Introducing Malware When we read about hacking in the news, we usually hear that massive corporates or government departments have been breached and some kind of corporate database has been stolen. We truly live in the age of the data breach , were hackers break into an organization’s infrastructure and purloin millions of records of personal information, either from their customers or internal staff.
Some of the biggest breaches of recent times, such as Target, Sony, Anthem, LinkedIn,Facebook, Marriott, Experian, Zoom, Adobe and the US Office of Personnel Management , have garnered massive media attention, however what we don’t normally usually hear in the news coverage (or at least without digging a little deeper) are details relating to how the hack occurred. How did the attacker infiltrate the company network, what vulnerabilities were exploited, what flavor of malicious software (malware) was employed by the attackers and what countermeasures were in place that may have been bypassed or failed? These questions are the kind of questions that security managers and security staff need to be asking, since putting yourself in the role of an attacker is by far the best way to ensure that you see how your organization could be attacked.
Viruses, worms, Trojan horses, rootkits, spyware, adware—the list goes on. In our modern computing environment , especially when hooking into the Internet, you’ll be bombarded by an expansive collection of technical threats, each of which is ready to strike at the heart of your computer system, preparing to steal your information, take control of your computer, or deny you of its service. To remain productive, these threats need to be kept at bay; however, the landscape is confusing. How do you know if you’ve plugged all the holes, bolstered the network, fortified the servers, and made sure your users are safe? Furthermore, what are all these different kinds of malware and how do they operate? Do they act autonomously or can these malware types integrate with other kinds to collaborate on making the threat greater than any individual hazard? Let’s start by looking at the different classes of malware and how they operate.
One common misconception is that Trojan horses, worms, and viruses are the same thing, with the terms being used interchangeably both by practicing security professionals and the media. However, each kind of malware operates and executes in a very different way, so it pays to be clear and concise when you categorize any given sample.
Malicious software is a vast and extremely complex subject matter and researchers spend their entire career understanding the theory and practice of this insidious threat. In this book, we can only go so far in showing you what kinds of malware are out there and how they operate, however, by the end of this chapter you should be able to classify different kinds of malware from their behavior and determine which defenses should be deployed or configured to mitigate any given threat. Furthermore, it’s unlikely that an attacker will use just one kind of malware in an attack. Typically, attackers will layer a variety of technologies on top of each other, in part to disguise what they are doing, as well as to affect some kind of change on the end system, maybe to extract data, maybe to open a backdoor, or simply to cause disruption through a denial-ofservice.
At the highest level there are a few broad categories that contain most kinds of malware. Over the next few pages, we will look at the following:
- Types of malware
- Denial-of-service (DoS) attacks
The first thing we need to do is look at what malware actually is, simply because it can be quite confusing to anyone relatively new to information security. Malware, as you may have guessed, is a contraction of malicious software and has become the generic name for any nefarious software that runs on a computer system with ill intent.
If you were to look at the information security taxonomy, malware would be the family name for all of the kinds of bad software, more often than not wrongly labeled as viruses, such as Trojan horses, Spyware and Adware, key loggers, rootkits, ransomware, scareware, backdoors, as well as any other program that will do you harm.
Malware can disguise itself as a legitimate application on your computer, in some cases attaching itself to legitimate software in the same way that a biological virus attaches itself to healthy cells. Furthering the analogy to diseases that infect living organisms, some malware needs a host in the same way a parasite does. These programs operate without infecting another application as they tend to be standalone applications which exist and propagate independently. The reality is that there are dozens of ways that malware can infect your systems and each kind of malware can have a variety of ways that it will propagate from one system to another