Hacking: Become The Ultimate Hacker - Computer Virus, Cracking, Malware, IT Security (2015)
Chapter 2: Malware: A Hacker's Henchman
Malware is the short name for malicious software. A malware is a software program that is used to cripple or disrupt the system's operation, gaining access to personal and private computers for gathering of confidential and sensitive information. Malware causes intentional harm to the targeted system. They usually act against the computer user settings. The term ‘badware’ is used for both the unintentionally harmful software and malware.
Malware is usually stealthy as they were created with the intention of stealing sensitive information or for spying on the targeted system for extended periods of time without the consent or knowledge of the owner or the user if it is with respect to an organization. Malware are specially programmed for performing certain operations which include causing harm, sabotaging or for payment extortion. Malware is a common term used for a variety of intrusive or hostile softwares. These softwares include spyware, Trojan horses, viruses, shareware, adwares, worms, and a few other malicious softwares. The malicious software usually disguises itself as non-malicious objects. Recent studies say that the majority of the malicious softwares are Trojans and worms. The viruses have declined in numbers.
Types of Malware:
Adware can be considered as the most lucrative and the least harmful malware. These are programmed for one specific purpose- displaying ads on your computer.
Spywares are softwares that constantly spy on you. The main purpose of the spyware is to keep a track of your internet activities in order to send adwares.
A virus is nothing but a contagious code or program. Viruses attach themselves to other softwares. They have the capability to reproduce themselves when the software that they are attached to are run. These viruses are spread along with the files or softwares that are shared between different computers. They can spread either by direct file sharing using hardware or with emails sent through the Internet.
Worms are small programs which replicate themselves in a computer and destroy the files on data on it. Worms usually target the operating system files and work until the drive that they are in becomes empty.
Trojans are considered to be the most dangerous of all the malwares. They are designed specifically for stealing the target user's financial information. Trojan is a major tool for the denial-of-service attacks. This keeps track of the victim’s financial information and sends them to the person who programmed them. They remain undetected and work in the background. The insidious type of Trojans is programs which claim to remove the viruses in the system but instead they themselves introduce viruses onto the system.
Rootkits are specifically designed for permitting the malwares that gather information into your computer. These work in the background without the user noticing them. So from the user's point of view nothing suspicious will be going on but in the background it will permit several malwares to get into the system. These softwares are now being used extensively by hackers for spreading malware. These work like a back door for the malwares to enter.
Keyloggers are softwares that record all the information typed using the keyboard. These usually are not capable of recording information entered using virtual keyboards or other input devices. Keyloggers send these stored information to the attacker from which the hacker extracts sensitive information like passwords etc.
Ransomware is an infection within the system. This kind of malware displays messages like "you've been locked out of your system until you pay for your cybercrimes" or something like that. This will infect the system from inside and locks the computer making it useless.
Vulnerability to malware
Whenever we say that a 'system' is under attack, it implies that it may be a single application, a computer, an operating system or a large network are attacked by a malware. There are various different factors that will make a system vulnerable to a malware. They are:
Security defects in softwares:
Using the security defects in a software is one of the main vulnerability that a malware can make use of. These softwares include all programs small and big. Right for programs that are made up of a few lines of code to extremely large programs such as operating systems are all programs, if vulnerable, be attacked my malwares. Some of the common vulnerable programs include outdated plugins, older versions of browsers etc. These softwares like plugins, when updated, sometimes will leave their older versions without uninstalling them.
Insecure design or user error:
Another method that is commonly used for spreading malware is tricking the user and making him run an infected file from a malicious hardware or to make him boot the files from an infected medium like USB drives hard disks etc. These usually contain auto runnable code in it. This code will infect every system on which it is used. The infected system will start to add this code to any storage hardware used on it. This is a very effective and widely used way of spreading malwares used by the hackers.
Over-privileged users and over-privileged code:
Privilege, in computing, means the access to modify a system. In computer systems that are poorly designed, the programs and users are given more privileges than they should have. This is vulnerability and the malware can take advantage of these over-privileges. And there are two ways through which malicious software can take advantage of this. They are:
1. Over-privileged users
2. Over-privileged code.
There are some systems that allow all the users to change and modify the internal code. These users are called as over-privileged users. There are some systems which allow the user executed code to have access to the rights of the user.
Some systems allow code executed by a user to access all rights of that user, which is known as over-privileged code. Many scripting applications and even some of the operating systems provide too many privileges to the code. When a user executes the code, the system provides all the privileges to the code too as the user executed the code. This will make the user vulnerable to the malware that comes through emails, which may or may not be disguised.
We say that the systems are homogenous if all of them are running on the same operating system and are connected to the same network. With this kind of setup, if there is a worm in one computer, it can easily spread to all other computers on that network. The majorly used operating systems are Microsoft Windows and Mac OS. Concentrating on either one of them will give an opportunity to exploit a huge number of systems running them. A remedy for this is to use multiple operating systems on a network. Though this will reduce the risk of attacks, the costs would increase for the maintenance and training.
Covering your Tracks:
It is very important to cover your tracks. There should be no evidence of a hacker’s intrusion into a system or a network. You can make use of the malware for making a clean exit. There are malwares which will clear event logs, hide network traffic, clean folders and files and so forth.
Using a proxy server is a very good idea for a hacker who is tunneling through sensitive regions on a network. They leave no trace behind. Intrusion detection softwares cannot detect proxy servers.
You should select the malware carefully depending on the payload. Usually, Trojans are the best suitable for the job as they are elegant, they leave no evidence and they monitor over time.