What is Malware
Malicious software, or malware, is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. The existence of malware requires users and companies to secure their systems, in order to prevent data leaks. Researchers are constantly working with live malware and analyzing behavior in order to develop new techniques in combatting attacks.
Malware Classification
A user can become infiltrated by malware in a number of different ways. Attackers will use different methods to trick a user into downloading different types of malware. Malware is often disguised as a regular link or file, and will be downloaded when a user clicks on the element. It is even possible for a user to become infected without clicking on anything if they visit an infected website. Common types of malware include:
- Worms: Software that spreads through a network by replicating itself
- Trojans: Software that disguises itself as desirable code
- Spyware: Software that secretly collects user activity
- Adware: Software that displays unwanted ads
- Ransomware: Software that locks a user out of their environment until a ransom is paid
Detection and Collection of Malware
The ability to detect malware within a network or server is a key skill in protecting user data. If a server has been compromised, the software will leave signs of its presence, these signs are known as indicators of compromise(IOCs). Some IOCs include unusual traffic, an increase in the number of incorrect logins, or files existing in the incorrect locations.
One technique to detect attacks is a malware honeypot. Honeypots are designed to look like a regular application, and invite attacks onto the system in a secure environment that does not actually allow access to the server. This allows for the detection of malware because the honeypot is hidden, so any traffic on the honeypot is likely malicious.
Malware Analysis
Malware can be analyzed statically, without running the code, by looking at the name of a file, the address the file came from, and other signs a file may be malicious.
On the other hand, dynamic analysis views the software while it is running. Honeypots are a great dynamic analysis tool. If a hacker commits an attack on a honeypot, their activity is able to monitored, this can be used to learn valuable information on what type of attack is being attempted, and the best way to respond.
Another technique used for data analysis is sandboxing. Sandboxing refers to the practice of downloading malware into a totally separate environment from the server, where the malware's behavior can be studied. "Security researchers use sandboxing when analyzing malware and many advanced anti-malware products use it to determine whether or not suspicious files are truly malicious based on their behavior." (Marc Laliberte, The Difference Between Sandboxing, Honeypots & Security Deception)
Malware Data Sets
There are databases available that contain samples of known types of malware and their features. The existence of these datasets offer the ability to test methods to detect malware. Some reputable malware repositories include theZoo, InQuest, and malwareBizaar.
Why It's Important
The detection and analysis of malware within a system is pivotal to protecting user data. It's believed that there are "more than 1 billion malware programs" in existence, with thousands more created each day.(Darren Craft, Malware Statistics & Facts: Frequency, Impact & Cost) With the constant development of new malware, researchers must also develop new ways to detect, analyze, and prevent malware attacks.
Sources:
Malware Classification
Types of Malware
Malware Detection Techniques
Indicators of Compromise
Honeypots
Malware Analysis
Honeypots & Sandboxes
Top comments (2)
Cool article :)
Did you consider using tags, to increase discoverability? :)
I did not. Thanks for the tip!