Skip to main content

Malware: Impact and Evolution

Virus - Non-autonomous program that replicates and spreads itself by infecting systems, programs or files Worm - Code that is able to replicate and spread autonomously through systems and networks Trojan Horse - A program containing unexpected hidden functionality, potentially operating alongside expected behaviour Spyware - Parasitic software that invades users privacy by gathering information

Cyber Essentials

Technical Controls

  1. Firewall
  2. Secure Configuration
  3. Security update management
  4. User access control
  5. Malware protection

Wider Cybercrime content

  • Attacks against systems, devices and/or data come in many guises:
    • e.g. DoS. hacking, identity theft, malware, phishing, ransomware, spyware, Trojans, viruses
  • Fundamentally, for it to count as a cybercrime, it needs to be breaking a law - otherwise its abuse, misuse

Computer-focused crimes - Cases in which the category of crime has emerged as a result of computing technology and there is now direct parallel in other sectors. Computer-assisted crimes - Cases in which the computer is used in a supporting capacity, but the underlying crime of offence either predates the emergence of computers or could be committed without them. Cyber-dependent crimes - DDoS, malware Cyber-enabled crimes - Fraud, phishing, scams

Fundamentals and their evolution

Infection - Reflects how and where users are likely to come into contact with malware. Payload - Determines what the malware will actually do and represents the most variable (least predictable) aspect of behaviour. Defence - The ability of the malware to ability to safeguard itself against detection and removal.

Infection

  • Email attachments
  • P2P file sharing
  • Social Media

Payload

SCA Virus

  • Swiss cracking association
  • Boot sector virus
  • Displayed a message after every 15th reset Byte Bandit
  • Boot sector
  • Activates after at least 2 resets and 6 infections of other disks
  • 7-min countdown to locking the computer WannaCry
  • Example of crypto ransomware
  • Infection of 200,000 computers across 150 countries
  • Notable victim was the NHS

Defence

Brain Virus

  • Intercepted any attempts to read the infected boot sector
  • If anyone tried to inspect the disk, they would be presented with a copy of the original, uninfected boot sector Gaobot Worm
  • Blocked access to 35 security-related sites and had a list of over 420 processes that it tried to terminate Shifu Trojan
  • Banking Trojan which affected Japanese banks and financial instructions
  • Based upon techniques reused from a variety of previously detected malware
  • Included its own anti-malware module to ward off other banking Trojans and ensure that it retains control of the compromised systems.