What is Malware?
A software intent to infect a computer or do any fraudulent activities is called malware. There are various categories that fall under the umbrella of malware, like spyware, ransomware, viruses, worms, and trojans. The code of this software is typically designed by hackers or cyber-attackers who are intended to cause substantial damage to systems or to gain unauthorized access to a network to perform fraudulent activities. Malware is delivered from a link or a file attachment in an email.
Top 5 malware in 2019
- Zeus: Modular banking trojan which was designed to record keylogging, and compromise victim’s password.
- TrickBot: This is a trojan from the banking domain, and it is dropped by emotes. TrickBot is also known to download the IcedID banking trojan.
- Dridex: This is a banking trojan, which uses malicious macros in Microsoft office, with either embedded links or attachments.
- Gh0st: This is a RAT used to control infected endpoints. Gh0st is dropped by other malware to create backdoor entries in the network, to get full control.
- WannaCry: This is a ransomware crypto worm using the EternalBlue exploit to spread via SMB protocol, which stops the encryption process.
Malware detection Methodologies.?
- Virus Definitions: This is the first method conventional antivirus software utilizes to identify the virus. The program looks for signatures to detect new malware. The new malwares are studied for signatures, once the new signatures are confirmed and logged into the database. These signatures are used for future scans to identify viruses.
- Heuristic-based detection: This is a common form of detect system algorithms to compare the signs which are logged at the previous stage of analysis, but this can also give incorrect matches or negative matches, i.e software may report it is infected file but actually it is not.
- Behavior-based detection: Once the above tests are completed, the system then checks for the behavior of the program running on the system. The software notifies a warning message if the program begins to perform in the listed fashion:
- Settings of other programs are changed
- Dozens of files are modified or deleted
- Remotely connecting to computers
This is a useful method for finding viruses or any other type of malware that attempts to steal or log information.
Sandboxing is a technique where a computer program is restricted to have access to critical system resources and files running on the system. This will act as a secured layer to avoid harming the system by malware. Without sandboxing an application may have unrestricted access to all system files and user data on the system, the software can only have access to files that are available in the same sandbox. If any access is needed to the file which is not present in the sandbox then that permission has to be provided explicitly.
On the other hand, there are drawbacks to this technique, as we can see the change in the performance of software due to limited access to system resources.
From above we can understand what is malware, and how they are segregated in categories, each malware category intended to have different goals. Some are used to choke up the bandwidth of the system, some are for creating loopholes for more malware to enter, some to infect files, etc. And these are really a substantial risk for business and Cyber World and hence it is really important to know malware categories and symptoms of each category for proper actions to be taken against it. It is also important to understand malware so that the necessary precautions should be taken against malware.