Table of Contents
1.1 Research Background
People use computers for multiple purposes. For example, they do business, buy products and services, communicate, browse social networks, look for information, watch videos, carry out transactions, and many others with the help of computers. However, all these actions face the risk of infecting PCs with numerous types of malware. Therefore, it is essential to identify the risk as soon as possible and to remove it before it causes serious harm.
Malicious software or malware is usually defined as any software that disrupts computer operation, gathers sensitive information or gains access to private computer systems (“Malware,” 2015). Hence, it has malicious intent and acts against the PC user’s requirements. Some malware aims at stealing information, spying, or causing harm. The term is used to refer to different types of hostile software taking the form of scripts, executable code, active content, etc.
The use of malicious software has undergone an evolution, diversification, and maturation in terms of attacks and fraud schemes facilitated. Nowadays, malware is more and more often treated as a commodity. Research indicates that the industry of cybercrime is prospering and is able to adapt to the advances in security technologies. A disruptive security approach addressing the root cause of infections and cybercrime is needed (Sikorski & Honig, 2012). Malware poses a very dangerous threat to companies, organizations, enterprises, end users, and financial institutions. The havoc that malware has the potential to wreak has resulted in improved technologies that aim to detect and prevent malware from infecting computers (Aquilina, Casey, & Malin, 2008). In turn, this has encouraged cyber criminals to evolve their own technologies to stay ahead of security vendors.
Malware costs businesses billions of dollars a year. It poses a threat to businesses, enterprises, infrastructure and personal security all around the whole world. Malware may be attached to the programs supplied by companies. For example, it can be downloaded from websites that seem to be useful and attractive, but contain a hidden tracking functionality (Sikorski & Honig, 2012).
For many years, infectious programs were written for the sake of experiments. Nowadays, malware is mostly used to steal information or cause harm. However, it is also used to gather personal information, including bank and credit card numbers, passwords, personal identification numbers, and others (Ligh, Adair, Hartstein, & Richard, 2010). Some malware is designed to generate money when computer users click an advertising link. Hence, malware is used for criminal purposes. In many cases, perpetrators do not get a direct benefit (Suarez-Tangil, Tapiador, Peris-Lopez, & Ribagorda, 2013). The most common software used to protect against malicious activity and recover from malicious attacks include firewalls, anti-virus and anti-malware.
Rapid development of the Interned has made malicious software become profitable. Since 2003, viruses have been designed to control computers. However, email spam has been sent to host contraband data. Modern malware is different from the earliest one (Landesman, 2007). Most malware reports come from the USA. The country is a huge contributor to malicious IPs. Moreover, the USA reports the greatest number of cyber attacks and threat data (King, 2012). Malware infects systems that are installed by exploiting any software attached as macros to files or bundled with other programs. It only requires users to visit a website infecting computers. In many cases, they are simply installed by clicking on an attachment or downloading a file. But malware is not able to cause physical damage to the hardware of systems and network equipment. It only damages the software and data.
In many cases, people take rutine things for granted. For examples, they sinly rely on computers, the Internet, iPhones, mobile phones, etc. due to their usefulness, entertainment, and simplification of tasks, research, and communication opportunities. People who lack knowledge related to the modern cyber threats, do not see any dangers of using the Internet connection (Aquilina, Casey, & Malin, 2008). Dangers may remain undetected for many years untill the damage becomes evident. Hence, education and prevention is much easier than recovery and cleaning up the infected computer system. Thus, to protects personal information, sensitive data, business information and increase security, people should become more aware of the exiting malware, their trends, ways the malware is transmited, and solutions in case the computer is infected. It is also essential to take measures to prevent malware-related threats as well as keep the data safe and secure.
1.2 Research Aims and Objectives
People realize that in the modern world computer security is of vital importance. Nowadays, the security industry is experiencing an increased demand due to the challenges associated with security threats (Ligh et al., 2010). The primary goal of cyber criminals is to create undetectable malware. This means that the program works quietly on a computer, gathering and recording sensitive information. It is usually controlled remotely.
A malware infection influences the usual functioning of a computer. In case of infection, the machine displays numerous error messages, slows down, refuses to shut down, crashes, restarts, sends emails from the user’s name, or displays web pages you did not want to visit. In addition, the malware installs new toolbars, icons, makes changes in the Internet home page, etc. (Sikorski & Honig, 2012).
The aim of the research is to understand malware trends. The research will discuss the history of malware and malware types and suggest best practices for solving malware-related problems. The research objectives are as follows:
- to analyze the history of malware in the USA
- to investigate the types of existing malware
- to examine organizations engaged in tracking malware
- to discuss the future of malware
- to analyze best practices and recommend effective solutions
Nowadays, the field of malicious sofware is one of the most active and challenging ones in the sphere of computer security. Anti-virus vendors have notices an extremely rapid increase in the number of malware samples (Microsoft security intelligence report, 2009). Therefore, it is essential to analyze them, learn about malware trends and find ways to avoid them.
1.3 Research Questions
Rapid development of the Internet and technologies makes malware extremely aggressive and evasive. Evasive malware thwarts traditional security technologies. Creators of modern malware make an increased focus on improvement of security technologies and make their programs resistant to them (Suarez-Tangil et al., 2013). In order to meet the research objectives, the following questions should be addressed:
- What are the modern trends of malware?
- Have the types of malware changed in terms of their goals and ability to cause damage?
- What can organizations do to help solve the problems caused by malware?
- What are the best solutions to prevent malware?
1.4 Research Outline
Chapter 1: Introduction. The chapter begins with some background information on malware, provides an overview of the research, research aims, purpose, and objectives as well as research questions.
Chapter 2: History of Malware. The chapter investigates the malware history in the USA. It discusses the first viruses, the way they were created and tracks them till present days.
Chapter 3: Types of Malware. The chapter discusses different types of malware such as viruses, worms, adware, spyware, and others. In addition, it analyzes the ways the different types of malware enter computers and the threats they pose.
Chapter 4: Organizations Tracking Malware. The chapter provides an analysis of OWASP, ThreatTrack Security, and Symantec Symantec.
Chapter 5: Future of Malware. The chapter analyzes the future trends and threats of malware.
Chapter 6: Best Practices and Solutions. The chapter offers ways to avoid damage presented by malware.
Chapter 7: Conclusions. This chapter will provide conclusions based on the research findings.
2. History of Malware
Malware has come a long way since its appearance. It has evolved from the days of floppy disks and became widespread with the rapid development of the Internet. The tactics and techniques of innovative attacks have increased over the years. It has made the defenders of computing systems more aware of the malware developers’ tricks used to infect systems (Suarez-Tangil et al., 2013). At the same time, malware authors have also developed new infection approaches for modern operating systems. Moreover, they have been looking for ways to make their nets wider to infect several types of machines and multiple operating systems simultaneously.
Malware has a long history that began in 1949 (first theorization). The first computer worms were mentioned in 1975 by John Brunner. Three years later, John Shock and Jon Hepps created the first computer worm. They wrote different versions aimed to improve efficiency of computers. However, the bug crashed them (“The early days. History of malware,” 2015). The first viruses were found in universities via infected floppy disks (e.g. the Morris worm, Brain, Stoned, Lehigh, Michelangelo, and others). Morris Worm was created in 1987. It aimed at destroying files on Fridays 13th. The worm spread quickly around the world, being the first worm to spread via the Internet. At that time, the first Macintosh viruses were designed in the form of Peace and nVir. As a result, Apple loaded the virus search program called Virus-Rx (“The early days,” 2015). In 1988, Robert Morris released another worm. Its intent was rather experimental than malicious. The creators of the earliest worms and viruses did not intend to cause harm. The Creeper Virus was created in 1971 (Suarez-Tangil et al., 2013). The virus was also an experiment and did not intend to cause damage. It initiated the appearance of the first anti-virus program called Reaper.
The first Trojan was released in 1978. It was called ANIMAL and did not damage the system. It worked to spread through networks and copies. In three years, Elk Cloner was developed for the Apple II. Despite the existence of numerous viruses, the term was first used in relation to computer programs only in 1983. In December 1987, an American student performed email communication infecting networks around the globe with the first computer worm called “Christmas tree” (“The early days,” 2015).
The release of malware such as the Melissa worm, the Happy99 virus, and Kak worm occurred in 1999. All of them spread through Microsoft environments. The next year was favorable for the creation of a LOVEYOU worm. The worms like Nimda, Santy, Estonia, Conficker, Stuxnet, and Zappos were released during the following years (“The history of malware,” 2015). Since 1990s, there has been a rapid increase in the use of personal computers. Numerous households had those devices. The Internet has become an inevitable part of everyday life of most people (“A history of malware: Part one, 1949-1988,” 2015). In the 1990s, businesses began to be impacted by macro viruses (e.g. CIH known as Chernobyl or Spacefiller, DMV or digital mode virus, etc.). By the second part of the 1990s, viruses could commonly be found in home computers (e.g. Kak and Melissa) (Suarez-Tangil et al., 2013).
Since the 2000s, worms have begun to spread worldwide (e.g. Magistr, Loveletter, and others). In 2001, Anna Kournikova virus was created. It was spread by sending emails to contacts in the address book of Microsoft Outlook. At that time, many new threats appeared in the world. For examples, the Sadmind worm, the Sircam worm, the Code Red worm, the Nimda worm, the Klez worm, and many others (“The early days,” 2015).
The Smile virus, Beast, Mylife, and Optix Pro were created the following year. From 2003 up till now, a great number of malware has been created to get sensitive information and assist cybercrimes (“The history of malware,” 2015). The most spread viruses that appeared during that time period are Graybird, the Blaster worm, Swen, the MyDoom, the Sasser worm, Saanty, the Zlob Trojan, Zeus, the Saprosy worm, etc. Starting in 2010, anti-malware programs were introduced. However, they were a form of malware themselves. Over the last decades, malware has undergone substantial development and improvement. It has become extremely difficult to detect some threats. Therefore, the world experiences a tremendous rise in malware-related problems (“The early days,” 2015).
It may be concluded that malware has undergone a long way of their development. They have improved and became adaptable to modern applications and devices. As a result, there is an increased need in their analysis and investigation.
3. Types of Malware
There are numerous types of malware floating around the Internet. Many of them date back to the early years of their creation. After they are triggered, it is extremely difficult to completely remove them. All types of malware have one common thing, that is the infiltration of a computer system without the user’s awareness (Suarez-Tangil et al., 2013).
There are many different types of malware distinguished by the way they spread. Many malicious programs defend themselves against removal or are able to hide themselves. Infectious malware includes worms, viruses, Trojans, spyware, adware, Zombie, Uapush.A and others. There are many malware pieces that do not pose a real danger. Some of them simply annoy computer users with continuous advertising, providing links or changing a user’s home page. However, some malware may pose a real threat and the user may experience the consequences for a long time.
A virus is able to take control over computer functions, destroy data, and steal personal information, including passwords, numbers of credit cards, etc. It modifies, deletes or corrupts the files. A virus can relay a spam email, coordinate attacks or even spread pornography. It is usually spread through the Internet, a network, and removable media. A virus is malware that is unable to spread from one computer to another without help. Early viruses were spread by passing floppy disks from one machine to another. Nowadays, they spread by sharing infected files or email with colleagues, friends, family and other people over a network (Szor, 2005).
A virus is attached to a program that spreads the virus while running. Therefore, it requires a user run the infected program for the virus to spread (Swain, 2009). Users should know that almost all viruses are usually attached to an executable file. It means that the virus may exist on a computer causing no harm to it unless the user runs the malicious program.
As soon as the machine is infected, it can be used for different purposes (Peterson, 2006). Thus, viruses can erase files, steal intellectual property, crash the system, take the user’s computer hostage until he/she pays a fee, steal personal identity information, and others. Morover, they have different complexities that enable their modification to avoid detection by antivirus software.
Viruses are classified into different types, such as macro viruses, file viruses, multipartite viruses, master boot record viruses, polymorphic viruses, boot sector viruses, and stealth viruses. There are such viruses as Accept.3773, W32.Sfc!mod, ABAP.Rivpas.A, and many others (Szor, 2005). A password protected .zip file is considered to be one of the most clever viruses because traditional anti-virus software has difficulties detecting it (“What are viruses, worms, and Trojan horses?” 2014).
Macro viruses infect Word, Excel, PowerPoint and other data files. Reparation is considered to be a difficult process. File viruses infect program files staying in memory and harm programs loaded to the memory. Multipartite viruses infect program files during the execution of the infected program. Master boot record viruses reside in memory. They self-copy themselves to the first storage device sector, which is usually used for the OS loading programs. The virus infects particular areas and may be removed through cleaning. A polymorphic virus encrypts its code in different ways and is difficult to detect. A boot sector virus infects the HDD or FDD boot sector and resides in memory. Once the computer starts, a boot sector infects it. It is very difficult to clean this virus type. A stealth virus uses different techniques to prevent detection. It redirects the disk head to read another sector or alters the reading of the infected file’s size (Swain, 2009).
A worm is a stand-alone malware program that spreads over a network, infacting computers. Unlike a virus, it spreads itself and does not require any user’s actions. A worm replicates over a network and spreas via email and delivers viruses. However, the terms ‘worm’ and ‘virus’ are often interchangeable (“What are viruses,” 2014). Worms are considered to be programs that are able to undergo an automated self-replication. They are easily spread across networks. A worm usually takes security flaw advantage to install itself on a host PC. When it is installed, it scans the network, searching the machines that have the same security flaw. This method helps to create increased propagation in just several hours (Swain, 2009).
The spyware type of malware collects valuable personal information and sends it to the interested parties. Spyware applications tend to monitor the infected computer. They usually spread in the same way as Trojans. Spyware are not able to automatically replicate. However, they exploit computers for commercial advantages. They can collect private information and send the data to a person interested in it. Some applications of spyware borrow features from adware, redirecting webpages to advertising websites.
Spyware can come from a variety of sources. However, it mainly gets on devices through deception. Another spyware infection source is shareware or freeware software. It is known as an un-patched operating system that lacks the latest security software . In general, spyware is not an illegal software type in case a user knows the type of data collected and the people to whom they are shared. The greatest problem is that most users are unaware of what is happening on their devices.