Introduction to Malware: Definition, Attacks, Types and Analysis
Malware is a piece of software which is intended to cause harm to your system or network. Malware is different from specific programs in a way that most of them can spread itself in the network, remain undetectable, cause mutations and damage to the infected system or network.
They can bring down the machine’s performance and can destroy the network. Consider the situation when the machine becomes infected and is no longer available; the data inside becomes unavailable. These are the malware damage scenarios. Malware attacks can be reverse traced back, even before the internet became popular.
Types of Malware
Virus: Malware which needs human intervention to run and execution.
- File viruses: Infect other files when opened infected executable.
- Macro viruses: These viruses are written in VBS. once the virus file executed, a macro will get executed and infect other files.
- Master boot record viruses: Boot alterations or deletes the boot records.
- Polymorphic viruses: These viruses are complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection.
- Stealth viruses: Hides itself in other legitimate files or services.
Trojan: Malware hiding there process in system files and system process. Once system files and system process combined with malware, so when the software executed, the malware will also be executed.
- Remote Access Trojans: Allows the attacker to take the remote access of the victim system without their knowledge through covert channels.
- Data Sending Trojans: These type of trojans steals sensitive data from the system and sends it over to the attackers.
- Destructive Trojans: Destroys other files and services.
- Security software disabler Trojans: These type of trojans disabled firewall and antivirus (run time protection features) so that other malware quickly executed without getting detected.
Worm: Worms are similar to viruses but do not need any human interference to execute and propagate in the network.
Spam: Spams are malware packed into emails and their attachments. Users are tricked and click on these malicious emails, then malware automatically installed in their system.
Ransomware: They encrypts the entire system and asks for money to decrypt the data. There is no guaranty data will be decrypted even after money has been paid.
Rootkits: Rootkits are hard to detect and difficult to remove from the system.
Adware: Adware creates random advertisements and commercials on victim system and web pages.
Spywares: Spywares perform a specific task like spying and monitoring the user’s activities.
Keyloggers: Keyloggers captures all the keystrokes of the keyboard; this is helpful for capturing the password
Introduction of Malware Analysis Techniques
The art of capturing malware and analysis of malware behaviour, detection analysis and prevention is called malware analysis. Antivirus companies do malware analysis to modernise the malware detection signatures so that malware can be easily detected and removed. If you are in cybersecurity, malware analysis is one of the best career streams you can choose to enter.
CAUTION: Do not attempt the below practicals if you are not aware of malware and malware analysis techniques as the below analysis might malware infect your system.
Static Analysis: Static Analysis collect information about malicious application without running it. This technique will not cause any damage to your system, but it is tough to learn and master for the below reasons:
- It would help if you had a fundamental understanding of assembly language.
- You need to understand what you are looking for, and that comes with practices and experiences.
Dynamic Analysis: Dynamic analysis is almost easier than static analysis but more dangerous than the static analysis. Dynamic or Behavioral analysis is performed by observing the behaviour of the malware while it is running on a host system.
The behaviour can be categorised into various categories:
- Network behaviour
- File system behaviour
- Registry changes
- System changes
Malware may break out of the restricted environment and affect the host system.
- Some malware quickly detected whether they are running in a lab or an open environment. Then analysis tools and may not run properly.
- Some malware will execute only under specific conditions.