12.3 Other Malware

Last updated
Save as PDF

Page ID: 91547

$ \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } $ $ \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} $$\newcommand{\id}{\mathrm{id}}$ $ \newcommand{\Span}{\mathrm{span}}$ $ \newcommand{\kernel}{\mathrm{null}\,}$ $ \newcommand{\range}{\mathrm{range}\,}$ $ \newcommand{\RealPart}{\mathrm{Re}}$ $ \newcommand{\ImaginaryPart}{\mathrm{Im}}$ $ \newcommand{\Argument}{\mathrm{Arg}}$ $ \newcommand{\norm}[1]{\| #1 \|}$ $ \newcommand{\inner}[2]{\langle #1, #2 \rangle}$ $ \newcommand{\Span}{\mathrm{span}}$ $\newcommand{\id}{\mathrm{id}}$ $ \newcommand{\Span}{\mathrm{span}}$ $ \newcommand{\kernel}{\mathrm{null}\,}$ $ \newcommand{\range}{\mathrm{range}\,}$ $ \newcommand{\RealPart}{\mathrm{Re}}$ $ \newcommand{\ImaginaryPart}{\mathrm{Im}}$ $ \newcommand{\Argument}{\mathrm{Arg}}$ $ \newcommand{\norm}[1]{\| #1 \|}$ $ \newcommand{\inner}[2]{\langle #1, #2 \rangle}$ $ \newcommand{\Span}{\mathrm{span}}$$\newcommand{\AA}{\unicode[.8,0]{x212B}}$

Learning Objectives

After studying this section you should be able to do the following:

Describe different types of malware
Provide examples of different types of malware
Explain how to protect users from malware

Adware

Definition

Programs that are installed without the users knowledge that display unsolicited ads.

Examples

One type of adware that is commonly encountered is in the form of a “browser hijacker”. These are cleverly hidden into a bundle of free software that the user decides to download. Before the user even knows what happened their browser is injected with countless ads that impede the ability to surf the web seamlessly.

Another example is Gator which was a form of adware that was prevalent years ago that is no longer active today. This malware also had it’s claws into the ads that the user would see when browsing. What Gator did was replace ads that were on websites already with their own ads. This was even more deceptive since it didn’t seem like you were getting bombarded with ads, they just knew how to hide in plain sight.

How to Protect Yourself

The easiest way to protect yourself is to get antivirus software. Anything that gives your machine a better hand when dealing with malicious software. Having the knowledge on what you might be downloading is also key. Low effort attempts to gain access to your PC can often be spotted just by looking at it. Taking the time to understand how they are trying to put malware on your computer is the best advice one can give - along with giving the names of some trusted antivirus software.

Backdoors

Definition

Write the definition, in your own words, here.

Examples

Provide at least two examples here. Paint a picture. Give a nice story. This can be technical, but really you’re telling a story here. Help future readers get in to what you are talking about.

How to Protect Yourself

What are some strategies that people can do to protect themselves? What are things people can do if they’ve already been infected?

Bots & Botnets

(Julia Struble)

Definition

A botnet is a network of remotely controlled internet devices, utilized to accomplish some goal of the attacker. A bot is an individual device that is being controlled. The devices are typically brought under the control of the attacker via malware, and are then used for tasks that require a large number of devices, such as a DDoS attack, or Bitcoin mining.

Examples

A botnet is kind of like a horde of zombie computers, under the control of the head necromancer. Above is a very realistic depiction of a botnet that I drew.

The first botnet to gain notoriety was a spammer from the year 2000. Mr. Khan Smith used a botnet to send 1.25 million emails in about one year. These e-mails were all phishing scams. Phishing scams like these use the logic that if they send enough emails, odds are somebody will fall for it (i.e. law of large numbers).

Another example was the 2007 “Storm”. This botnet was notable because it was one of the first to be controlled by several different servers. This network ranged from 250,000 to one million infected computers. This network was available for rent on the dark web, for anyone to use for whatever reason.

How to Protect Yourself

Botnets work by infecting a large number of devices, and then carrying out their tasks in the background, unbeknownst to the user. A large number of computers are already infected with botnet malware, often via a trojan horse. Therefore, the steps you need to take to protect yourself from becoming an infected botnet computer are the same steps you take to avoid viruses and malware in general. Run regular anti-virus scans, avoid suspicious email attachments, and keep your software updated.

Keylogger

Definition

Usually software, but sometimes hardware, a keylogger records a user's direct input into their keyboard for later retrieval or transmission. Keyloggers easily go undetected and the software itself is legal, even if it can be used for malicious purposes.

Example

It’s time to pay your credit card bill for the month. You open your web browser and input the URL for your credit card company. You login, pay your bill, logout, and go about your day.

Next month when you go to pay your bill, you notice a lot of activity that you don’t recognize. You haven’t lost your card? So what happened?

Well you hadn’t renewed your security software subscription, so when you torrented the nominations for Best Picture you unwittingly downloaded a keylogger. When you typed your username and password (right after typing the website of a major credit card company) you left the door to the vault wide open, and rolled out the red carpet.

That doesn’t worry you?

Well you also let your friend Kyle check his Facebook on your computer, which meant that you had to sign back in.

You just got an email with some screenshots of a very embarrassing conversation with a coworker (Kyle no less) containing some language that may threaten your continued employment. Now the keylogger has been leveraged to access information that can be used to extort ransom.

How to Protect Yourself

Keep your security software up to date! Take this story from 2005:

“In February 2005, Joe Lopez, a businessman from Florida, filed a suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia.

An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. This is how the hackers got hold of Joe Lopez’s user name and password, since Mr. Lopez often used the Internet to manage his Bank of America account.

However the court did not rule in favor of the plaintiff, saying that Mr. Lopez had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.”

Using a token generator or two-factor-verification when signing in to sensitive accounts are other good options to limit your risk of falling victim to a maliciously deployed keylogger.

Logic Bombs

Definition

A logic bomb is a piece of code injected into existing software and lies dormant until it is executed by a specific programmed event; causing a malicious action to occur on a computer network. There are two types of triggers to cause the payload -- a positive trigger and a negative trigger. A positive trigger is when a preprogrammed event occurs, such as reaching a specific date. The negative trigger runs the malicious code when an action is NOT taken, such as a user failing to input data by a certain time. Like a bomb, this attack usually destroys data by wiping hard drives, deleting files, clearing a database, etc. Logic bombs are commonly used in the context of a company whose attacker an inside worker with knowledge and access to sensitive information. However, logic bombs have become a part of many hacker’s toolkits and can be used in a multitude of ways. This could include embedding a logic bomb in a fake program (like a Trojan) to damage a victim's PC or using a logic bomb in a spyware program to run a keylogger when a user visits a certain website to log in.

Examples

One particularly devastating case of a logic-bomb-based attack dates back to March 20 in 2013 when the hard drives and master boot records of bank-owned computers in South Korea were wiped of their data. Once a programmed date and time passed, the bomb used a file called AgentBase.exe to destroy data6. Cyber security experts believe the malicious files were introduced onto the targeted networks via a phishing email loaded with a Trojan6. The outcome took down not only computers but also ATMs thus halting banking operations.

More recently on December 17 in 2016, a logic bomb that infected Ukraine’s electric grid via a backdoor turned off power to regions of the country at predetermined times. What is more frightening is when operators attempted to regain access to the grid, the malware would override their actions to continue disabling power while also deleting files on the operator machines. The operators had little choice but to manually operate the power grid due to the damage caused by the logic bomb8. This infrastructure targeted attack is now known as “Industroyer” and, rather than damaging a select company, impacted an entire nation of people.

How to Protect Yourself

Part of the logic bomb’s notoriety is the difficulty of detecting one using traditional antivirus7. While antivirus may not be able to detect special logic bomb signatures, they should still be regularly updated since logic bombs are often coupled with other types of malware.

For companies, prevention and damage minimization should focus on inside workers. Employees should only have as many rights/privileges on a system that they need to perform their job. Companies should also make employees aware of phishing emails as they can introduce malware loaded with logic bombs into the system.

Monitoring systems for suspicious, unexpected changes could prevent a logic bomb from going off7. This piece of advice is highly recommended for industrial organizations, such as Ukraine’s power grid, who would rarely make changes to their systems. The sooner a system is routinely monitored and/or audited the better in the case of a logic bomb already lying dormant in the system.

For any system, industrial or private, backing up information is an essential process to remain secure. This way, if a logic bomb delivered a damaging payload, the information would still remain intact elsewhere and systems would have a chance at being restored.

RAT

Definition

Short for Remote Access Trojan; a malware program that provides a backdoor into a computer system allowing an intruder or hacker unlimited, anonymous administrative control over the infected computer without the user's knowledge. RATs allow for viewing and modifying user's files and functions in the system, monitoring and recording user activity, and using the victim's system to attack other systems. RATs are manually controlled and can easily hide as ghost entities in the system for years if left undetected.

Examples

RAT infection takes place by directing the user to install an invisible modified file either piggybacked on a user-requested program, such as a video game, or through email attachments, unsafe website popup, accepted cookies, or social engineering attacks using deceivingly look-alike advertisements. Upon execution of the trojan, an intruder is able to secretly access any information the user can. Online banking credentials, application passwords, account passwords, hardware, system structure and any features installed on the targeted system are highly sought after prizes.

The simplest example of an attack that RATs can perform is the ability to activate infected computers webcam and microphone devices anytime the device is on and connected to the internet. Hackers can discreetly view, record or listen to conversations and/or activities occurring within range of the infected computer. A larger scale example would be Intelligence agencies and activist groups use RATs for specific purposes like blackmailing or espionage.

How to Protect Yourself

For basic protection; RATs can easily be avoided by simply enabling Windows Defender Antivirus Software included on Windows 10. For additional protection, Malwarebytes Anti-Malware has an extensive database of well known RATs commonly used by lazy hackers. Always download games, files or software from secure websites. Always use updated browsers which prevent automatic downloads from websites and notify you when a site is unsafe. Most importantly, keep your Operating System up-to-date with security patches and properly shut down your system when not in use.

Rootkit

Definition

A malicious software designed to provide ongoing access to a computer with likely elevated privileges (administrator) in the system.

Examples

Rootkits have many forms, generally speaking these come in many forms. Once a system is infected, in many cases they can be the most difficult forms of malware to remove. Registry rootkits may involve changing the actual registry itself. With personal limited experience and hours of working on a singular rootkit, the program had duplicated itself multiple times and with different names each time. In order to remove the program all processes had to be stopped as well as all instances running.

How to Protect Yourself

The chance of a rootkit infection can be drastically reduced by following basic security advice, keep firmware up to date, do not open emails from unknown sources, keep an updated anti-virus, only obtain programs from legitimate and trustworthy sources.

Phishing

Definition

A crime in which someone posing as a legitimate or credible source tries to steal information or money from unsuspecting individuals, typically by email, fake websites, texts, or phone calls. Phishing scams are usually based on quantity not quality (though spearphishing is based on quality, not quantity).

Examples

This example is so old I don’t even know if it is used anymore but it was a classic back when the internet was pretty new. The classic email scam, that I definitely thought was real at one point, was a Nigerian prince was trying to get his gold or other goods out of the country but didn't have the money to do so. They needed you the unsuspecting fool to send a few thousand dollars to allow them to get the goods out of the country, which they would then not only pay you back with but also reward you handsomely. I recently have heard that this one has been making the rounds again, but it is “military” trying to get gold bars out of the Middle East after raiding one of the many palaces. A poor lady was scammed out of $13,000.

Another one that was very common before things were easier to check on, was when you would get a call from a person that, for example, your son had been arrested and the bail was $5,000 and needed immediately. Before the call they would gather minimal information. Things like you have a 19 year old son named Michael. That was enough. The call would be placed. Then they would hit you with the fact that you need to send it via Western Union. For whatever reason they were always involved in any request for scam money transfers. I think that funds could basically be sent and received almost anonymously, which is why it was used.

How to Protect Yourself

Visit websites directly.
Check welfare of family before sending money.
Scrutinize things or requests from unsolicited sources.
Do not open attachments from unknown sources.
Use an SSL certificate to secure all traffic to and from your website.

Ransomware

Definition

A type of malware which locks down a computer system or access to data until a ransom is paid, usually spread via phishing emails or visiting an infected website, once its infected one system, it becomes exponentially more infectious by infecting all connected systems, until its claimed a large amount of software and hardware.

Examples

Provide at least two examples here. Paint a picture. Give a nice story. This can be technical, but really you’re telling a story here. Help future readers get in to what you are talking about.

How to Protect Yourself

What are some strategies that people can do to protect themselves? What are things people can do if they’ve already been infected?

Spear Phishing

Definition

A targeted attack where the hackers use information they discovered online about a user to prompt them to click an email link or provide more sensitive information about themselves. They do this by posing as trusted companies to trick users into believing the emails are real. These attacks are more dangerous than random phishing attacks because they mask malicious intent behind seemingly real sources.

Examples

Let’s say you lost your wallet and posted about it on social media. A hacker who learns about your post could assume that you have paused or locked your bank cards. In this scenario, a spear phishing account could include an email prompt to sign into your online banking account to confirm the lock on your bank card within 24 hours or your account will be closed. These types of attacks always seem to have an urgent motivator attached to them. But when you sign in you’re actually giving your login credentials to the hacker.

Another scenario could be an email that seems to be from the company you use for cloud storage. The email lets you know your storage is full and that file management is needed immediately to keep your account open. The email then has a link or a button that you think will lead you to the cloud storage site, but it really takes you to a dangerous site instead.

How to Protect Yourself

It can be really hard to discern verifiable emails from spear phishing attacks. So it is important to do your due diligence before entering any information, clicking links, or permitting access to your accounts.

How to prevent being a victim

Verify the information in the email through the actual web page of the service instead of clicking the link provided.
Preview the address of links before you click on them by hovering over the link. This will allow you to check the address you’ll go to before potentially compromising your information.
Avoid posting personal information online! Your followers could potentially use that information against you.

Spyware

(Stephan Bonzo)

Definition

Software that allows the user to covertly get information of another computer's activities by transferring data from their hard drive.

Examples

Let’s look at a couple of examples. Keep in mind that there are more types than the ones I am going to explain.

Info Stealers

In most cases, Info Stealers exploit browser related security deficiencies to steal your data. Sometimes they will even input extra fields into web forms, so that when the user fills out those fields, they will then instead be sent to the hacker instead of the website owner.

Keyloggers

Sometimes referred to as system monitors, these programs aim to record keystrokes of a connected keyboard on the infected device. The goal here is to record the strokes on the keyboard in real time, or take a screenshot every few seconds of the screen. This will allow the Hacker to record passwords, credit card details, emails, and even browsing data.

This is a program that has the ability to scan an infected computer and steal a wide variety of information. Typically this is browsing data, passwords, email, usernames, personal documents, and even media files. Depending on the type of Info Stealer, they will either store the info they collect on a remote server, or keep it local to grab at another time.

Although they are mainly used by hackers, they have managed to also become practical use in normal business practices. This will allow managers to keep tabs on their employees activity while at work. Parents might also install a keylogger on their child's hardware to see what they have been up to.

How to Protect Yourself

The best thing you can do to protect yourself is to not just go ham and click everything you see on the internet. Do a quick bit of research and make sure that everything seems as it is with every site you go to. Don’t click suspicious links, or download suspicious files. If at any time you start noticing things being weird or out of order with your hardware, run some sort of anti-virus to just be safe.

(Jaiden Hernandez)

Definition

Spyware (as the definition implies) is malicious software that is installed on your computer in order to ‘spy’ on the victim. This includes collection of valuable information such as emails, passwords, and even credit card information. Spyware can come in many forms, such as an internet cookie, adware, keyloggers and more. Spyware usually installs itself onto your computer without the user's knowledge.

Examples

Spyware has many examples that can be used, one notable example of spyware is accepting a popup, or allowing cookies on an unfamiliar website. These allow them to be installed without the knowledge of the user. Malware can also come in the form of an unsuspecting download, or ‘trojan’. This trojan has the ability to monitor computer activities in order to see what the user is doing and possibly collect the information to be used maliciously. An example of this software is Zlob , a trojan program in which it uses computer vulnerabilities to track keystrokes and record the browsing history of victims.

How to Protect Yourself

Because of the common occurrence of spyware on the internet it is pretty easy to remove it once it has been located. Modern day antivirus software is equipped with dealing with a plethora of different types of malicious malware, and there are many things to do to help prevent it. Some things to do to protect yourself is to make sure you never click on any suspicious links, or pop-ups that may enable your browser to get a cookie hidden as spyware. Weekly scheduling of antivirus scans and keeping your computer drivers and software updated is another way to watch out for these vulnerabilities. There are patents even being filed to recover from these attacks.