In today's world it is hard to believe that low level code is still able to run on machines and avoid detection. Governments find they are defenceless and lose control of their own environment. This article will focus on malware like Flame and others, and measures that can be taken to counter these threats.
As software is evolving, some developers are taking precautions and implementing security measures to ensure their newly developed products are more secure, however the threat of malware is increasingly prevalent. As technologies improve to counter these threats so have the malware evolved to infiltrate deeper into the code. Additionally more sophisticated approaches are being taken by the bad guys to get malware into vulnerable systems. It is surprising to find that they even hijack software update services so that when machines are updated, instead of security patches and software updates, malware is downloaded and installed.
New attack vectors are being developed for this "social" age like infection through social networking sites, attacks that are analogous with the past are still causing havoc in 2012. Traditional computer viruses are still secretly infecting files, causing computers to slow down and using our computers as hosts to infect sites as well as other computers and networks.
Malware can be described as follows:
- Adware-programs that place advertisements on your screen through various means.
- Spyware- Spyware is used to gain information about you or data on your computer and redirect it to another location. Information such as your personal details, browser history, login names and passwords and credit card numbers.
- Hijackers- Hijackers target internet explorer. They take control of various parts of your web browser, including your home page, search pages, and search bar. They redirect you to sites you would not go to otherwise.
- Toolbars- a toolbar that is installed through devious means falls into the category of malware.
- Dialers- a program that sets your modem up to dial to a number which incurs you with a hefty phone bill but makes someone else wealthier.
- Deepware- this is a new term that I have coined that is mal code that runs deeper than the OS and runs like a rootkit at a very low level, mostly undetectable by common AV.
Effects malware can have on your computer
- Malware causes your connection to slow down
- Malware causes your computer to slow down; badly written code can cause your computer to crash.
- Malware can cause your computer to display error messages continually.
- Malware could cause your computer to be incapable of shutting down or restarting as it keeps certain processes active.
- Malware could be used for identity theft to gather personal information or data from your computer.
- Malware can hijack your browser to redirect you to sites for its purposes.
- Malware can infect your computer and use it as a server to broadcast various files or attacks.
- Malware can send spam through and to your inbox.
- Malware could send emails you did not write getting you or your company in trouble.
- Malware can infect your computer giving an attacker control of your system and your resources, like your connection.
- Malware can cause new and unexpected toolbars to appear.
- Malware can cause new and unexpected icons to appear on your desktop.
- Malware can be invisible and have no known or noticeable affect and run on your computer undetected if it's well written.
Malware prevalent in 2012
Within the last couple of months powerful Malware has been discovered. The newest malware threats include:
- Flashback Trojan
- Artemis Trojan
Flame was very recently discovered in May 2012. It is also recognised under the names Flamer and Skywiper. It is believed to have been around for the past two years (can you believe this?), however only recently detected. With over 1000 initial attacks on various computers including government organizations, educational institutions and private individuals, Flame has been described as the most sophisticated malware ever found, being modular this 'package of destruction' is 20MB when completely installed.
Flame is the first malware to use a cryptographic technique, prefix collision attack, allowing the virus to fake digital credentials to help it spread. This malware attacks computers running Microsoft Windows operating systems easily spreading to other systems over the LAN or via USB. Flame gathers data through recording audio, screenshots, keyboard activity, Skype conversations and network traffic. It also uses the infected computer as a Bluetooth beacon which then attempts to download information from nearby Bluetooth enabled devices. All the data gathered is sent to command and control servers set up around the world. After the damage is done all trace of the malware is wiped from the computer as Flame supports a 'Kill' command which achieves this.
The worrying part of this type of malware is that it is going around undercover doing no detectable damage however silently collecting critical information for future destruction. The level of destruction with this Malware could be endless because of its modular structure, after infecting a computer with the initial Malware more modules are easily added to achieve various functions.
The security afforded to Apple users is now a thing of the past. In previous years the attacks on Apple users by worms, viruses and hackers was minimal. The Flashback Trojan, first discovered end of 2011, has been described as the worst security disaster to invade Macs. The global attacks of Macs and Macbooks running on the OS X platform have reached huge numbers, over 600 000, and are showing no signs of slowing down.
The increase in numbers of Apple users make these devices a great target for malicious attacks, hackers will keep searching for loophole's or ways into these systems.
This Trojan has been listed as one of the top ten malware recently causing over 30% of malware infections and is the most extensively spread malware in recent times. Trojan.Win32.Generic enters your computer via the backdoor, installs itself and goes about its destruction. It uses software vulnerabilities on your computer giving remote hackers access to the infected computer. With access to your computer the potential damage could be huge.
The Artemis Trojan has been worrying many globally. This virus has the capability to infect computers and then uses them to display false information like false security websites. Although the Artemis Trojan has been around for the last couple of years its activity in 2012 has increased. The biggest concern is around detecting this Trojan as many of the cases are inconclusive whether it is actually the virus or a false detection of it. This uncertainty is destructive in itself.
With today's age, where everything is moving into the Cloud, this particular virus is a great concern. Scrinject.b is a cloud based malware collection system. This Malware has the ability to collect data all across the globe.
Steps that can be taken to thwart malware
- Enable your firewall settings and keep the firewall enabled at all times, if you don't trust your OS firewall get a better one, there are many good free ones online.
- Keep your computer up to date with the latest updates.
- Keep your computer up to date with the latest antivirus and anti-spyware/malware software.
- Use secure browsing, make sure your browser security setting is high enough to detect unauthorised downloads.
- Install more than one type of anti-spyware program on your system, as all programs have their imperfections something the one may miss the other may detect. A combination of programmes will detect a broader range of malware.
- Manage your computer. Set up regular scan- and -detect functions to keep control of your system.
- After installing new software always do a scan-and-detect on your system.
- Be careful when installing software. We often do not read the EULA's at all and quickly click the accept button. It's best to read the EULA and make sure that any third party software that is allowed to be installed is safe.
- Make sure you are knowledgeable of the malware out there. Make sure you are always up to date with the latest malware.
- Back up often and save your data, be prepared if your computer crashes.
- Don't click on links or open attachments in emails unless you are sure of their content.
- Download and install software from websites you know and trust.
- Use a pop-up blocker and don't click on any links within pop-ups.
- Use a sandbox, if you download something you are unsure of, run it in a sandbox.
- Solidify your computer, there are many applications out there that allow you to solidify your computer, effectively hashing your entire machine and now allowing anything else to run without authentication.
- Check for rogue process and services, this is simple enough to do but you should make a habit of doing this often to ensure nothing has crept in.
- Use a VM for any other software that you are not going to run in your production environment, just like a sandbox a VM can isolate something you are unsure about.
The motivations behind malware have changed over the years. If we look back at the earliest instances of malware they were developed for playful taunting, rather than with a particular malicious intent. Things have changed significantly over the years; coders are now developing malware for a specific purpose. Malware is used for money making or as a way to gain power through destruction or gathering of intelligence and critical information.
We can take precautionary measures to protect ourselves against malware and its consequences, by follow the steps listed above.
Malware is still very much a part of today's computing. As quickly as researches try to develop measures to counteract Malware, Malware coders will be developing new programs and finding new ways to infect our systems, and so the cat and mouse chase will continue.