Malware and Defending against Malware

Trojan Horse

This paper will talk about malware, malware is code that is designed with capabilities to breach a system. I'm going to focus discussing a variety of malware, especially some well known malicious code.

  1. Trojan Horse:

A Trojan Horse is malicious code that is designed to appear as a harmless application. Like a video game that is offered as a download on a website you just visited. The Trojan Horse comes from the Odyssey, where a large horse holding soldiers is used to gain entry to the city of Troy. In the background, instructions are executed, that allow the Trojan to perform many tasks. Such as stealing passwords, installing additional malware, activating a webcam, taking a screenshot of the desktop, and more. Trojans can infect a system by malicious advertisements displayed on a popular website. Even the most trusted website can fall prey serving malicious ads.

  1. Worm:

A worm is malicious code that is capable of self-replicating. A worm doesn't need to attach itself to a file to spread. A worm will spread over a network, then infect any systems that are vulnerable. A worm infects a system by exploiting system vulnerabilities. Therefore, its a good practice to always apply patches as soon as possible. There would be less damage done if the system had the patches to protect against these vulnerabilities.

  1. Ransomware:

Ransomware is malicious code that prevents access to files, or a system. Then gives the opportunity to regain access to said system of files, in exchange for money. Ransomware is usually delivered via a Trojan, or an exploit kit. An exploit kit is malicious software designed scan a system for vulnerabilities. These include 0-day vulnerabilities, 0-days are vulnerabilities that are unknown to the company that provides the software. Exploits kits are used with malicious advertisements, or are placed on a website that has been compromised. An exploit kit will perform redirects until it stops on the final domain where the payload is delivered. The common payment method used with ransomware is bitcoin, a popular cryptocurrency. Another form of ransomware is the infamous “police ransomware, or “FBI ransomware”. This ransomware was delivered through malicious ads on pornographic websites. An exploit kit delivered the ransomware after successfully exploiting a system. This ransomware is called the Reveton Ransomware.

  1. Virus:

A virus is malicious code that has a long history. A virus infects a system, usually through infected media. Such as floppy disks, compact disks, and infected documents. A virus will spread by attaching itself to a file, or a disk. A virus performs actions like, deleting files, wiping an entire system, or constantly opening the optical drive. Computer viruses used to be mostly harmless. They would also be whimsical at times. The internet archive has a museum that showcases malware for MS-DOS systems, and other older operating systems here.

  1. Adware is an application that injects ads. These programs are bundled with other software. While adware isn't as harmful, its still considered unwanted. Hence the term PUP (Potentially Unwanted Program).

  2. Spyware is malware that secretly gathers activities, then reports them back to the organization, or individual that created the malicious program.

Avoiding Malware

To avoid malware its best to perform these important tasks.

  1. Keep Your Software Up To Date:

Always try to update to the latest version of the application from the software vendor. Use Ninite to make it easy to install the latest update.

  1. Back Up Your Files:

Always back up your files, that way when a problem occurs. You have a backup ready to get your system back up with all your important files included.

  1. Install from a legitimate website:

Avoid visiting websites that claim to offer free offers. These offers are too good to be true. So avoid these websites at all costs.

  1. Don't click on suspicious email attachments:

A friend, coworker, or relative. May have get their email account compromised. You will receive multiple emails, telling you to open the attachment. Email services have spam filters designed to help keep spam out of your inbox, but there is always the chance that a malicious email may get through and land in your inbox. Always double-check.

  1. Use Anti-Malware Programs:

Anti-Malware can help defend against infections. Always make sure to keep the signatures up to date. Although not every anti-malware program will be able to protect against every threat. It is still a good program to have.

  1. Use a multi-layered defense:

Use a firewall, anti-malware, good habits, and backups. One isn't enough, today you need to have multiple protections in place.

  1. Threat Modeling

Create a threat model that is tailored to the needs of you, or many. What is the biggest risk, what systems are most likely to be attacked, is your staff prepared, is your response to a threat effective? Always evaluate the environment around you. Then apply based on your findings.

This paper is based in the M.I.S.S. model, short for Make It Simple Security. A project I created a long time ago. The project is design by making security more accessible through making security less metaphorically painful.