Computer Malware

INTRODUCTION
A computer virus is software usually hidden within another
seemingly innocuous program that can produce copies of
itself and insert them into other programs or files, and that
usually performs a harmful action (such as destroying data).
[34]
They have been likened to biological viruses.[3] An example
of this is a portable execution infection, a technique, usually
used to spread malware, that inserts extra data or
executable code into PE files.[35] A computer virus is software
that embeds itself in some other executable software
(including the operating system itself) on the target system
without the user's knowledge and consent and when it is run,
the virus is spread to other executable files.
 PURPOSES
• Since the rise of widespread broadband Internet access, malicious software has
more frequently been designed for profit. Since 2003, the majority of widespread
viruses and worms have been designed to take control of users' computers for illicit
purposes.[25] Infected "zombie computers" can be used to send email spam, to host
contraband data such as child pornography,[26] or to engage in
distributed denial-of-service attacks as a form of extortion.[27] Malware is used
broadly against government or corporate websites to gather sensitive information,
[28]
or to disrupt their operation in general. Further, malware can be used against
individuals to gain information such as personal identification numbers or details,
bank or credit card numbers, and passwords.[29][30]
• In addition to criminal money-making, malware can be used for sabotage, often for
political motives. Stuxnet, for example, was designed to disrupt very specific
industrial equipment. There have been politically motivated attacks which spread
over and shut down large computer networks, including massive deletion of files
and corruption of master boot records, described as "computer killing." Such attacks
were made on Sony Pictures Entertainment (25 November 2014, using malware
known as Shamoon or W32.Disttrack) and Saudi Aramco (August 2012).
 WORMS
• A worm is a stand-alone malware software
that actively transmits itself over a network to
infect other computers and can copy itself
without infecting files. These definitions lead
to the observation that a virus requires the
user to run an infected software or operating
system for the virus to spread, whereas a
worm spreads itself.[36]
 ROOTKIT
• Once malicious software is installed on a system, it is essential that it
stays concealed, to avoid detection. Software packages known
as rootkits allow this concealment, by modifying the host's operating
system so that the malware is hidden from the user. Rootkits can prevent
a harmful process from being visible in the system's list of processes, or
keep its files from being read.[37]
• Some types of harmful software contain routines to evade identification
and/or removal attempts, not merely to hide themselves. An early
example of this behavior is recorded in the Jargon File tale of a pair of
programs infesting a Xerox CP-V time sharing system:
• Each ghost-job would detect the fact that the other had been killed, and
would start a new copy of the recently stopped program within a few
milliseconds. The only way to kill both ghosts was to kill them
simultaneously (very difficult) or to deliberately crash the system. [38]
 MALWARE
• Malware (a portmanteau for malicious software)[1] is any software intentionally designed to
cause disruption to a computer, server, client, or computer network, leak private information,
gain unauthorized access to information or systems, deprive access to information, or which
unknowingly interferes with the user's computer security and privacy. [1][2][3][4][5] Researchers
tend to classify malware into one or more sub-types (i.e. computer viruses, worms,
Trojan horses, ransomware, spyware, adware, rogue software, wiper and keyloggers).[1]
• Malware poses serious problems to individuals and businesses on the Internet. [6][7] According
to Symantec's 2018 Internet Security Threat Report (ISTR), malware variants number has
increased to 669,947,865 in 2017, which is twice as many malware variants as in 2016. [8]
Cybercrime, which includes malware attacks as well as other crimes committed by computer,
was predicted to cost the world economy $6 trillion USD in 2021, and is increasing at a rate of
15% per year.[9] Since 2021, malware has been designed to target computer systems that run
critical infrastructure such as the electricity distribution network.[10]
• The defense strategies against malware differ according to the type of malware but most can
be thwarted by installing antivirus software, firewalls, applying regular patches to reduce
zero-day attacks, securing networks from intrusion, having regular backups and
isolating infected systems. Malware is now being designed to evade antivirus software
detection algorithms.
 TYPES
• There are many possible ways of categorizing
malware and some malicious software may
overlap into two or more categories.[1] Broadly,
software can categorised into three types:[33]
(i) goodware; (ii) greyware and (iii) malware.
 DETECTION
• Antivirus software typically uses two techniques to detect malware: (i) static analysis and (ii) dynamic analysis.[61]
Static analysis involves studying the software code of a potentially malicious program and producing a signature of
that program. This information is then used to compare scanned files by an antivirus program. Because this
approach is not useful for malware that has not yet been studied, antivirus software can use dynamic analysis to
monitor how the program runs on a computer and block it if it performs unexpected activity.
• The aim of any malware is to conceal itself from detection by users or antivirus software.[1] Detecting potential
malware is difficult for two reasons. The first is that it is difficult to determine if software is malicious.[33] The second
is that malware uses technical measures to make it more difficult to detect it.[61] An estimated 33% of malware is
not detected by antivirus software.[58]
• The most common anti-detection mechanism is to encrypt the malware payload so that antivirus software does not
recognize the signature.[33] More advanced malware is capable of changing its form into variants so they the
signatures differ enough to make detection unlikely. Other common techniques used to evade detection include
from common to uncommon:[62] (1) evasion of analysis and detection by fingerprinting the environment when
executed;[63] (2) confusing automated tools' detection methods. This allows malware to avoid detection by
technologies such as signature-based antivirus software by changing the server used by the malware;[62] (3) timing-
based evasion. This is when malware runs at certain times or following certain actions taken by the user, so it
executes during certain vulnerable periods, such as during the boot process, while remaining dormant the rest of
the time; (4) obfuscating internal data so that automated tools do not detect the malware;[64] (v) information hiding
techniques, namely stegomalware;[65] and (5) fileless malware which runs within memory instead of using files and
utilizes existing system tools to carry out malicious acts.[66] This reduces the amount of forensic artifacts available to
analyze. Recently these types of attacks have become more frequent with a 432% increase in 2017 and makeup
35% of the attacks in 2018. Such attacks are not easy to perform but are becoming more prevalent with the help of
exploit-kits.[67][68]
 RISK
• Vulnerable software[edit]
• A vulnerability is a weakness, flaw or software bug in an application, a complete computer, an operating system, or a
computer network that is exploited by malware to bypass defences or gain privileges it requires to run. For example,
TestDisk 6.4 or earlier contained a vulnerability that allowed attackers to inject code into Windows. [69] Malware can exploit
security defects (security bugs or vulnerabilities) in the operating system, applications (such as browsers, e.g. older versions
of Microsoft Internet Explorer supported by Windows XP [70]), or in vulnerable versions of browser plugins such as
Adobe Flash Player, Adobe Acrobat or Reader, or Java SE.[71][72] For example, a common method is exploitation of a
buffer overrun vulnerability, where software designed to store data in a specified region of memory does not prevent more
data than the buffer can accommodate being supplied. Malware may provide data that overflows the buffer, with malicious
executable code or data after the end; when this payload is accessed it does what the attacker, not the legitimate software,
determines.
• Excessive privileges[edit]
• Users and programs can be assigned more privileges than they require, and malware can take advantage of this. For
example, of 940 Android apps sampled, one third of them asked for more privileges than they required. [76] Apps targeting
the Android platform can be a major source of malware infection but one solution is to use third party software to detect
apps that have been assigned excessive privileges. [77]
• Weak passwords[edit]
• A credential attack occurs when a user account with administrative privileges is cracked and that account is used to provide
malware with appropriate privileges. [80] Typically, the attack succeeds because the weakest form of account security is used,
which is typically a short password that can be cracked using a dictionary or brute force attack. Using strong passwords and
enabling two-factor authentication can reduce this risk. With the latter enabled, even if an attacker can crack the password,
they cannot use the account without also having the token possessed by the legitimate user of that account.
• Use of the same operating system[edit]
• Homogeneity can be a vulnerability. For example, when all computers in a network run the same operating system, upon
exploiting one, one worm can exploit them all
 MITIGATION
• Antivirus / Anti-malware software[edit]
• Anti-malware (sometimes also called antivirus) programs block and remove some or all types of malware. For example,
Microsoft Security Essentials (for Windows XP, Vista, and Windows 7) and Windows Defender (for Windows 8, 10 and 11) provides real-
time protection. The Windows Malicious Software Removal Tool removes malicious software from the system.[85] Additionally, several
capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use). [86]
Tests found some free programs to be competitive with commercial ones. [86][87][88]
• Typically, antivirus software can combat malware in the following ways:
• Real-time protection
• Removal
• Sandboxing
• Website security scans[edit]
• Website vulnerability scans check the website, detect malware, may note outdated software, and may report known security issues, in
order to reduce the risk of the site being compromised.
• Network Segregation[edit]
• Structuring a network as a set of smaller networks, and limiting the flow of traffic between them to that known to be legitimate, can
hinder the ability of infectious malware to replicate itself across the wider network. Software Defined Networking provides techniques
to implement such controls.
• "Air gap" isolation or "parallel network"[edit]
• As a last resort, computers can be protected from malware, and the risk of infected computers disseminating trusted information can
be greatly reduced by imposing an "air gap" (i.e. completely disconnecting them from all other networks) and applying enhanced
controls over the entry and exit of software and data from the outside world. However, malware can still cross the air gap in some
situations, not least due to the need to introduce software into the air-gapped network and can damage the availability or integrity of
assets thereon. Stuxnet is an example of malware that is introduced to the target environment via a USB drive, causing damage to
processes supported on the environment without the need to exfiltrate data.
• AirHopper,[92] BitWhisper,[93] GSMem [94] and Fansmitter[95] are four techniques introduced by researchers that can leak data from air-
gapped computers using electromagnetic, thermal and acoustic emissions.
• DONE BY – YASH DALAL
• CLASS – 6TH
• SECTION – A
• ROLL NO. - 41
• SCHOOL – GURU HARKRISHAN
PUBLIC SCHOOL VASANT VIHAR