HOW TO HACK: HACKING SECRETS EXPOSED: A BEGINNER'S GUIDE (2014)
Chapter 9. Malware
Malware is a collective term used to represent virus, worms, spyware and other malicious programs out there on the Internet. In simple words, any software program that is intended to cause direct or indirect harm to the computer system is referred to as a malware.
Some malware programs can cause serious problems such as destroying the system files, causing disruption to the computer operation or gathering sensitive information while others may only have a light impact such as redirecting websites to load pornographic content or annoying the users with pop-ups and banners.
MALWARE VARIANTS AND COMMON TECHNIQUES
Once the hacker has gained access to the target and has administrator privileges on it, the following are some of the malware programs that he can use to take further control of the system:
Computer Virus
As we all know, this is the type of malware that has become highly popular and is one of the most widely discussed topic in the field of computer security. A virus is just a computer program that is designed to take unauthorized control of the infected computer so as to cause harm to the system's data or degrade its performance.
Mode of Operation:
Computer viruses operates by attaching themselves to an already existing file or program and replicates itself to spread from one computer to another. In most cases, they tend to infect executable files that are parts of legitimate programs. So, whenever the infected file is executed on a new computer, the virus gets activated and begins to operate by replicating further or causing the intended damage to the system.
A virus cannot perform its task of harming and replication unless it is allowed to execute. This is the reason why viruses often choose an executable file as its host and get attached to them. Viruses are mainly classified into two types:
Non-Resident Viruses: This kind of virus will execute along with its host, perform the needful action of finding and infecting the other possible files and eventually transfers the control back to the main program (host). The operation of the virus will terminate along with that of its host.
Resident Viruses: In case of resident viruses, whenever the infected program is run by the user, the virus gets activated, loads its replication module into the memory and then transfers the control back to the main program. In this case, the virus still remains active in the memory waiting for an opportunity to find and infect other files even after the main program (host) has been terminated.
Damages Caused:
Viruses are known to cause destruction of data and software programs. In some cases, a virus may do nothing other than just replicating itself. However, they are responsible for using a large portion of the system resources such as CPU and memory which results in the performance degradation of the computer.
Worms
Worms are standalone computer programs with a malicious intent that spread from one computer to another. Unlike viruses, worms have the ability to operate independently and hence do not attach themselves to another program.
Mode of Operation:
Worms often use a computer network to spread itself by exploiting the security vulnerabilities that exist inside the individual computers. In most cases, worms are designed only to spread without causing any serious change to the computer system.
Damages Caused:
Unlike viruses, worms do not cause damage to the system files and other important programs. However, they are responsible for consuming the bandwidth thereby degrading the performance of the network.
Remote Administration Tools (RATs)
A remote administration tool (RAT) is a piece of software that allows a hacker to remotely take control of the target system to execute commands and carry out operations on it. With the help of RATs a hacker can control the target system as if he has physical access to it.
Mode of Operation:
A RAT can be installed manually by the attacker when he gets administrator access to a system. They can also be attached to other malicious programs like a trojan horse to deliver it to the target system. Once installed a RAT can immediately allow the hacker to remotely take control of the system.
Damages Caused:
With the help of a RAT, an attacker can carry out the following operations on the target system:
· Watch Live screen activities and capture screenshots.
· Read/Write/Upload/Download files and folders.
· Install/Uninstall additional malware programs.
· Modify Registry such as add/edit/delete entries.
· Power off/Reboot the system.
As you can see from the above list, there is virtually no operation that the attacker cannot perform with the use of a RAT. Some of the examples of popular RATs include PsTools, Radmin and LogMeIn.
Keystroke Loggers
A keystroke logger (or simply known as a keylogger) is a program that is designed to record every keystroke typed on the computer's keyboard.
Mode of Operation:
A keylogger program can be installed manually with physical access to the system or remotely using a other programs like RAT. Once the installation is complete a keylogger operates in a complete stealth mode by hiding itself from well known places such as the programs folder, system tray, add/remove programs, task manager etc. so that the victims of the computer will remain unaware of its presence.
Damages Caused:
A keylogger will capture every keystroke typed on the computer's keyboard including passwords, bank logins, credit card details, emails, chat conversation etc. and stores the logs in a safe place so as to be accessible only to the attacker. Some keyloggers can also send the logs via email or upload them to the hacker's FTP account.
Some of the popular keystroke loggers include Elite Keylogger, Powered Keylogger and Actual Keylogger.
Spyware
Spyware is a type of malicious software that can collect information about the activities of the target computer without the knowledge of its users. Most spyware programs also come pre-loaded with a keylogger which makes them more powerful. These type of programs are often installed by the owner or administrator of the computer in order to monitor the activities of the users on it. This can be a parent trying to monitor his/her child or a company owner trying to monitor their employees. Unfortunately, it can also be used by hackers and criminals to spy on users of their target machines.
Mode of Operation:
Spywares are designed to operate in a totally stealth mode so that its presence is completely hidden from the users of the computer. Once installed, they silently monitor all the activities of the computer such as keystrokes, web activity, screenshots, emails, IM logs etc. These logs are stored secretly for later access or uploaded online so that the installer of the spyware program can have access to them.
Damages Caused:
Apart from monitoring, spywares do not cause any damage to the computer. However, in some cases the affected computer may experience degradation in its performance.
SniperSpy, SpyAgent and WebWatcher are some of the examples of popular spyware programs.
Rootkits
Rootkit is a special type of malicious program designed by the hacker to hide certain programs like spyware, keyloggers and other processes from normal methods of detection so as to enable continued privileged access to the target computer.
Mode of operation:
Rootkits are often installed by the attacker as soon as he gains administrator level access to the target. Rootkits operate by modifying the kernel of the operating system itself which makes it really hard to detect.
Damage caused:
Rootkits cause a serious damage to the system as it modifies the OS kernel to carry out operations. Unless it is removed completely, it can be very dangerous.
Trojan Horse
A trojan horse or simply called as trojan is a type of malicious program that disguises itself as something that is legitimate or useful. The main purpose of a trojan is to gain the trust of the user by disguising itself as a useful program or other utility, so that it gets the permission to be installed. But, from the back end it is designed to grant unauthorized control of the computer to the hacker by installing a RAT, Spyware or a Rootkit.
Mode of Operation:
A Trojan horse do not depend on the host to carry out its operation. So, unlike a computer virus, it does not tend to attach itself to other files. Trojans are often disguised as video codec, software cracks, keygens and other similar programs downloaded from untrusted sources. So, one has to be careful about those untrusted websites that offer free downloads.
One of the most popular example is the DNSChanger Trojan that was designed to hijack the DNS servers of the victimized computers. It was distributed by some of the rogue pornographic websites as a video codec needed to view online content.
Damages Caused:
Trojan horses are known to cause a wide variety of damages such as stealing passwords and login details, electronic money theft, logging keystrokes, modifying or deleting files, monitoring user activity and so on.
COUNTERMEASURES
The following are some of the countermeasures that you can take to prevent malware attack on your systems:
· Deploy a two-way firewall which manages both inbound as well as outbound traffic.
· Install a good antivirus program and keep it up to date. Periodically run full system scans to detect and remove keylogger, spyware and rootkits.
· Keep up to date on all security software patches. Use automatic updates to keep your Windows patched for latest threats and vulnerabilities.
· Install additional security programs such as antispyware, anti-keyloggers and anti-rootkits.
· Run with least privilege. Log in as administrator only when required. For lighter activities like browsing the Internet and reading emails login with an account that has limited access.
· Scan unknown programs with an up to date antivirus software before installing them on your system.
· Take periodic backups of your system so that in case of data loss or damage from malware you could easily revert back to a previous date of normal working condition.