Skip to content

Introduction to Malware

Defining Malware

Malware

Malicious Software/Software created with Malicious Intent

Usage

  • used to compromise computer functions
  • steal data >:)
  • bypass access controls
  • cause harm to the host computer

Malware Symptoms

  1. Increased CPU Usage
  2. Slow computer/web browser speeds
  3. Problems connecting to network
  4. Freezing or crashing
  5. Modified or deleted files
  6. Appearance of strange files/programs/desktop icons
  7. Programs running, turning off, or reconfiguring themselves (malwares often reconfigure/turn off antivirus/firewall programs)
  8. Strange computer behavior
  9. Emails/Messages being sent automatically without user's knowledge.

Types of 'wares

Adwares

  • Type of malware that automatically delivers advertisements
  • Usually more annoying than bringing harm/danger to the host computer
  • Examples
  • pop-up ads on websites (on static sites/software downloading websites)

Bots (aka Botnet too)

  • Typically a network with zombie computers
  • Created to automatically perform specific operations - online video gaming / internet auctions / online contests
  • Some bots dangerous ^

Bugs

  • Is a flaw that produces an undesired outcome (because bug can be exploited)
  • Security bugs are the most severe type of bugs as it can allow attackers to easily infiltrate or take control of the device.
  • Eg. SQL/XSRF/XSS

Ransomwares

  • Form of malware that holds a computer system captive while demanding a ransom
  • Enters your hard disk, demands for money(ransom) every time the computer is booted up
  • Can classify into two themes - can be a virus or a worm
  • Started as a virus, before it became a worm.
  • 💫 Examples:

💫 Petya vs NotPetya

Petya - virus

NotPetya - worm.

Rootkits

  • Type of malicious software designed to remotely access/control a computer without being detected by users or security programs.

Spywares

  • Type of malware that functions by spying on user activity without their knowledge
  • Capabilities can include:
    • Activity monitoring
    • Collecting keystrokes
    • Data harvesting

Trojan horses

  • Type of malware that disguises itself as a normal file/program to trick users into downloading and installing malware

Cryptojackers

  • Crypto mining requires a lot of a CPU, so hackers "borrow" your computer's resources
  • Hides on your device and steals its computing resources in order to mine for valuable online currencies like Bitcoin.

Viruses

  • Malware that is capable of copying itself and spreading to other computers
  • Often spread to other computesr by attaching themselves to various programs
  • Executes code when a user launches one of those infected programs

Worms

  • Spread over computer networks by exploiting OS vulnerability
  • Typically harm their host networks by consuming bandwidth and overloading web servers

Malware Analysis Techniques (brief introduction)

Basic Static Analysis

  • Not executing the malware, but examining the executable file and its code.
  • Confirm whether a file is malicious, provide info on its functionality and simple network signatures
  • Look for dependencies (dll files), strings - API Calls , time when malware was created
  • 👍 Straightforward, Quick to perform
  • 👎 Largely ineffective against sophisticated malware, and can miss important behvaiours

Basic Dynamic Analysis

  • Observation of the malware and its environment(the system) when it is executed
  • Will need to create a safe environemtn to run malware (or else your computer dies)- this means that VMs/Sandbox will be used.

Advanced Static Analysis

  • Consists of reverse-engineering the malware's internals by loading the executable into disassembler and looking at the program's code in order to discover what the program does (what is it's purpose/target?)
  • We will use IDA Pro
  • 👍 This method will tell you exactly what the program does
  • 👎 Steeper Learning curve, requires specialized knowledge of disassembly, code constructs, and Windows OS concepts

Advanced Dynamic Analysis

  • Consists of Reverse Engineering by executing the code and going through the code line by line, by setting breakpoints
  • Uses a debugger to examine the internal state of a running malicious executable
  • Provides another way to extract detailed information from an executable
  • Most useful technique when trying to obtain information that is difficult to gather with the other techniques

Intelligent Malwares

Some malwares are able to detect that you are running the malware in a VM, and will not execute. It will need certain conditions before it can execute.


Last update: June 11, 2023
Created: June 11, 2023