Information Technology (IT) Security Malware

Defeating the Threat of Malware Throughout history, humans have constructed walls, palisades, moats and other barriers as defenses against malicious attacks, but invaders have also responded with improved technologies that can defeat these defenses.

Just as medieval defenders built their walls higher and their moats deeper, software developers today also seek to create products that are safe from unauthorized intrusion through firewalls and other security measures while hackers and other criminal elements try to defeat them with various stratagems including the use of so-called "malware." Because malware can affect any consumer, identifying ways to defeat these programs represents a timely and valuable enterprise.

To this end, this paper provides a review of the relevant peer-reviewed and scholarly literature concerning the different types of malware, typical proactive measures and tools that can be utilized against malware attacks and the technologies that are involved. Finally, a discussion and assessment concerning future trends in malware development is followed by a summary of the research and important findings in the conclusion.

Review and Discussion Types of Malware The term "malware" stands for "malicious software," which is an umbrella term that is used to refer to any software application that "runs on a computer without the user's knowledge and performs predetermined functions that cause harm" (May, 2012). This broad-based definition includes relatively benign software that merely collects consumer data but ranges to especially harmful software applications that can disable entire computer networks or worse.

This continuum of maliciousness includes some of the most common types of malware which are described further in Table 1 below. Table 1 Variations of Malware Malware Type Description Adware Adware specifically refers to programs that display pop-up advertisements. The subject matter of the ads is often based on surfing habits, but may also be tied to a specific advertiser. Virus This is a program that is designed to spread itself among files on a single computer or computers on a network -- usually the Internet.

Often, crackers (hackers with malicious intent) create these programs just to see how far they will spread. Worm Similar to a virus, a worm spreads itself around a network. Worms, however, do so by making copies of themselves as they spread. They also may be capable of changing their profile to avoid detection. Trojan The computer version assumes the appearance of something benign, such as an update or add-on to an actual program.

Once on a computer, it may perform harmful functions such as erasing the hard disk or deleting all image files. Like spyware, a Trojan may also gather information and send it to the developer. Cookie Cookies are small data files used by Web sites to store information on computers that can be used to detect personal information, such as recent visited sites.

Source: Adapted from May, 2012 These malware threats clearly range in their impact on computer users' operations, but in some cases, the harm caused by malware can extend far beyond an individual computer system. For instance, Perrow reports that, "Once your machine has been compromised [by malware], it can be used to send these threats to other machines; your machine becomes a member of a 'botnet,' after robots" (p. 252).

While the malware threat continues to expand and become more difficult to detect and defeat, there are some proactive measures and tools that can be taken to help protect computers from malware and these issues are discussed further below.

Proactive Measures and Tools that can be Utilized against Malware Beyond firewalls, encryption, password-protection and other antimalware software tools, there are also a number of proactive strategies used by the information society, including "trolling" communities of interest to gain fresh insights into what current malware is being developed and how these programs operate.

According to Johnston (2009), "One strategy used by antivirus researchers to ascertain the skill sets of the 'thieves' is to troll the virus writers' underground virtual communities, bulletin boards, and Web sites, interacting with hackers, spammers, and virus code writers" (p. 34). Because of the nebulosity of the identities of the participants in these online forums, anti-malware experts are able to penetrate these communities of interest through social engineering methods that cater to the egos of hackers who may be willing to share their secrets with other, like-minded criminals.

In this regard, Johnston emphasizes that, "The lack of culturally specific embodied identities inherent in the electronic communication of the internet allows these researchers to mask their 'real-world' intentions in their virtual re-embodiment as malware-writing criminals" (2009, p. 34). Another proactive strategy that is used to defeat malware writers is to analyze samples of malware that are provided by affected customers. This approach appears to offer some advantages as well.

For example, Johnston (2009) adds that, "Significantly, virus writers also send their new creations to various antivirus vendors and researchers as a way of testing vendors' systems, as a 'courtesy', or as a way of marking their status. Antivirus professionals take this information and share it across competitive vendor boundaries, developing industry-wide counterstrategies to be integrated into their next software releases" (pp. 34-35). Yet another proactive approach to developing anti-malware measures is content analysis of industry and even hacker reports concerning the effectiveness of anti-malware applications.

In this regard, Hua (2011) reports that, "In many circumstances, to fight such threats, internet security vendors can analyze billions of files, e-mails, and malware products to categorize and determine their "reputation" in the cloud and quickly update their customers' firewalls and filters" (p. 37). There are also some common-sense types of steps that average consumers can take to help protect them from malware invasions, including: 1. Activating security solutions that reside on the mobile devices; 2. Password-protecting cellular phones 3. Evaluating mobile apps before downloading them by finding reviews from reputable sources (Hua, 2011).

While the measures and tools that can be utilized against malware are generally effective as long as they are updated regularly, hackers and other criminal elements continue to work to identify ways to defeat these technologies, and these issues are discussed further below. Technologies Involved The technologies involved in the development of malware continue to change in response to industry-wide and application-specific anti-malware efforts.

Malware can creep into a computer through an external source without users' knowledge, such as a flash drive or DVD, or be installed without the user's knowledge through various online communications, including emails and attachments, "buggy" Web sites, and so forth, placed there by all types of criminals, ranging from bored teenagers to international terrorist conspirators. For example, Perrow (2007) emphasizes that, "Your operating system is open to penetration by hackers, 'crackers;' (malicious hackers), agents of foreign governments, competing business firms, thieves, and terrorists" (p. 252).

Unfortunately, the technologies that are used in support of malware development are improving along with the software that is intended to defeat them. In this regard, Gale emphasizes that, "If a biological virus were to start mutating more rapidly, it would compromise the ability of medical researchers to develop antiviral drugs. Unfortunately, that's what is now occurring with computer viruses" (2006, p. 19). In support of this assertion, Gale (2006) cites the example of so-called "rootkits." According to Gale, "The latest trend in malware is rootkits.

A rootkit is a small piece of software code that runs deep within a computer's operating system and can be used to conceal other programs" (p. 19). The term "rootkit" is a Unix term that refers to software tools that provide complete unauthorized access to a computer's "root" operating system; such unauthorized access can then be used to conceal malware code from routine detection (Gale, 2009).

One particularly insidious method used by malware developers to spread their malicious software include the use of shortened URLs to lure unsuspecting visitors so that malware can be installed on their computers. In this regard, Hua (2011) reports that social media networks such as Facebook are increasingly being used for this purpose. According to Hua, "Facebook is a good example of a tool that requires a more flexible approach to security.

One ingenious ruse in 2010 involved shortened URLs, where hackers posted in newsfeeds and other places millions of bogus shortened links in efforts to lure victims to websites for phishing and malware attacks. Last year, 65% of malicious links in news feeds observed used shortened URLs" (p. 37). Finally, there has been a proliferation of malware targeted as mobile devices which are especially vulnerable to such attacks.

According to Hua, "Because mobile system architecture hasn't benefited from being battlefield tested for years and years, which is the case with desktop operating systems, when attackers focus on the mobile platform, they get a lot of bang for the buck" (2011, p. 37). Although there are countless variations on this theme, one typical approach to exploiting these weaknesses is described by Hua as, "Hackers have unleashed malware that can gain control over a phone, for instance, and charge users for calls they never made or SMS services they never used.

The threats are becoming more sophisticated as social media spreads to phones and botnets take control and multiply through the users' entire contact lists" (2011, p. 38). The manner in which botnets can be used by hackers appears to be limited only by their imaginations. In some cases, botnets can be used to generate revenues that involves only a few cents per transaction, but multiplied times tens of thousands or even millions, hackers and crackers can make large sums of money.

In this regard, Perrow reports that, "Companies that place ads on, say, Google's search site, pay Google a few cents every time a computer clicks on that ad, and Google gives some of that money to the Web site that carries the ad. Through the botnet the hacker, with a Web site, can get many computers to click on the ad and will get a percentage of the fee the advertising company gets from Google" (p. 252).

In other cases, botnets can be used to flood a particular Web site with queries to cause a denial of service attack that will completely disabled the site (Perrow, 2007). Taken together, of the two sources of infection, external and online attacks, the latter appears to represent the most formidable in terms of developing anti-malware protections, and these issues are discussed further below.

Future Trends According to Gale (2006), "Just as real viruses mutate to evade antiviral medication, the writers of computer viruses and other forms of malware change their code to elude our antivirus software" (p. 19). Even as anti-malware developers build their walls higher and.