The mechanics of malware
Posted on 17 Aug 2007 at 11:22
How do viruses, trojans and other types of malware evade security software? Davey Winder explains exactly why they continue to thrive.
Ever felt like you're fighting a losing battle? That sums up many people's attitude to computing in the internet age: despite the best efforts of security vendors and software developers alike, malware not only exists, but continues to evolve and plague computer users.
Why does malware continue to thrive? The patronising answer would be that newbie users are behaving like amateurs and ignoring basic security practice. There's a kernel of truth in that, but it isn't only the newbie who clicks links they shouldn't, and it isn't only the novice who's fooled into running nefarious executables by technical and social-engineering techniques.
The crux of the problem is that threats have changed dramatically in recent years, with the rise in malware mirroring the rise in broadband popularity. As the number of online users grow, and the technology used to connect to the net becomes simultaneously simpler at the front end yet more complex behind the scenes, so the opportunity to make money expands. And that's where the answer to the "why?" question can be found: no longer are viruses the hobby of the über-nerd; malware has evolved into what most IT security experts quite rightly refer to as crimeware. Scatter-gun attacks are on the way out; targeted and financially motivated strikes are the new modus operandi.
But while everyone has heard terms such as worm, trojan, phishing and rootkit bandied about, how many people actually understand how they exploit security weaknesses? By understanding how malware works, you get one step closer to stopping it.
There's a great deal of misinformation when it comes to describing malware attacks. The terms worm, virus and trojan are used almost interchangeably, for example, yet the three threats are actually quite distinct.
The quick-and-dirty definition is that a virus spreads by attaching itself to something, and requires human interaction (running a program, forwarding an email attachment) to be distributed and replicated. A worm can self-replicate without any human intervention (sending copies of itself to everyone in your email contacts list, for example) and can exploit your network and the internet beyond to multiply very quickly indeed. The trojan, named after the mythical Trojan horse, hides within another container, be that a file or application, but can't self-replicate or spread by infecting other files.
Just for fun, we can add the blended threat into the malware mix, combining the worst characteristics of all three: stealth, replication and payload. Using server and internet application vulnerabilities, they can spread rapidly without human intervention, doing vast amounts of damage courtesy of the multiple attack payload (for example, Denial-of-Service, backdoor installation and data theft).
Like their biological counterpart, viruses replicate and mutate. Consequently, they can avoid being snared by your security software's byte-pattern signature detection by changing key text within the code payload, or part of that code themselves, every time they're copied.
They've come a long way since the first-known "in the wild" example, Elk Cloner, was discovered in 1982 on the Apple DOS 3.3 OS, or the first PC virus, (c)Brain, four years later. But today's viruses can still be divided into two camps: resident and non-resident. The resident variety loads itself into memory upon execution and transfers control to the host program while it infects new hosts as the infected files are accessed. A non-resident virus will check executable files on the system for infection and, if uninfected, replicate before transferring control to the host program. Cavity viruses such as CIH will infect without increasing the host file size, overwriting unused parts of the executable, in an effort to make antivirus software detection harder.
For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on email@example.com
- Google announces the Nexus 6, Nexus 9 and the arrival of Android Lollipop
- Lenovo and Ashton Kutcher launch Yoga Tablet 2 Pro, Yoga Tablet 2 and Yoga 3 Pro
- Lenovo Yoga event live stream: watch Ashton Kutcher's tablet launch live
- HTC shows off Desire Eye selfie phone and periscope-like camera
- Xim: the slideshow app to get excited about
- Adobe has more apps for iOS, but none for Android
- How to download and install Windows 10 Technical Preview
- Windows 10: release date, features, free update and cloud version
- iPhone 6 Plus "less likely to bend than HTC One"
- iPhone 6 Plus: Apple's had nine complaints over "bendgate"
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold