The term “malware” has been derived from “malicious software” and, in essence, is a piece of code or statements (in terms of computer programming language) that has been purposefully framed or designed by its developers to meet their interests or to execute any illicit purpose. As far as this digital era is concerned, where we all rely on the digital exchange of information, be it paying for phone and electricity bills, chatting with friends on social media platforms, and communicating via emails, etc., tonnes of data is generated every day. This data is being collected by the organisations that provide us the same services. The data seems very ordinary to the general public but on digital platforms this data has value equivalent to that of money. Have you ever wondered how come you get emails from unknown advertising companies for their product launch or any discount offers in spite of the fact that you hadn’t shared your personal details with them? Or have you ever wondered how big companies like Meta, Google, Yahoo, etc, provide us all a free platform to use? Actually, nothing is free. It is all about the data that we are generating every second that reveals everything about us.
The data is not only used for promotion strategies; there are some miscreants who try to leverage the data to execute their unethical and illicit plans. You might have come across some mails that come along with attachments; these attachments (be it any photograph, pdf or document) contain a special code which these miscreants have purposefully designed that could collect all the information from your devices, including your activity logs, your deep dark secrets (if any), access to your gallery or secondary storage device connected to your computer. Actually, these mails are the vectors that carry the infectious material, and this infectious material is termed malware.
Malware can be defined as a program or code that is destructive to computers. Malware is hostile, intrusive, and purposefully malicious software that aims to infiltrate, damage, or disable computers, computer systems, networks, tablets, and mobile devices by gaining partial control over them. Thus, malware is a means for miscreants to commit digital crimes.
Classification of malware:
Malware is classified as per their behaviour and degree of threat they possess. According to Clare Stouffer (a Norton LifeLock employee), the most common types of malware include:
1. Viruses: Viruses are malicious code attached to a document or file that spread from one host to another. For example, ILOVEYOU virus 2000 impacted millions of computers around the globe and was downloaded as soon as netizens clicked on the attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs” and from an email titled with the subject line “I LOVE YOU”.
2. Worms: Worms are harmful programs that duplicate quickly and spread to any device on a network. Worms, unlike viruses, do not require host programs to spread. Worm malware can delete or modify files, steal data, install backdoors for hackers, and infect many computers at once.
3. Trojan Viruses: These are viruses that are camouflaged as useful software or, in other words, these Trojans claim to be important stuff for your computer or smartphone device but actually are dangerous. After the Trojan virus has been downloaded, it can obtain access to sensitive data and can modify, block, or erase it. Ultimately, Trojan malware can steal data, access networks and take remote device control.
4. Ransomware: It is malicious software that acquires access to sensitive information on a computer, encrypts it so that the user cannot access it, and then demands a monetary payment in exchange for the data’s release. Ultimately, ransomware can hold devices hostage and could make data inaccessible through encryption.
5. Adware: It is malicious software that collects information about your computer activities in order to serve you with relevant advertising. For example, Fireball 2017 has infected around 250 million devices by means of browser hijacking to track victims’ web activity.
6. Spyware: It is malicious software that operates in the background on a computer and sends information to a remote user. Rather than just interfering with a device’s functionality, spyware targets sensitive data and can provide predators with remote access. Spyware is frequently used to steal personal or financial information. This malware is a spy inside your computer that keeps sending information without your knowledge to its developer
Apart from these most frequently witnessed malware there are some other types which include bots or botnets, file-less malware, and malvertising, etc.
Protection against malware
Most anti-malware software designing companies, including MacAfee, Avast, Norton, Quick Heal, etc., have developed robust software that can easily detect malware. This software safeguards our devices using a signature-based detection mechanism to detect malware. A signature is a unique sequence of bits (For example, bit means ‘0’ or ‘1’, and its sequence may be like “01010101” that represents something in the binary language in a computer system), and each malware has a unique sequence of bits. To put it more simply, a unique signature is like a registration number that is unique. But when malware writers get acquainted with signature-based detection mechanisms, they try to develop modified versions of malware that could easily escape the traditional method of detecting malware, i.e., the signature-based method. The malware writers encrypt (convert signatures of the new malware into codes that are undetectable by antivirus systems) so that the detection mechanism fails to detect the malware. One of the major limitations of signature-based detection methods is that they vary from different antivirus vendors; for example, some signatures may be treated as malware by some antivirus vendors, and the same could be labelled as benign (normal) files by others.
Apart from this, if there is any new malware whose signature isn’t stored in the database of antivirus vendors, that malware would be treated as a normal file as far as signature-based detection mechanism is concerned. Moreover, the signature-based malware detection system is applicable only to the known malware. The malware writers use various techniques so that their developed malware could easily escape and deceive the signature-based detection method, which includes:
1. Encryption (already discussed)
2. Oligiomorphism: This is regarded as a step forward in virus concealment. When it comes to encryption, the decryptor stays the same for each infection, whereas oligiomorphism uses a different decryptor for each infection. It’s also regarded as a step forward in semi polymorphic encryption technology.
3. Polymorphism: Polymorphic viruses are more sophisticated than ordinary viruses because they combine encryption and oligiomorphism. Antiviruses have a difficult time detecting them because each copy has a different appearance.
4. Metamorphism: Metamorphic viruses do not use encryption; instead, the malware’s content changes in each generation. As a result, there is no need for a decryptor. It uses a mutation engine similar to polymorphism, except instead of only changing the decryptor, it changes the entire body.
According to “tessian.com,” in September 2020, “Google counted nearly 1,960,000 phishing websites (a phishing website is a domain with a name and appearance that is similar to that of an official website. They’re created to deceive someone into thinking it’s real). This is up from around 68,000 in September 2010 – an increase of nearly 2800%.” According to Air India (Indian aviation or airline company), the company informed passengers that its passenger service system, which multi-national IT company SITA designed, had been subjected to a sophisticated cyber-attack that affected around 45 lakh “data subjects” worldwide registered between August 26, 2011, and February 3, 2021. Officials from the government are frequent travellers on Air India.
Just as to remain physically fit we have to maintain hygiene, similarly being fit in the digital or virtual world requires cyber hygiene. Abstain from clicking on unnecessary emails, avoiding visiting any unsafe websites, and also avoid using unnecessary pen drives or any other storage devices. There is a need to switch to more sophisticated and robust mechanisms that not only identify the latest malware but also the camouflage behaviour of tricky malware. This can only be achieved by adapting to “behaviour-based malware detection method,” which employs a Machine Learning approach (machine learning is the study of computer algorithms that can learn and develop on their own with experience and data. It’s considered a type of artificial intelligence). By switching to this detection mechanism, the frequency of malware attacks has been reduced to some extent. The behaviour-based malware detection method actually keeps track of the behaviour of files, i.e., how a program behaves inside a computer, and unlike the former detection system, it doesn’t rely on a single characteristic but rather checks different characteristic features like how much memory a program is utilising, resource demands (like CPU and memory) and also time complexity.
According to recent research, malware is evolving exponentially and at an alarming rate, and some malware types are escaping even the newly adopted method, i.e., Behaviour-based mechanism. So what actually could stop malware remains a challenging question.
The writer is a master’s student of Computer Science & Information Technology at the Central University of Jammu. [email protected]