Malware, short for malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.
Malware is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
- Malware includes computer viruses, worms, trojan horses, spyware, adware, and other malicious programs.
- Malware has caused the rise in use of protective software types such as anti-virus, anti-malware, and firewalls.
- Malware is often used against individuals to gain personal information such as social security numbers, bank or credit card numbers, and so on.
- Spyware is designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator.
Malware
Software which has been designed to operate in a malicious, undesirable manner.
Spyware
Programs that surreptitiously monitor and report the actions of a computer user.
Adware
A software application that includes advertisements, which are displayed while the software is running. Developers use adware as a source of income and to keep the costs of the software down (usually making it free). Some adware programs can include spyware.
How do people get infected?
Malware uses malicious code to exploit security vulnerabilities in a target machine and install software without a user’s permission. Traditionally, infected media like floppy disks would transfer viruses from one machine to another. With the popularity of the internet, however, nearly all infections occur from online sources such as scam emails, social media messages, and hacked websites.
Malware Analysis
Analyzing malware, or malicious software, is more of an art than a technique. Because of the wide nature of these products, there are limitless ways to hide functionality.
Some common tools for malware analysis include simple programs like strings. More complex analysis can be conducted by looking at the headers of executables with programs like PEiD and PeExplorer. Finally, the most complete analysis can be done with debuggers like IDA Pro and OllyDbg.
There are two types of techniques to analyze malware. The first is behavioral analysis, which captures changes to the system process, disk, registry, and network (communication). This can be accomplished with the tools stated above.
- Process Monitor (sysinternals) – Shows real time file, registry, and process/thread activity Process Explorer (sysinternals) – Displays all active processes and information on those processes RegShot – Snapshot of registry and file structure CaptureBat – Registry changes, file deletions, file structure changes What’s Running – Similar to Process Explorer but more detailed.
Process of behavior analysis consists of running: Enable all the monitoring tools and run RegShot Run Malware in VM Terminate Malicious Process Pause tool and review logs (3/4 can be switched as needed) - Reviewing Code - Malicious software is often distributed in the form of binaries and can be viewed through debuggers and disassemblers. Statistic analysis is the process of collecting as much information as we can without running the tool. This can be accomplished by using the tools stated in the Static Analysis section.
For example: BinText or Strings will pull out embedded strings contained in the executable. Dynamic Analysis is the process of actually executing the binary and stepping through the code processes using OllyDbg.
How do I prevent infection?
Malware distributors are continually finding new vulnerabilities in popular software such Windows, Java, Flash, and Adobe Acrobat. Software distributors, therefore have to release continual updates to patch the holes. This cat and mouse game is ongoing, therefore
- Installing updates as soon as they become available is important.
- Also, keep an updated virus scanner. There are plenty of free ones like Avast or Microsoft Security Essentials.
- While you’re at it, download a malware removal tool so you can fight back if you do get infected.
- Lastly, BACKUP YOUR STUFF so if something bad happens you can get your data back.
CORE Impact Professional is the most comprehensive software solution for assessing and testing security vulnerabilities throughout your organization.
IBM Rational AppScan Enterprise is a scalable solution to help resolve application security vulnerabilities, offering recommendations to simplify remediation.
HP WebInspect gives security professionals and security novices alike the power and knowledge to quickly identify and validate critical, high-risk security vulnerabilities.
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits web applications by checking for hacking vulnerabilities.