Malware, short for “malicious software”, is a term used to describe software that is used for malicious purposes, including theft or destruction of information or other property. The term implies a malicious intent by the designer of the software. Sometimes the term badware is used to describe software that is unintentionally dangerous.
Types of Malware
Malware can come in many different forms. Ask your students what kinds of malware they are familiar with and if they can think of any specific examples in recent history. The following is a brief discussion of some types of malware:
Viruses
These are infectious programs that attach themselves to other programs in order to replicate and spread. Because they require a host program, they are often dependent upon user interaction. They can be spread through removable hardware (e.g. memory sticks). Commonly used programs like Microsoft Word and Excel have been used to spread certain kinds of viruses. Other kinds of viruses install themselves as part of the operating system on machine.
Worms
As of 2011, worms became one of the most prevalent forms of malware used in active threats. Like viruses, worms are infectious and replicate themselves to spread. Unlike viruses, worms do not require host programs but are self-replicating.
Trojan Horses
Your students may be familiar with the Greek myth of the Trojan Horse. In that story, the Spartans were fighting the Trojans until one day they pretended to surrender, and as a token of surrender, they gave the Trojans a huge wooden horse. The Trojans took the horse into their city and celebrated their victory. In the meantime, the Spartans who were hiding inside the wooden horse jumped out and attacked and defeated the Trojans. Likewise, a Trojan Horse in the realm of Computer Security is a malicious program that is hidden inside a seemingly innocent program.
Rootkits
For viruses and Trojan Horses, concealment is an important strategy in spreading malware. If the malicious code is hidden, it is much harder to find and stop. A rootkit is software that will modify the operating system of the victim machine so that the malware is hidden.
Backdoors
A backdoor exists when software includes a way for someone other than the authorized user to gain access to the system without following normal authentication procedures.
Why people do it
There are many reasons why people create and spread malware. Some do it out of curiosity or as an experiment. For example, in 1988, Robert Morris, a grad student at Cornell who used MIT’s network, released one of the first worms that infected the Internet. Morris said he was using the worm to estimate the size of the Internet, but the results of the worm were far more damaging, and Morris was the first person convicted in the US under the 1986 Fraud and Abuse Act.
Other creators of malware have much darker motivations. Some do it for money or other resources, such as information; others do it for political or criminal reasons; and others do it just to scare people. The following terms are often used to describe the motivations behind the use of malware.
Ransomware
This term refers to malware that is used to take resources hostage in exchange for payment. For example, an attacker might encrypt a victim’s files and give up the key only when the victim pays the ransom. CryptoLocker from 2013 was the first example of this.
Spyware
This term refers to malware used to spy on a user. For example, it might track browsing habits in order to give a company information about spending habits. It might log key strokes to get access to personal information like usernames and passwords.
Scareware
Sometimes attackers spread malware just to show they can and to scare people. They may not get any monetary gain, but they cause mayhem and emotional distress.
Adware
This kind of software automatically generates advertisements. It may be used by companies trying to gain revenue, but it can still be considered malware because it not usually executed knowingly by victims. Often, it is downloaded as attachments to some legitimate software. It is a good idea to deselect attachments when installing new software. Some adware might add toolbars to your browser or redirect your browser to a search engine with results that favor a particular website.
Why malware is so hard to stop
Malware is always changing. It is a constant cat-and-mouse battle between attackers and everyone who wants to use computing resources. Attackers are constantly coming up with new ways to carry out attacks. Most malware has some level of concealment, which makes it difficult to detect. Infectious malware can spread very quickly, which means that it can cause a lot of damage before it is detected. It can also cost a lot of money to fix the damage.
Another reason why malware is hard to stop is that people are not always aware of the possibilities and do not use good judgment when clicking on links or downloading things from the Internet. There is often a social engineering aspect to malware, and attackers are always finding rather ingenious ways to get people to click on their bad links! The increasing number of devices connecting to the Internet also provides more possibilities for attack. Today, for example, a great majority of people use smartphones and there is a vast array of applications that can be downloaded. People need to use good judgment when choosing to download applications.
Most machines have some kind of anti-virus software that seeks to detect and mitigate the effects of malware. But it is a constant struggle for that kind of software to stay ahead of the new types of malware that are always being created. As soon as one virus or one worm is detected and stopped, another is created.
The Morris Worm.
As mentioned earlier, one of the first worms distributed through the Internet was the Morris Worm in 1988. It is estimated that the worm infected 2,000 computers in 15 hours and caused $100,000 – $10,000,000 in damage, and all of that was done without malicious intent! Morris claimed to be trying to see how large the Internet was! Since then, the Internet has become much larger, as have computing speeds, which means that worms can spread even faster.
The XCode Ghost.
In September 2015, Apple discovered that several applications that were especially popular in China were infected with malware that stole information from users, including information about the kinds of devices being used. This was possible because of a remote server in China that was not monitored by Apple. This made it possible for someone to create a fake version of XCode, which people then used to develop apps.
Google Androids or Apple iPhones.
A great majority of your students probably have smartphones. Ask them what kind of phone they use. Most will probably be Google Androids or Apple iPhones. Ask them if they are aware of the security issues related to the applications they download. What they may not know is that Google has an open system, which means that the apps available for download are not all monitored by Google. Apple, on the other hand, has a closed system and all the applications in its app store are monitored by the company and checked for security vulnerabilities. Discuss with your students what advantages and disadvantages there might be for each of the systems.
Sony’s Rootkit.
Another reason why malware is hard to detect sometimes is that it is sometimes designed and implemented in software by legitimate companies. Sony, for example, is known for the Sony rootkit, which was hidden in some CDs. The purpose of the concealed software was to prevent illegal copying and to gather information about listening habits. However, the rootkit also caused unintentional vulnerabilities, which caused further problems.
Stuxnet.
Sometimes governments use different kinds of malware to spy on other countries or even cause damage. One interesting example is Stuxnet, a computer worm that infiltrated Iran’s nuclear development center, causing mechanical failures in their facilities. The following diagram shows how Stuxnet operated, including a timeline of key events. Note that the article claims that Stuxnet was a product of the United States National Security Agency and the Israeli government, but as of today, no government has officially admitted responsibility for the worm.
http://www.nytimes.com/interactive/2012/06/01/world/middleeast/how-a-secret-cyberwar-program-worked.html?_r=0
Aditionally, the following article explains how Stuxnet worked:
https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
How to protect against malware
The most important thing a user can do to protect against malware is to use good judgment when accessing resources. Do not click on links unless you are sure of where they will lead, even links that are attached to e-mails coming from someone you know. The “sender” may have been hacked and may not even be aware of the e-mails being sent from his or her account! Do not download software unless you are sure it is legitimate. Be aware of known malware threats. Check the security of applications before downloading.
There are other measures that can be taken to protect against malware, including anti-malware software and firewalls. Anti-malware software is software that is designed to check a system and check for irregularities and vulnerabilities. As was mentioned above, however, concealment is a huge part of malware, so it is better to avoid getting infected! A firewall is a big part of network security and is used to control the traffic flow, allowing legitimate traffic and disallowing illegitimate traffic. Most machines have some kind of anti-virus or anti-malware software, but it is difficult for software designers to keep up with the constant increase of new types of malware, and with all the opportunities for attackers, we cannot expect the attacks to stop. It is better to use constant vigilance and be aware of the possibilities out there.
