for plane tickets, urgent surgery, or even for the suffering child. The money is then usually transferred in good faith by the victim, who never sees or hears about the online romance after receiving the payment from the fraudster.
Scamming is of course also possible to use other methods. For example via online job exchanges in which the fraudsters guarantee their victims dream jobs, but demand a high processing fee for them. Also known as a scamming attacker is the Nigeria Connection, in which alleged businesspeople promise their victims large sums of money if they help to get large sums of money abroad.
Scamming also includes fake bills, fake messages about allegedly won vouchers, and quick wins as well as false reports from banks (e.g. victim allegedly overdrawn his account).
Dialer - Horrible Phone Bill Guaranteed
Dialer attacks are attacks that aim to use the target system to make calls to chargeable phone numbers. To do this, telephone connections are cut by programs (dialers) and connections to very expensive special numbers are established.
It is not for nothing that dialers were one of the most dangerous types of malware just a few years ago, as they not only cause serious problems but also horrendously high telephone bills. Since dialers are only effective on PCs that connect to the Internet via conventional modems, they are usually no longer very lucrative for attackers, as the Internet is now widely accessed via broadband access such as DSL.
Dialers are installed through security holes, for example by specifying an allegedly free download of special access software so that the user can see certain content. Once the installation has been completed, the computer no longer connects to the previous provider, but via 0900 or 0137x numbers with a high price per minute per dial-in - and this adds up to the telephone bill.
Third-Party Billing - Involuntary Purchases Made on Mobile Phones
In, the case of third-party billing, malware triggers a booking, order, or the use of additional services of the mobile phone provider. The involuntary addition of additional services to the user contract results in an exponential increase in the bill.
The traps for third-party billing lurk especially with advertising banners that are accidentally tapped, although a contract actually only takes effect after clicking on "order now for a fee" or "buy now".
Cases are also common in which users from a common website were suddenly redirected to a completely unknown website. Identification processes for the mobile phone number run in the background, with the payment information being sent directly to the respective mobile phone provider. Thus, the user unintentionally lands in a subscription trap.
The problem: This cost item is usually not easy to identify in the normal mobile phone bill at the end of the month, as the actual operators (third-party providers) are not named. All you can find is the name of a billing company that does the billing for the dubious subscription operator. However, this subscription trap only works if the cell phone is connected to the Internet via the cellular network.
Third-party traps can be prevented with the help of third-party locks, which block the identification of the mobile phone number for billing services. A third-party block can easily be submitted by email or letter to the responsible mobile operator.
Crypto Mining
Cryptomining is malware that wants to use the system resources of the target system to create blockchains to generate a cryptocurrency.
To generate new cryptocurrency units, you have to dig. To do this, computers have to solve complex computing tasks. Especially for smaller digital currencies such as Ether, Monero, or Ripple, the miners tap into the computing power of website visitors. As a rule, however, users do not notice this, except when the laptop fan starts up or the smartphone battery drains, although no applications that require a lot of computing power are running on the device.
More and more websites are doing crypto mining, especially those that are having trouble finding advertisers. Including, for example, portals with a dubious reputation such as porn or file sharing sites. In the past, however, supposedly reputable websites, such as the US broadcaster CBS, is said to have relied on crypto mining. CBS is said to have used up to 60 percent of the CPU performance of visitors on its streaming portal Showtime.com. Streaming sites are particularly suitable for crypto mining, as visitors usually stay on the website for a long time.
Conclusion: the list of typical malware is long. And as we know, harm seldom comes alone. Most system attacks are therefore usually a mixture of several malware programs. Various vulnerabilities are used in a targeted manner to get fatal malware onto the user's system through harmless malware.
Computer worms and viruses are often combined to cause the greatest possible damage. In this case, it is usually the case that a virus infiltrates a host program to spread and when it is activated it starts to work as an autonomous process - and then the IT security threat runs its course if there is no timely reaction.
No comments:
Post a Comment