The Threat Of Evolving Malware

Malware is defined by any piece of software that is intended to harm a system or network. There are many different types of malware, these include viruses, trojans, worms, ransomware, rootkits, adware, spyware, and keyloggers. The evolution of Malware has been increasing substantially over that last decade. Governments, corporations and individuals alike are all been subject to cyber attacks. Different hackers have various reasons for creating and spreading malware. Once malware has been installed on a system, the privacy and security of the computer system as well as possibly even the network have been compromised. This can lead to many negative outcomes like browser crashes and instability, or poor system performance, or in cases of ransomware, extortion.

The development of malware has been evolving rapidly over the past couple decades. With each release of new malware, additional layers of functionality and protection are added. This protection is utilized to hide the program, enabling it to infect unsuspecting users. By the mid-2000s, there was already more than a million different types of known computer worms. The development of these various types of worms stemmed from the initial deployment of what is known as the Love Bug worm. A nasty worm that would overwrite random types of files and send copies of itself to all addresses in the Windows Address Book. This self-spreading virus was revolutionary for its time. Merely 15 minutes after its release, it had already infected millions of computers worldwide. This sparked wide-spread panic among security specialists and internet users alike. This was the beginning of law enforcement pursuing Blackhat hackers and other nefarious internet users who had committed computer crimes. This included illegally downloading songs off of peer-to-peer clients like LimeWire. Ultimately it was concluded that the individuals who downloaded music were not to be charged and the one who provided the peer-to-peer platform would be charged with all counts of illegally downloaded files.

Recent developments in computing has seen to the creation of what is known as cryptocurrencies. These decentralized currencies have no government behind them. This means that they are bank-less, and payments are borderless. This enables cryptocurrency users to seamlessly pay for goods or services word wide despite any limit on transnational fiat payment. Bitcoin is one example of a Cryptocurrency that is widely used. To obtain bitcoins users must do what is known as mining. Bitcoin mining is done with the use of a special software that utilizes computer system’s CPUs in order to solve complex mathematical equations. With each completed equation, users are given Bitcoins as a form of payment. It did not take Blackhat hackers long to realize that they can utilize cryptocurrencies by implementing these cryptocurrency miners into their malware and being rewarded with bitcoins. The more users that have been infected by the malware, the more bitcoins the individual will receive in return.

Many advancements in computing technology have simplified the creation and spread of malware. One of these creations, which is discussed in the article New Attack Tricks Antivirus Software, is the implementation of Web 2. 0 as well as a new method of obfuscation titled dynamic code obfuscation. Web 2. 0 was the beginning of a new browser revolution. It enabled users of the world wide web to share their own content. This advancement unintentionally made it much simpler to spread malware among a large crowd of internet users. Hackers used Web 2. 0 coupled with dynamic code obfuscation to embed browser vulnerabilities like JavaScript exploits into easily accessible places like web page ads and public databases. Dynamic code obfuscation works by utilizing obfuscation and polymorphism to alter any detected malicious code and make it undetected by virus software. This means that many times web users would not even be aware that they were infecting their PC and by the time they realized it had happened, it is too late. This led to big problems for the security community.

One solution antivirus vendors came up with was to determine whether a file is malicious by a static analysis of the dynamic code obfuscation. They did this by attempting to identify the pattern behind any potential code obfuscation. Once determined if there had been any altering of program code, the software would attempt to de-obfuscate it to its original form. This was a great advancement for antivirus software companies because it allowed them to view pieces of malicious code and block it in real time before it could have any effect on a system. Other developments in computing have rapidly increased the spread of malware. Peer-to-peer applications, social media, and mobile devices are a few that come to mind. Programs like Napster, LimeWire, and other peer-to-peer applications are easily downloaded on the web by any user who wishes to. While the users of these applications may ultimately receive what they are searching for, they are also putting their systems at a significant risk to various kinds of malware. Peer-to-peer platforms are one highly popularized way that Blackhat hackers love spreading their software. This is because they are easy to navigate and use, and they typically have very large userbases which make spreading malware to a large group of users much easier. Other methods of spreading include social networking websites such as Myspace, Facebook, Instagram, and Twitter.

Similar to peer-to-peer networks, these platforms are also widely used for the spreading of malicious software. This is because the userbases of these platforms are also very large and easily accessible by millions on a daily basis. However, the act of spreading of the malware is done similarly to that of JavaScript exploits. Most times the software is embedded in ads or other hyperlinks attached on the websites. These hyperlinks take users to other websites that once visited will infected the user by self-downloading and running the malware. With social media and peer-to-peer platforms being as prevalent in society as they are, I believe that it is vital that we educate all users of the world wide web to these significant security threats. It’s vital to our safety online that all internet users know of these vulnerabilities and the ways in which malware is spread. This will aid in the exposure of malware and ultimately reduce the total number of infections spread online. Many hackers create malware for different reasons. Some develop it because they wish to learn the ins and outs of computer systems, how they work, why they perform the way they do. All purely for educational purposes. However, there are many others whose intentions are purely monetary. These individuals are the ones who create software such as ransomware to coerce computer users into paying some fee for the protection of their data. But it does not stop there. There is theories and speculation surrounding the use of malware by governments and military as a weapon.

In November of 2008, the Conficker worm was discovered. The result of this worm was the infection of more than 15 million machines worldwide. Many security specialists and computer researchers theorized that Conficker was not only an experimental worm to test out new functionalities and spreading capabilities, but it was also a state-sponsored experiment. This was never confirmed and is still disputed to this day. However, two years later in 2010 with the discovery of Stuxnet and variants like it, such as Duqu and Flame, Government culpability was deemed highly likely. Although the origins of Stuxnet are disputed, it is widely accepted that it was a government orchestrated operation. The goal of Stuxnet was to infiltrate the SCADA systems of Iran’s nuclear power plants and disrupt the production of nuclear material. It targeted the programmable logic controllers which enable the automation of electromechanical processes. This caused the plant’s centrifuges to spin uncontrollably and tear themselves apart. The impact of this was reported to have reached 20 percent of all Iranian nuclear plants, rendering them unusable. The worm ultimately targeted over 200, 000 computers and caused more than 1, 000 machines to physically decay. The Stuxnet may have been created for the sole purpose of interfering with Iran’s nuclear program, but it can be used in many more nefarious ways. The same programmable logic controllers that control the centrifuges at the Iranian nuclear plants also control machinery on industrial systems. This includes but is not limited to factory assembly lines, airport conveyor belts, and amusement rides.

To conclude, I think it is very important that users of the internet are aware of the threats looming around every corner. It’s vital for web users to remain vigilant when browsing online, and to never become complacent with their security practices. Malware is evolving every day. While there are still significant developments daily in the field on antivirus software, it’s important to understand that the same goes for those creating and hiding malware. The potential for malware to slip through the cracks of antivirus software is always a possibility. The future of computing and malware is unknown. There are threats lurking at every corner of the web, and you never know if the sketchy file you downloaded off of a peer-to-peer app is just your standard run of the mill malware that has been recycled and reused, or if it’s the next big thing. Remember to always stay safe while online and that everything done privately online has the potential to be compromised by malware.