What is Malware?

In today’s age, the term “malware” has become a common buzzword, yet its implications are often misunderstood. Malware, is short for malicious software. encompasses a wide range of harmful programs. designed to infiltrate, damage, or exploit computers and networks without the user’s consent. So, understanding what malware is. how it operates, and the method to prevent it, is crucial for anyone. In this article, you will explore the various types of malicious softwares and their impact. with essential strategies for protecting your systems against these digital menaces.

Malware Definition

The word “Malware” is an abbreviation of “malicious software” or “malevolent software”, which means harmful code, or harmful programs.

malicious software is software accessing and disabling the privacy of computer systems, or obtaining sensitive information. This software appears in the form of software instructions, texts, and other software that all have one purpose: “to destroy computers”.

When malware attacks the privacy of a system, we call this system “target.” The party that made and disseminated malware is “malware creators.”

The history of malware

The history of malware is divided into five phases or stages. the first is the appearance of malware for the first time in life.

The second phase is “the early Windows phase”. which includes the first malware that appeared in Windows (the worms). that fall under the name of malicious software, including the first mail worms, and macro worms. This phase involves the development of web worms, which have become more famous as the Internet has spread widely.

The fourth stage is the emergence of hidden roots “rootkits”, and ransomware, which are among the most dangerous malware.

The hidden roots aim to reach the target device. Then, a set of tools will be installed on this device that allow attackers to access this target continuously remotely.

Ransomware aims to prevent the user from accessing their system until paid a sum of money as ransom to the ransomware builder.

These viruses were one of the most dangerous programs in existence before 2010. Attackers create malware with the aim of spying and sabotage by secret devices in some countries. which constitutes the last stage of malware development we face today.

Types of Malware

Malware varies depending on how attackers introduce it into the target system and what kind of policy violation it causes. To:

1. Virus

malware spreads from one computer to another by including copies of itself in files. These files then move to another intact computer in different ways. The method of virus transmission is “the virus vector”. Thus, the virus is included in files, and then attackers rely on exchanging these files. by a so-called reassuring user (who transfers a file from a CD containing the malware). Or via the virus itself (such as sending the infected file in the email).

2. Worm

As called mobile viruses, these viruses copy themselves to move to other computers that fall within the same network without the need to use harmful files.

So these worms often use the computer network to spread themselves. depending on the failure of the security systems on the target computer.

This then uses this computer as a host to infect other computers. and they use frequent methods to copy and distribute themselves based on the exponential growth law. which helps them to reproduce and infect a large number of other computers in a short time.

These viruses always cause some damage to the network. even if they have no intent to change the systems they cross. So, they will undoubtedly cause consumption of the network’s bandwidth. Then even if they are payload-free, they will inevitably cause significant disruption by increasing network traffic.

Example:

Moise’s worm was created by Morris. a student at the Massachusetts Institute of Technology. and happened what was not expected on November 2, 1988.

Although Morris did not intend the worm to be destroyed. It only sought to highlight weaknesses in many networks at the time. However, the unintended result of Morris’ encryption led the worm to be more harmful and widespread than Morris had planned: “The United States Government Accountability Office estimated the cost of the damage at $ 100 thousand- 10000,000.”

3. Trojan

Trojan is any malware that deliberately misleads the user. and the term is taken from the ancient Greek story about the deceptive Trojan horse that caused the fall of the Trojan City.

Trojans’ viruses rely on user deception over the network in ways that seem harmless to the user. such as asking the user to fill out a form or pin on certain ads on social media sites. The virus then makes full and unauthorized access to the victim’s computer and controls sensitive information.

Example:

A report by Channel News Asia revealed that the Trojan infected computers and servers in the lower house of parliament after a politician opened an email facility in July 2011.

4. Logic bomb

is a software instruction that deliberately breaches the software system to perform a specific function at a predetermined time or when specific conditions are met. in a logical bomb, viruses contain an unknown and undesirable payload for the target.

Example:

On 20 March 2013, in an attack on South Korea, a Logic bomb hit machines and wiped hard drives. and key boot records of at least three banks and two media companies simultaneously.

5. Rabbit

Or “spinal bomb attacks.” This is an attack aimed at damaging the system and taking the service out of work by depleting the network’s resources (each attack aimed at damaging the system is usually called the attack of the Ministry of Security).

This is done through a process that returns itself (fork recall) frequently to exhaust available system resources, slowing or disrupting the system entirely.

In this attack, self-repeating operations consume the system’s resources. prohibiting the operation of software and preventing the creation of new processes.

Also, during this attack keyboard input such as trying to log out is ignored and the system is fully locked.

As these processes consume the CPU. the virus consumes the system’s resources long before reaching the maximum permissible operations within this system. This causes “core panic“. so the basic operating system cannot handle failures.

These processes often stop only after restarting the device, which may result in significant data loss.

6. Backdoor

It is a type of malicious software that prevents the authentication procedures used to access the system. As a result, these viruses will be given remote control of resources within applications such as databases. allowing the virus originator to control the remote system. issue orders and update malware.

Malware Detection

It is the use of certain techniques to detect the existence of malware in order to help protect the system.

Where the detector may or may not exist on the system you are trying to protect. Once the detector recognizes harmful behavior (unusual behavior) and the program is under examination. it can use its detection technology to determine whether the program is dangerous or benign.

Detection Methods

1. Anomaly-based Detection

Anomaly-based detection depends on experimental processes that lead to learning. and learning is based on comparison after knowing the natural state (inverse anomaly). thus, comparing the normal state (the absence of malware). and the anomaly state (one or more events that occur because of malware presence ).

2. Specification-based Detection

So, anomaly-based detection technology uses its knowledge of what constitutes natural behavior to determine the damage that the program causes under examination. a special type of anomaly-based detection is referred to as specification-based detection.

Specification-based techniques profit from certain specifications or some good behavior rules in decision-making (the decision to have malware).

3. Signature-based detection

In signature-based detection, people test, update, and express the anomaly in the “signature repository”. When a malware detector wants to test for an anomaly (and therefore malware), it will return to its signature repository.

So the first entry of the malware detector in case of signature-dependent detection comes from the signature repository. and the other entry that the malware detector must take is the software that is under inspection.

Finally, each of the three detection techniques can use one of the three different methods: constant, dynamic, or hybrid.

malware types
malware types

Symptoms of the malware appearance

  1. Excessive increase in CPU usage.
  2. The speed of operations in the computer as well as web browsers is lower.
  3. Problems related to networking.
  4. The problem of freezing or collapse.
  5. The appearance of modified or deleted files.
  6. Bizarre software and icons appear on the desktop.
  7. Some software becomes on or off as malware often turns off antivirus software and firewalls.
  8. Receiving messages from a personal email without the owner’s knowledge (a friend receives a message from you that you did not send).
  9. A lot of activities appear on the network at a time when you are not using the network.
  10. The memory available on your computer becomes less than it should be.
  11. The changing in file names.
  12. Files appear and disappear without your knowledge.

Ways to avoid malware

We can protect our computers from malware in several ways, including:

  1. Install protection software.
  2. Be careful when dealing with unknown or unreliable files (including files uploaded from the Internet).
  3. Do not open any email with an unknown sender.
  4. upload files from only reliable sites on the Internet.
  5. Check the hard drive in our computer periodically.
Scroll to Top