Sunday, June 30, 2013

The Malware Trilogy: Worms

The weaknesses of computer viruses lie in their similarity to "real" viruses: they depend on their hosts to spread the infection.  They depend on human intervention—files and programs can't be infected if they aren't run first.  Viruses leave tracks everywhere they go and the rate at which the infection spreads is highly variable, depending on how much the computer is actually used.

At the turn of the millennium, the Internet was beginning to experience widespread use.  The opportunity rose for hackers to make money off of people using their credit cards online or doing their banking online, etc.  Viruses could help them do the job, but they weren’t exactly the stealthiest or most efficient programs out there.  There was yet another program—the worm—that would prove much more helpful.

(It’s important to note that worms had come into existence long before the late 90s.  This was just the time when they began to become popular.)

How Worms Work

Worms have a couple of things in common with viruses:
  • They self-replicate
  • They have some dependency on the host computer to spread
However, the way they spread makes them far different—and more dangerous: worms do NOT infect files.  That’s right; they leave your files alone.  However, this actually makes them more of a threat because it increases their efficiency.  Instead of depending on infecting files to get around, worms employ two other major avenues of travel:
  • Through computer network connections* (ex. if you work in an office and are connected to an office network)
  • Through email (many worms can automatically send spam emails with themselves as attachments to your contacts)

* For those who aren’t familiar with the term, a “network” is a group of computers that are connected to one another and can share files with each other.

Both of these actions are automated.  For example, as long as you are connected to a network, the worm can travel from your computer to other computers in the network completely on its own.  With viruses, you have to actually be using your computer to spread the bug around.  However, a worm really doesn't need you at all after it has embedded itself in your system.  A worm could spread right under your nose whenever it wants—while you’re eating lunch, taking a walk, or even reading a nice informative blog on Internet security.
As for email: it gets a bit tricky here.  A lot of people have online email accounts now—like Yahoo! or Gmail.  If you have an online email account and you’re infected by a worm, the worm won’t be able to reach your email because your email account and your hard drive are not connected.  The worm can’t “jump” from the hard drive to the password-protected online email account, thank God!
However, let’s assume you use, say, Outlook Express, which is an email program that resides on your computer.  In this case, your email account and your hard drive are connected.  Many worms are programmed so that, upon infection, a spam email with the worm as the attachment will be sent to all your contacts.
In the last several years, worms have received a lot of media attention simply because their ability to exploit weaknesses in network and email security allows them to travel the globe in a very short period of time.  These are some worms you may have heard about:
  • LoveLetter (a.k.a. the "ILOVEYOU virus")
  • MsBlast/Blaster
  • Conficker (or Downadup, Kido, the "virus" that gave you a couple of days off work a few years ago because it crashed the entire computer system at your office, whatever you want to call it)

Conficker, in particular, is an important one.  It has been accurately described as one of the most “obstinate” malicious programs out there.  It was first discovered in November 2008, reached its peak infection count within a few months, and despite security experts’ efforts is still prevalent in the cyber world.  It is primarily a network worm, and at its peak it had anywhere from 7 to 12 million computers under its control—including computers owned by not only major corporations but the British Parliament and the French Navy.  Even today, about 4 1/2 years after its initial release, infection estimates remain at about 7 million.

Conficker is a major problem, especially since worms of this caliber can theoretically be used as digital international weapons.  I have plans to bring the subject up again in later posts, but honestly, if you are really interested in learning about not only Conficker but the threat posed by hackers and malware in general in the modern world, I strongly recommend you read Worm: The First Digital World War by Mark Bowden.  It’s a fantastic book, and one of the very few pieces of tech literature that is aimed at everyday people and explains rather complex subjects in an easy-to-understand manner.  It was also one of my main inspirations for wanting to become a security specialist myself.


The Basics of the Worm:
  • Self-replicate
  • Do NOT infect files
  • Spread mainly via networks and email
  • Harder to discover infection because there are no infected files
  • Can spread faster, more mobile on its own
  • Less dependent on human intervention
  • Because it spreads so easily, it’s not good for contained attacks.
  • In email form, it still relies on tricking the user into opening the attachment.

Next time, we’ll talk about the final, most common, and—in some ways—the most dangerous type of malware of all: the Trojan Horse.

Saturday, June 29, 2013

The Malware Trilogy: Introduction/Viruses

Let's start this off on the right foot: by talking about malware.  The reason I put such an emphasis on malware is because there are a lot of myths and hoaxes surrounding the subject, which can effectively hinder your ability to protect yourself.  If you are to do cyber-battle, you must know your enemy.  So let's get one major myth out of the way right now:

If someone brings up malware, chances are the first word that pops into your head is "virus".  However, the truth is that the words "virus" and "malware" are NOT interchangeable.  "Malware" refers to a whole spectrum of different kinds of ill-willed software, and the "virus" is just one kind of malware.

Yes.  There are other types.  And, what more, viruses actually are relatively uncommon today compared to other kinds of malware.  We'll get to that in a minute, but first I'd like to say that, while there are a gazillion different ways you could categorize the bugs that lurk on the Internet, in general security specialists place malicious programs in one of three groups:
  • Viruses
  • Worms
  • Trojan Horses
Today, we'll just focus on the virus.

Computer Viruses

As you probably guessed, computer viruses have a lot of similarities to "real" viruses that like to infect you right before final exams, weddings, and auditions.  These "real" viruses can't spread without a host (you), and even within that host they need additional, smaller hosts (your cells) to produce more copies of virus.

Likewise, digital viruses infect computers on a grand scale and use individual files and programs to spread within computers.  Viruses "infect" computers simply by installing a copy of themselves on the machine.  They then proceed to "infect" files by copying over some of their own code into the file.  (For the medically-minded: this is comparable to a human virus transferring its DNA/RNA into a cell.)  Viruses can spread throughout a computer both by self-replicating (making copies of themselves) and through infecting files.  Infected files can, in turn, infect other files, the same way your co-worker can spread the flu around the office.

Viruses were the first type of malware to become popular with hackers, and they dominated the cybercrime scene from the late 1980s to the mid 1990s.  The main reason hackers loved viruses at the time was because the primitive form of the Internet that existed back then wasn't very widely-used.  That means people weren't doing shopping or banking online, which means there wasn't a whole lot of opportunity to make money from distributing viruses.  Therefore, people who wrote viruses did so to spite those who were most likely to own computers back then—corporations, government agencies, scientific institutions, etc.  Viruses themselves were popular because they were inherently destructive (often times infected files don't work properly, and even today it can be difficult to return them to their original state).

Simply because of their file-infecting, viruses were both destructive and very easy to spot on a machine.  Hackers of the olden days loved this because it really irritated and even humiliated authority figures who were infected.  However, as more and more average people began to use the Internet, and as they began to use it for financial purposes, hackers realized that in order to cash in they'd have to write their programs to be a bit more stealthy.

This is where viruses became an issue.  Viruses are, by far, the least stealthy programs out there.  In addition, viruses are not mobile on their own; file infection is their one and only method of travel.  They depend on infected files to infect each other in a domino-effect-like fashion.  And finally, the only way a file or program can be infected is if it is run.  That means the virus depends on you, the user, to open and run different files and programs in order to travel about your computer.

That's why the virus fell out of favor towards the turn of the millennium, and new forms of malware replaced it.  But we'll save those for another day...


Basics of a Computer Virus:
  • Self-replicates
  • "Infects" files by inserting own code
  • Spreads through infecting files, sending itself as an attachment of an email, infecting email attachments, or infecting external storage devices (like CDs or USB flash drives)
  • Inherently destructive
  • Good for hackers who want their victims to know they were infected
  • Leave "tracks" everywhere they go (in the form of infected files)
  • Can only spread through infected files (slows spread rate)
  • Dependent on human intervention to infect and spread

And that's it for the virus.  The next post will be about a close cousin called the worm, how its differences make it far more dangerous, and why it's gotten a ton of media attention over the last several years.

Friday, June 28, 2013

A Few More Guidelines/Obligatory Disclaimer

Just a few things to keep in mind when commenting on posts or sending me emails.

The Types of Things I Accept:
  • Questions you have about topics in computer security.  Ex. "What makes a good password?", "What's BYOD and is it safe?", "What does 'real-time protection' mean?"  (Yes, these will all be covered in upcoming posts.)
  • Even if you are well-versed in the security sphere, I will accept your recommendations for topics to discuss.  Just keep the audience in mind; don't suggest something only ├╝ber nerds would enjoy reading about.
  • If you find any good educational resources you would like featured, go right ahead and send me those as well.
  • I'm getting way ahead of myself here, but yes, Grandma, you can send me fan mail.

Things I Will NOT Accept:
  • Requests to fix your computer or give advice for problems specific to you.  I am not an IT professional.  I may become one someday, but as of right now I'm just a nerdy senior in high school.  I'm not adequately trained for that kind of stuff, and the liability is too great.
  • Hate mail.  I'm not sure why anybody would send me hate mail, but there are some people out there who really just like bullying others over the Internet.  It's a good way to get yourself blocked.
  • Self-promotional spam.  I'll be honest: I'm guilty of self-promotion.  I'm doing quite a bit of it on others sites to get the word out about Technical Difficulties, so I'm not going to be super harsh about this.  If you have a blog, YouTube account, etc. regarding computers or security that you would like me to share, I'd be glad to take a look at it and I'll share it if I think it's appropriate to be featured here.  However, I will not do sub-for-sub, follow-for-follow, like-for-like type things.  I'll follow who I want to follow.
  • Malicious software, or links to websites with malicious content.  Yeah, thanks to Danooct1 I'm kind of a malware enthusiast and one of the jobs I dream of having someday is that of a malware researcher/analyst.  However, malware is not a toy, and handling it is serious business.  I'm neither trained nor equipped to take on that kind of responsibility, and I really just don't want to invite people to send me malicious content via any means.
  • Requests for personal information of any kind.  I'll share what I want to share with you.

Regarding Credit
  • I learn what I know in security from a variety of sources, and it would be literally impossible for me to remember exactly where I got every tidbit of information I re-explain here.  If I use somebody's quote or take a lot of info from a particular source, I'll give credit.
  • If you share an educational resource that is not yours, I'll give appropriate credit to whoever is originally responsible for the resource.
  • If you share your blog, YouTube channel, Facebook page, etc. with me, no additional credit is necessary because it's your blog/channel/page that I'm featuring.  If you are using an online persona and would like me to also list your real name (or vice versa), please ask.
  • I will NOT give you credit for asking a question, suggesting a topic, or sharing educational resources that are not yours unless you REQUEST IT.
  • Any pictures I use here that I get from the Internet will be credited with the URL I got them from.  I unfortunately can't get much more accurate than that.
  • If there's no URL to go along with a picture, it probably means it's my picture (like a screenshot).
  • If you have an issue with credit, please email me and we'll discuss it.

Final Disclaimer

Look.  As I said before, I'm not an IT technician.  I'm not a computer genius.  I don't hold a Master's in Computer Science, nor do I have a Software Engineering certificate.  I'm a senior in high school.  I'm keeping this blog nice and simple so that I can explain basic concepts to average people.  A lot of people who have far more advanced qualifications than me try to write books and articles that cater to the same audience.  Sometimes they succeed in explaining things in a relatively understandable manner, but I've noticed that a lot of them are so learned in the field of technology that they have trouble explaining the most basic things in plain English.  To them, it's like trying to explain the concept of naming.

Think about it—imagine if you had to explain the concept of naming things to a young child.  What's a name?  "It's what we call things."  What does call mean?  The idea of giving things names is so basic to us that we have trouble explaining it on a simpler level.  And, as crazy as it sounds, certain scary topics in computer science are just as basic to many of the digital scholars who try their best to educate the general computer-using population.  It's not that there's anything wrong with you not knowing, or them not being able to explain it.  Explaining complicated things on a simple level is difficult.  It takes a certain skill.

As you can probably tell from the length of my posts, I enjoy writing, and I have a lot of experience writing.  I'm not very articulate in person, but I am good at explaining things in writing, and I can do so in simple terms.  This is a skill that not everybody has, and I would be doing a world an injustice by not using the strengths that I have.

I'm going to use this skill and my interest in security to explain concepts that are simple to me but may be more confusing or complex for someone who isn't technically-minded or is interested in technology but doesn't know a whole lot about it.  I have very little formal training, but I still know a lot just from reading tech blogs and books over the last few years, and I can explain what I know in a format that can help you understand it, too.  But don't expect me to know everything, and please don't take everything you read on the Internet—including content on my blog—for gospel.  Everyone makes mistakes sometimes, though I'll try to correct any mistakes on this blog the best I can.

What I'm getting at is this: I assume no liability for anything resulting from you doing something silly with your computer, smartphone, or any other technological device, nor do I assume liability for any changes you make in how you guard your technological devices or digital and personal information.  I'm trying to explain concepts, and what you do with the information you obtain here is your decision and your responsibility, not mine.

Thursday, June 27, 2013

What This Here Blog is All About

Hello to all you wonderful people who are reading my blog!  Chances are you got here one of a few ways:

1) Through my persistent badgering on Facebook.  I guess you can stay on my friends list.

2) Through my other (and slightly sillier) blog, Lady Pakenham Needs a Hobby.  If you actually keep up-to-date with that one, I greatly question your sanity, but I appreciate the support anyway.

3) You were frolicking about the Internet and came upon a site with an address that contained the string "imscaredofmycomputer" and found it to be entertaining.  Entertaining was what I was going for, after all.

4) You're my grandmother.  I know you don't understand anything here, Grandma.  Don't worry, it's not that interesting anyway.

Assuming you do follow LPNAH, you may have read this post, in which I talk about the need for more educational resources for both the average computer user and for the amateur nerd interested in learning more (and maybe even pursuing the field professionally).  All of the resources I listed in that post are extremely helpful, but I wanted to provide an avenue for people to ask me questions directly.

Obviously, as time goes on this blog will begin to take a more definite shape.  However, for now, I would love nothing more than YOU, the average bear who uses a computer (because bears do use computers when you're not looking) to send me both questions you have about computers/security and suggestions as to topics I could discuss.  I have a few ideas already, and I could come up with every silly little question under the sun to "answer" in future posts, but if I'm not writing what you guys wanna read, there really is no point in maintaining this blog, now is there?

So here are some basic things I want to hash out:

1) Please send me questions/suggestions via email: ladypakenham at  (I omitted the "@" sign in a feeble attempt to fight off spam bots.)  If you are more of a nerd, please keep in mind that the audience for this blog is the beginning to intermediate user.

2) Spread the word about this blog if you want to see it maintained!  I don't want to write for a nonexistent audience.  LPNAH is a ghost town for the most part, but at least my sister reads it.

3) Yes, I can be found in other places on the Internet.  As my profile says, I'm an Internet junkie.  I'm on Twitter and I have a YouTube account, but the Twitter is more informal and I have absolutely no idea what to do with the YouTube account.  I'm also a moderator on the Slenderman's Shadow forums.

4) I'm kind of a private person in respect to online safety, so don't be offended.  I won't put up any pictures/videos of myself or my family here, and if I ever divulge my real name it will be my first name only.  There's a reason I created a separate Internet identity for myself.  In addition, I like to keep my friends list short, so don't ask for my Facebook account/send me friend requests unless I know you.  (The exception is if you're one of the Marble Hornets guys.  Or Danooct1.)

5) I'm in charge of the content that appears here.  I will not tolerate any trolling, inappropriate behavior, spam, or spread of malicious data (like unsafe URLs).  I maintain the right to delete comments/block users as I see fit.  If you think I'm being unfair, email me.  I have no problem with that.  However, this is my blog, and so I have the final say.

6) I won't write about anything I'm not familiar with.  I'm only human, and I'll admit that I'm still educating myself about security all the time, for technology is an ever-changing field.  I should be able to answer your questions/take your recommendations granted they're appropriate for the audience, but there may very well be occasions where I'm given a question or topic that's perfectly appropriate but also one I'm not familiar with.  I always do my research to make sure I'm giving you the most accurate information (and no, I don't consider Wikipedia a reliable source.  Sorry Wiki).  However, if I read up on the topic and decide that I'm still not familiar enough with it to give a good explanation, I'll admit it.  As Einstein said, you don't truly understand something unless you can explain it in simple terms.  Likewise, you can't really explain something in plain English unless you fully understand it.

7) Behind my name: as I said before, I created a separate Internet persona—Lady Pakenham—for security reasons.  However, how did I choose the name?  This is basically how it goes: my parents are both history buffs, and they raised me to be somewhat of a history buff (kind of).  A couple of times I've done research papers on Andrew Jackson because I find him to be an interesting (and rather complex) character.  In the Battle of New Orleans, which made Jackson a national hero, he and his men were pitted against the men of British Major General Sir Edward Pakenham.  I thought "Sir Edward Pakenham" was the most awesome, stuffy, stereotypical British name ever, and since General Pakenham was shot and killed at the battle, I figured someone needed to carry the name on.

Yes.  That's it.  That's why I'm Lady Pakenham.

That's all for now.  Hope to hear some feedback from you guys soon...