hi guys,
a small guide on malware ...
What is Malware?
Malware is short for Malicious software, and simply is any software designed to damage or disable computers and/or computer systems.
Some of the most common types of malware (many of which can be found on HF) are Viruses, Worms and Keyloggers.
The History of Malware
I did not and do not claim to have made this image.
Types of Malware:VirusA virus will, most often, appear in a .exe format and when executed will insert or install its self into a certain area(s) of a computer, these areas would now be considered "infected". Once the computer is infected the virus can now perform any task that it has been tasked to do. A virus will almost always perform harmful opperations such as stealing or corrupting data. Viruses can also carry other Malware such as Keyloggers. One reason that a virus can be hard to remove is that they often replicate themselves and install clones into other areas of the victims computer, meaning, if one virus is found there is bound to be the exact same one somewhere else in the system.
Now, there are different types of virus which I will briefly explain here:
Boot-Sector Virus: This is a virus that is stored in The Master boot Record. What this means is the virus will run almost instantly after BIOS. Because of this the virus is instantly loaded into memory and can from there control the computer.
File Deleting Virus: This is a virus that is designed to break the computer. It will delete key parts of the operating system, rendering it unusable.
Macro Virus: This is a virus that is written using a Macro programming language like VBA. this allows the virus to be stored in a file such as an excel spreadsheet and transfered from system to system this way.
Polymorphic Virus: This is a virus that can change their code every time they infect a different system, this makes it near impossible for an anti-virus to detect them and gives spreading methods almost endless possibilities.
Armored Virus: These are viruses that are designed to be hard to break, designed to be hard to locate and sometimes even have the ability to fight back an anti-virus. Some people consider that by cripting a virus it is an armored one.
Retrovirus: This is a virus that will actually try to attack and disable an anti-virus application. Some people call this an anti-anti-virus. Some destroy the anti-virus and some disable it.
KeyloggerAs the name suggestes, a Keylogger is a type of Malware that will log the keystrokes of the victims computer. This is most often done without the victim knowing and can be used to steal sensitive information (mainly passwords) from the computer. Previously, keyloggers would save the keystrokes to a file, hidden on the victims computer and later upload them somewhere. However, with the ever expanding world of Malware it is now possible to have your keystrokes broadcasted live to the attacker.
WormThe main trait of a computer worm is its ability to spread to an almost endless amount of computers. Worms are designed to spread without the need of human interaction. Lots of worms are created to spread and not neccissarily harm the infected, however, disuption in the form of network traffic can be achieved. Worms can be used to harm a computer system, they can delete data or make the infected computer accessable and controlable by the original worm creator.
AdwareAdware is a type of malware that will force the infected computer to display and view adverts in order to give the advert publisher more revenue. Recently with the boom of PPD websites a form of malware, which is considered by some to be adware, "Survey Lockers" have been introduced which lock down someones computer and force them to complete a survey in order to re-gain access.
SpywareAs the name suggests, Spyware is designed to spy and gather information on someone. Spyware can be delivered in the form of a virus or worm and can aid an attacker in identity theft or steal other information such as credit card details and other financial information.
RansomwareRansomware is a type of malware which will restrict a users access to his/ her computer. It will then demand a ransom to be paid in order for the system to be unlocked. Some ransomware will encrypt files and some will simply lock the system and display an on screen message. Ransomware is distributed like most other malicious software, through files or worms. Even if the victim pays the ransom, ransomware will often infect the computer with a worm or a RAT so that the ransomware operator still has access to the computer even after it has been unlocked.
Trojan HorseA trojan horse is a hacking program that gains access (often administritive privliges) to a computer because it is disguised as a legit file. Trojan horses are normally used to give the attacker access to the system and use it as part of a botnet. trojan horses do not attempt to inject themselves into other files or programs.
DialersThis is not so popular now because few homes run off a dial up connection. A system that is on a dial up connection could be infected with a malicious dialer and foced to call premium rate numbers. Exploits in a computers operating system will allow these premium malicious dialers to be installed. They are very hard to remove.
Preventing InfectionCertain steps can be taken to ensure that you do not become infected with a malicious piece of software.
The first thing is to use common sense, if someone sends you a random file (specially .exe) and tells you to open it because it "gives you free money" don't open it, it is almost certainly malware.
The next tip would be to make sure that you have a repuable and strong anti-virus. You don't even need to spend TONS of money microsoft security essentials is a perfect free anti-virus.
Removing MalwareThe best way to attempt to remove Malware quickly is as follows:
1. Download Malware Bytes Setup. (do not setup)
2. Run Computer in Safe Mode.
3. Delete Temp Files.
4. Install Malware Bytes.
5. Perform Malware Bytes scan.
This will normally find and remove most types of malware. This does not always work though, and if it doesn't then the malware could be FUD (explained in next section) the best thing to then do would be use someone who knows what they are talking about, use an anti-malware and malware removal expert. The HJT team on HF (when active) would be perfect.
Malware ConcealmentAttackers go to great efforts in order to make their Malware undetectable. A commonly used phrase, and something that all attackers aim for is a piece of Malware becoming FUD (fully undetectable) meaning that no anti-virus program can detect or remove it.
A .exe file uses lines of instruction known as offsets. A anti-virus contains a database of offsets that are similar to or are commenly used in malware. Anti-Virus will check programs to see if they contain these common offsets. Anti-virus will also use common behaviour detection to detect programs that are performing malicious commands.
Attackers can use crypters to, firstly, cover up the offsets and cover them again using algorithms. This makes it very hard or sometimes impossible for anti-virus to detect the malicious software. When executed, the crypted file will decrypt itself and run itself in memory to bypass the behaviour detection in anti-virus.
Another tool that attackers use is File Binders. People these days are getting more aware of malware and now know not to trust, for example, .exe files. A file Binder will bind one file to another meaning that a .exe could be hidden in a word document, or even a photo. One tip I would give is to always check the size of files, make sure nothing is unordinary.
Famous MalwareHere is a list of some of the most famous malware:
STUXNET: This was a worm that would target industrial control systems,
often large ones such as power plants and dams and would allow the attacker to take control of these systems.
I Love You: This was another worm that would be distributed via an email titled:
I love you. It would then have the ability to spread itself via emails of the infected and IRC.
Melissa: This was another piece of Malware that would spread via email once opened.
The creator recieved a 20 month jail sentence because it cost the US government $8,000,000,000 to fix.
Nimda: This was another worm, and it was one of the fastest spreading ever.
It targeted admins of computer networks and websites who it would then distribute from (spell Nimda backwards)