12.1 Introduction to Malware

Last updated
Save as PDF

Page ID: 91545

$ \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } $ $ \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} $$\newcommand{\id}{\mathrm{id}}$ $ \newcommand{\Span}{\mathrm{span}}$ $ \newcommand{\kernel}{\mathrm{null}\,}$ $ \newcommand{\range}{\mathrm{range}\,}$ $ \newcommand{\RealPart}{\mathrm{Re}}$ $ \newcommand{\ImaginaryPart}{\mathrm{Im}}$ $ \newcommand{\Argument}{\mathrm{Arg}}$ $ \newcommand{\norm}[1]{\| #1 \|}$ $ \newcommand{\inner}[2]{\langle #1, #2 \rangle}$ $ \newcommand{\Span}{\mathrm{span}}$ $\newcommand{\id}{\mathrm{id}}$ $ \newcommand{\Span}{\mathrm{span}}$ $ \newcommand{\kernel}{\mathrm{null}\,}$ $ \newcommand{\range}{\mathrm{range}\,}$ $ \newcommand{\RealPart}{\mathrm{Re}}$ $ \newcommand{\ImaginaryPart}{\mathrm{Im}}$ $ \newcommand{\Argument}{\mathrm{Arg}}$ $ \newcommand{\norm}[1]{\| #1 \|}$ $ \newcommand{\inner}[2]{\langle #1, #2 \rangle}$ $ \newcommand{\Span}{\mathrm{span}}$$\newcommand{\AA}{\unicode[.8,0]{x212B}}$

“Viruses have no morality, no sense of good and evil, the deserving or the undeserving...."
Chris Crutcher, King of the Mild Frontier: An Ill-Advised Autobiography

Screen Shot 2022-12-01 at 10.59.31 AM.png — Figure $\PageIndex{1}$: A comic from XKCD, a popular techy-nerdy comic strip. (CC BY-NC 2.5)

After studying this section you should be able to do the following:

Identify the history of viruses
Educate others on how to protect themselves from malware

What is Malware?

Malware is an umbrella of malicious software designed to disrupt the user or damage the user’s files. Malware has been around for almost as long as networks. Generally speaking, there are three main categories of malware: viruses, worms, and trojans (we will look at some other flavors of malware later in this chapter).

One of the more popular malware threats today is ransomware (malware that will find files on a victim’s computer and encrypt them--the only way to rescue the files is to pay money to the attackers). Ransomware is a growing threat that has catapulted in popularity in the past few years.

On May 12 of 2017, a ransomware worm named WannaCry was taking over computers--literally thousands every minute. Two researchers in the UK (working for a cybersecurity firm in Los Angeles) stumbled across an odd feature in WannaCry; it looked like they had found a kill switch. Maybe. They didn’t know. But they probably couldn’t make the WannaCry pandemic worse. So they tried.

After reverse engineering the code, it appeared that WannaCry would look at a particular domain name and if it wasn’t registered, WannaCry would infect. And spread. And infect. In a frenzied effort, one of the researchers (Marcus Hutchins, aka @MalwareTech) bought the domain name and registered it as his own.

Surprisingly, this stopped WannaCry dead in it’s tracks. But the fight was just beginning. The architects of WannaCry (who had actually based it on code stolen from the NSA--DoublePulsar and EternalBlue) then launched a botnet attack, Mirai, on Hutchins.

The story is spectacular, and you can read about it in a wonderful article at TechCrunch. More recently, Wired magazine wrote a phenomenal piece about Marcus.

There are a few lessons to be learned (and questions that still haven’t been answered) that first surfaced in the years since. Why did it infect 200,000 machines in the blink of an eye? Microsoft had released the vulnerability patch that would have prevented WannaCry from infecting a computer two months prior. It turns out that many systems did not update their patches. That’s a hard lesson for users (although at the time, the price to decrypt your files was a paltry $300; as of August 2019, the average price is $13,000). Why did the worm stop when Hutchins registered the domain name? No one knows for sure, but a theory is that the authors of the malware thought that if they put in a random domain name in the code, and security analysts pinged the domain, that would be a signal to the worm that it was being investigated--probably in a sandbox--so it should go dormant to avoid detection. Unwittingly, Hutchins may have made the entire world into a sandbox! Two years later, Hutchins has reported that in June of 2019 alone, his kill switch has prevented 60 million ransomware detonations!

Screen Shot 2022-12-01 at 11.05.51 AM.png — Figure $\PageIndex{1}$: For further investigation, you should check out Episode 44 of the Darknet Diaries podcast. Host Jack Rhysider talks to some people behind the curtain in the shadowy ransomware world. (Copyright 2022; Jack Rhysider)

The First Virus

Before the internet, the ARPANET (a creation from the Defense Department) ruled communication between clients. As an experiment, a simple program replicated itself across hosts on the network and displayed the message:

I'm the creeper, catch me if you can!

This minor inconvenience was given the name Creeper and was the first documented virus. Happily the first anti-virus, Reaper, was designed to seek out Creeper and destroy it. But it’s not always that simple (in fact, most of the time, viruses require much more complex intervention).

Since then, viruses have evolved to be remarkably more sophisticated and diabolically more damaging. But not everyone hates viruses--there is actually a Malware Museum online (it’s actually worth a visit to see what was happening in the sector of cybersecurity in the 1980s and 1990s). Additionally, in May of 2019, a computer was sold for $1.3 million dollars. The catch? The computer was sold as an art installation that represented digital threats. It actually had six pieces of malware carefully curated on it (including WannaCry!).

Screen Shot 2022-12-01 at 11.09.40 AM.png — Figure $\PageIndex{1}$: A comic from XKCD, a popular techy-nerdy comic strip. (CC-BY-NC-2.5)

This entire chapter is from: "Information Security" by DAVE GHIDIU, OpenComputerScience is licensed under CC BY-NC-SA 4.0