Malware Evolution

Malware threats today are far more serious than they were before. Why you may ask? It is because malware threats today have the ability to infect millions of nodes and coordinate all of them to perform a single purpose – create havoc on the internet superhighway. Aside from that fact, modern malware can be undetected when they pass through tough security boundaries, they are adaptable and it has more application compared to other worms and viruses. Because of the threat of modern malware, there are many ways to deter the threats of malware.

Malware’s History

Four decades ago, a bright individual in BBN named Bob Thomas made an experiment about mobile application, thus came the Creeper program. Creeper program during those times was very astonishing because it was the first program to transfer from one computer to another, through ARPANET. Thus, the very first computer virus, and with this experiment it has exposed the very principle of malware – the ability to spread in a network.

The appearance of Morris Worm back in 1988 showed the power of these simple programs in certain uses and applications. Many years later until the early years of the 21st century malware has continued to evolve; gaining more functions and increasingly more infectious. But even the advances in malware technology, there were still limitations in the code of the malware itself.

Malware Synthesis

By the year 2007, malware has finally changed and made a sudden evolution. During this time, botnets finally appeared and it has changed what many of us believe about malware. Unlike their predecessors, botnets are centrally controlled by a cyber criminal; botnets in different infected computers would cooperate together as one massive application. Aside from this, malware have become more intelligent and are not limited to some capabilities and applications.

This malware evolution has changed the world of malware and cyber criminals have found new ways to develop different kinds of codes for their malware. Instead of the common capabilities of malware such as sending spam, malware can perform dangerous attacks. The command, control and the stealth capabilities of malware have greatly improved far from before. Attackers who use malware program can update it to suits his needs; one day it could send spam mails, the next day it would steal personal information. That is why companies and other organization must have incident response teams.

Our Modern Malware

Because of the evolution of malware and its complex structure nowadays; it is best to know more and understand malware. For us to better understand malware, we need to understand its lifecycle.

Malware begins with infection. The way how they were delivered whether, in a file, from an infected web page or how malware communicates with their author. Persistence of a malware should also be understood because there are malware that can disable antivirus, install backdoors, use rootkit and others. This area should be understood especially by many companies so that they can handle these problems by conducting incident handling training

Once the malware has taken resident in a victim’s computer or system, it will look for ways to communicate with the author without triggering the security system. A malware that can communicate means that they are dangerously, powerful malware; if malware cannot communicate, then they would appear like regular viruses or worms. Powerful malware can communicate via non-standard ports, proxies, encrypting traffic and tunnel within some applications.

Malware will be updated by their authors, they will receive new commands and controls that would make them accomplished the programmed tasks. It can be updated from exchanging of messages from different network or file configuration. Sometimes, malware are programmed to look for ways to connect with their author, when the connection has been severed.

Finally, malware have different functions and behavior. Some malware will target certain information or details in a certain company while some would vary from time to time – depending on the needs of the author.

If we understand these important factors that would define the modern malware, then it is possible to control the possibilities of malware attacks on companies. Companies can then employ the use of tools and better security programs to deter malware; they can also hire a person or a group of people to handle these problems but they must have completed incident response training and other cyber security trainings so that they can perform their tasks much better.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in incident response.

More information about EC-Council is available at www.eccouncil.org.

Malware Protection – Things Companies Have to Consider to Avoid Malware

Modern malware has become one of the most dangerous threats in every company’s network structure. Compared to the old and dumb malware, modern malware has become more intelligent and more persistent. Hackers can use modern malware as a foothold inside a company where they can use it anytime to mount an attack. But what can companies do in order to secure their systems from modern malware.

Avoid or Control Suspicious Applications

Before the appearance of modern malware hit the Web, common malware uses the most common method of communicating during those times – email. However, modern malware can come from different kinds of application aside from email. In order to prevent these malware from entering the system, network administrators and digital computer forensics, has to identify the application that every company employees use like webmail, instant messaging, P2P networks and social media. These vectors must have the same quality of security as the corporate emails applications have.

Controlling these applications must be important. The first one is getting rid of suspicious and risky application and the next one is to ensure the visibility of each allowable application. Set guidelines against the use of risky applications like P2P networks; limit the persons allowed to use those networks. Limit every file-sharing application and the proxies allowed must be for business purposes only. Some of these applications are evasive, even if they are detected and then blocked these application will look for alternative paths in the network; thus it is important to watch how these applications behave.

Second part is ensuring the security of allowed useful application. These applications must be visible to the administrator and allowed applications must have SSL to provide security and privacy. But even if the application has SSL certificate, companies must have the capabilities to decrypt encrypted messages and inspect every SSL encrypted page.

Be the Middle-Man

Although different applications have provided more malware conduits, malware found a new way of delivery via the drive-by-download. In fact, the user would be confused on how his system was infected with the malware in the first place. This malware delivery system begins via a remote exploit against the company or victim’s machine, an example is the infected image found on a certain webpage. The malware can then target the OS, browser or any application that will provide root access to the system. When this happened, malware is delivered unknowingly to the computer without anything abnormal happening. Indeed, OS and browsers will alert users regarding any file download, yet this is not reliable. Thus, companies must have a certain control point in the midst of the Internet user and the Internet. It is the in-line network security.

But these in-line securities must also be real-time security because administrators will be dealing with real-time web based applications. If the administrator has completed computer forensics training, he will know that some anti-malware software aren’t made for real-time work and could easily slow down the system. Thus he must closely inspect the software or better yet create a much better one.

Administrators must also automatically recognize any file transfer from different kinds of applications. He must have the tools to decrypt and decode different kinds of protocols to make sure that there are no hidden file transfers in any traffic.

Identifying the Malware

Even if the administrator was able to control any applications that could deliver malware or have the ability to see and also identify any delivered malware, it is still important to recognize that malware. Modern malware can now be networked and managed, making it more sophisticated and capable in launching any attack into the system. Once the administrator has captured a possible malware, it is important to know whether it is really a malware and understand how it works and affects the system. In computer forensic course administrators are taught how to use the sandbox.

Sandbox is a safe environment where a possible malware or unknown file can be tested and observed. Unfortunately, sandbox isn’t real-time; administrators have to wait in order to see any bad behavior before coming into a conclusion. Sometimes, impatient administrators will automatically send the unknown file to the system only to find out later that it was a malware after the breach has occurred.

These considerations are just some of the things companies must do to protect their systems from malware. Hopefully, this article was helpful enough in keeping your company safe from the threats of malware.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in computer forensics.

More information about EC-Council is available at www.eccouncil.org.