Saturday, June 29, 2013

The Malware Trilogy: Introduction/Viruses

Let's start this off on the right foot: by talking about malware.  The reason I put such an emphasis on malware is because there are a lot of myths and hoaxes surrounding the subject, which can effectively hinder your ability to protect yourself.  If you are to do cyber-battle, you must know your enemy.  So let's get one major myth out of the way right now:

If someone brings up malware, chances are the first word that pops into your head is "virus".  However, the truth is that the words "virus" and "malware" are NOT interchangeable.  "Malware" refers to a whole spectrum of different kinds of ill-willed software, and the "virus" is just one kind of malware.

Yes.  There are other types.  And, what more, viruses actually are relatively uncommon today compared to other kinds of malware.  We'll get to that in a minute, but first I'd like to say that, while there are a gazillion different ways you could categorize the bugs that lurk on the Internet, in general security specialists place malicious programs in one of three groups:
  • Viruses
  • Worms
  • Trojan Horses
Today, we'll just focus on the virus.

Computer Viruses

As you probably guessed, computer viruses have a lot of similarities to "real" viruses that like to infect you right before final exams, weddings, and auditions.  These "real" viruses can't spread without a host (you), and even within that host they need additional, smaller hosts (your cells) to produce more copies of virus.

Likewise, digital viruses infect computers on a grand scale and use individual files and programs to spread within computers.  Viruses "infect" computers simply by installing a copy of themselves on the machine.  They then proceed to "infect" files by copying over some of their own code into the file.  (For the medically-minded: this is comparable to a human virus transferring its DNA/RNA into a cell.)  Viruses can spread throughout a computer both by self-replicating (making copies of themselves) and through infecting files.  Infected files can, in turn, infect other files, the same way your co-worker can spread the flu around the office.

Viruses were the first type of malware to become popular with hackers, and they dominated the cybercrime scene from the late 1980s to the mid 1990s.  The main reason hackers loved viruses at the time was because the primitive form of the Internet that existed back then wasn't very widely-used.  That means people weren't doing shopping or banking online, which means there wasn't a whole lot of opportunity to make money from distributing viruses.  Therefore, people who wrote viruses did so to spite those who were most likely to own computers back then—corporations, government agencies, scientific institutions, etc.  Viruses themselves were popular because they were inherently destructive (often times infected files don't work properly, and even today it can be difficult to return them to their original state).

Simply because of their file-infecting, viruses were both destructive and very easy to spot on a machine.  Hackers of the olden days loved this because it really irritated and even humiliated authority figures who were infected.  However, as more and more average people began to use the Internet, and as they began to use it for financial purposes, hackers realized that in order to cash in they'd have to write their programs to be a bit more stealthy.

This is where viruses became an issue.  Viruses are, by far, the least stealthy programs out there.  In addition, viruses are not mobile on their own; file infection is their one and only method of travel.  They depend on infected files to infect each other in a domino-effect-like fashion.  And finally, the only way a file or program can be infected is if it is run.  That means the virus depends on you, the user, to open and run different files and programs in order to travel about your computer.

That's why the virus fell out of favor towards the turn of the millennium, and new forms of malware replaced it.  But we'll save those for another day...


Basics of a Computer Virus:
  • Self-replicates
  • "Infects" files by inserting own code
  • Spreads through infecting files, sending itself as an attachment of an email, infecting email attachments, or infecting external storage devices (like CDs or USB flash drives)
  • Inherently destructive
  • Good for hackers who want their victims to know they were infected
  • Leave "tracks" everywhere they go (in the form of infected files)
  • Can only spread through infected files (slows spread rate)
  • Dependent on human intervention to infect and spread

And that's it for the virus.  The next post will be about a close cousin called the worm, how its differences make it far more dangerous, and why it's gotten a ton of media attention over the last several years.

No comments:

Post a Comment