TYPES OF MALWARE

WHAT IS MALWARE?

  Malware is malicious software that is designed to affect computer operations or gaining access to the computer system without the user’s knowledge or permission. Computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware are some of the malware. Malware is simple to identify. Most cybercriminals target the user’s end devices through the installation of malware.

VIRUSES:

  A malicious executable code attached to another executable file is known as a virus. Most of the viruses need the end user’s initiation and can activate at a specific time or date. Computer viruses are spread through removable media, downloads from the internet, and email attachments. The virus can be simple or destructive. They may delete or modify the user’s data. Opening a file may trigger a virus. The USB flash drives are infected by the virus and then spread to the system’s hard disk. A virus will also be activated by executing a specific program. Once the programs get infected by a virus, it will affect the other programs on the computer network. The Melissa virus was an example of a virus that has spread through email and affected thousands of end-users.

WORMS:

  Worms are malicious code that exploiting vulnerabilities in networks. Unlike a virus, they replicate independently. Viruses require a host program to run whereas worms can run by themselves. Worms are used to slow down the networks. Other than the initial infection, worms no longer need the user’s participation. Worms share similar patterns and once they affect the host they can spread fast through the network. Worms propagate themselves by carrying a payload. The code red worm in 2001 has affected nearly 658 servers.

TROJAN HORSES:

  A Trojan horse is a malware that carries out malicious operations. It is disguised under the desired operation such as playing an online game. Once the user runs the files with Trojan horse, the malicious code exploits the privileges of the user. The Trojan horse binds to the non-executable files. Some of such files are image files, audio files, or games.

LOGIC BOMBS:

   A logic bomb is a malicious program. It requires a trigger to work. It remains inactive until it is triggered by an external event. Once the bomb gets activated, it harms the user’s computer. A logic bomb can modify data records, or remove files or attack the operating system. The logic bomb overdrives the devices like cooling fans, CPU memory, hard drives until these devices get overheated or corrupts.

RANSOMWARE:

   Ransomware holds the files and devices until the target makes the payment. It works by encrypting the data with a key unknown to the user. To remove the restriction, the user may pay a ransom to the criminals. Some other versions of ransomware can take advantage of specific vulnerabilities to lock down the system. It may enter through the downloaded files or sometimes it may propagate as Trojan horses. Once the victims pay the ransom, the criminals will issue the key to unlock the code or the programs that decrypt the files. They receive the payment through the untraceable payment system.

BACKDOORS:

  A backdoor refers to the criminal introduces the malicious program or code by compromising the system. Netbus and Back office are some of the backdoors that allow remote access to unauthorized access. Even though the organization fixes the original vulnerability, the backdoor grants the cybercriminals future access to the system. Usually, criminals run a Trojan horse program to install the backdoor to the user’s system.

ROOTKITS:

  To introduce a backdoor in the system, the rootkits help to modify the operating system. The attackers use the backdoor to access the system. Most rootkits take advantage of software vulnerabilities to modify or delete the system files. Rootkits modify the system forensics and monitoring tools.

DEFENDING AGAINST MALWARE

  Some steps to follow that defends against all types of malware:

·        ANTIVIRUS SOFTWARE: Most of the malware is caught by the antivirus suites. On the daily basis, cybercriminals develop and deploy new threats. Therefore the key to an effective antivirus solution is that keep the systems updated. A signature is like a fingerprint to identify malicious codes.

·        UP-TO-DATE SOFTWARE: Through the software vulnerabilities in software both in the OS and applications, malware can achieve its objectives. The application-level vulnerabilities also cause severe risks to the system. So always use the up-to-date software.

.

Google removes FlixOnline that is spreading malware via WhatsApp

Highlights:

  • A fake Netflix-like app promises to provide free Netflix content.
  • The FlixOnline spread malware via WhatsApp conversations.
  • After hundreds of downloads from Play store, it was finally removed.

About 3 weeks ago, this is what has happened.

As users of internet, we are advised to use apps from reliable sources like Google play store or Apple app store. But sometimes, fake apps like FlixOnline bypasses the online security and protection of Play store and enters it. The FlixOnline combines the popularity of Netflix, the traditional social trigger (‘free’) and the pandemic situation to its favour.

Instead of doing what it says it does, it sends automated reply to WhatsApp conversations luring them with free Netflix. The “wormable” malware spreads further via malicious links. The automated message says “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS) * Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE ” and it provides a link. The link was designed to gain complete access to the user’s WhatsApp if clicked. “Theoretically, through these auto-generated replies, a hacker can steal data, cause business interruptions on work related chat groups, and even extortion by sending sensitive data to all the users contacts,” the researchers noted.

The FlixOnline malware when installed requests ‘Overlay’, ‘Battery Optimization Ignore’ and ‘Notification’ permissions. These are used to create new windows on top of other apps. The new windows are often designed to look like fake login pages nudging the users to enter authentic credentials. The notification access enables to app to “dismiss” or “reply” to messages while the battery optimization access is used to keep the app running in spite of turning off the app.

The Check Point Research notified the Google about this malicious app that was in its platform. Google was quick to remove it. It was reported that, in the course of 2 months, there were around 500 downloads.

To keep the phone safe, uninstall the app immediately and do not click any malicious links. Recheck your WhatsApp if any messages have been sent. Resetting the system would clear any malicious codes or files in it.

Next time, if something says ‘free’, BEWARE, it might ‘cost’ you a lot.

Photo by John-Mark Smith on Pexels.com

Cybersecurity

Cybersecurity is the practice of protecting yourself cyber-attacks, that are targeted to access, change, steal away your inestimable information. The information could be used to extort money, interrupt normal business, or intrude elections. It is challenging because now technology can reach out to the common people far easier than ever before, the amount of data transferring over the internet is unprecedented. Even governments, military, corporates organizations are collecting your precious data for your good as they say. A significant amount of this data is sensitive and if bad guys have access to it, this could be used in many malevolent ways. People are relying more and more upon the internet, for a business, a better lifestyle, but nothing is free. The lucidity comes with a cost. With the data getting bulkier getting every moment, leaks are always possible and you could not protect yourself against attacks due to leaks. The data transferred over the internet is encrypted with keys about which only the sender and receiver know about it. The fight is to secure the key either by increasing the length of key or introducing as much randomization as possible. Both these ways have their limitations. Longer key makes the transfer speed slow and also the CPU has to do more work making the system slow. While randomization because the ways to randomize are limited. Some ciphers used to encrypt are-

  • Substitution Cipher
  • Caesar cipher
  • Monoalphabetic cipher
  • Polyalphabetic cipher
  • Vigener cipher

But the limitations of many ciphers is that key size is small which makes them susceptible to brute force attack. Brute force attacks are attempts to create every possible key by trying each and every permutation. This is a last resort for the hackers since it is tedious and time taking.Some cybersecurity threats are- 

  • Phishing- The practice of sending fraudulent emails that seem authentic but are designed to steal away the login data or credit card information. The data entered is transferred to the fraud address rather than the authentic address.
  • Side-channel attacks- Side-channel attacks are determined to extract information that devices are leaking out. Everything around us is now digital, which relies on electricity, and we all know that magnetism is complementary to electricity. We send data packets over the internet that interferes with the magnetic fields of those appliances which in turn affects the electrical appliance, we are not sensitive to the changes that are caused due to this but other electronic appliances are. Types of equipment are engineered to read the variation caused which could be used to read inside the data packet or use it to read the keys. Also, the vibrations in the mechanical parts of the devices cause an acoustic noise called ‘coiled whine’ which is in sync with the computation going on. Since cryptoanalysts design secure pathways by making some assumptions, but hackers violate those assumptions to ease off their tasks of ramming into the gates of cryptography.
  • Malware- Softwares like viruses, trojans, or spyware designed to gain unauthorized access and cause damage to the system. 
  • Ransomware- Most notorious as it blocks access to the file or the system until the Ransom is paid. The main problem is, paying the ransom doesn’t guarantee access to the files or the system.
  • Social engineering- This attack relies on human interaction. The users are tricked to leak their personal and sensitive data themselves most common being romance scams. Where attackers disguised as users of chat rooms, dating sites trick the victim to leak their data.

The systems used are not secure since they are antiquated. With the advancements in technology, the attackers have enhanced themselves but not the systems used by institutions due to financial obstructions. In 2014, a blast furnace of the German steel plant was shut down remotely by hackers that led to massive damage. Authorities suggested hackers used phishing as well as social engineering to infiltrate the plant. Wannacry the most notorious of the ransom wares recently hit the world hard leaving many banks, health infrastructures aghast. A report published by Group-IB in February 2020 suggested that credit card details of 460,000 users were put on sale on the dark web. many of those details have been collected through bank portals. You can’t defend yourself from being attacked, all you can do is be vigil. Don’t open up spam emails, use credit cards and debit cards judiciously, and never try to leak your data. These steps won’t ensure you being protected from cyberthreats but sure could make you a less appetizing prey.