Malwares are malicious softwares that run on digital systems, many times without the knowledge or permission of the systems' owner. With the recent rise in the download of free VPNs, occassioned by the Twitter ban in Nigeria, the risk of comming in contact with malwares has increased for many in the country. Lawrence Agbo looks at the history of malware, types, sources and how to battle the threats in this series of articles.
The history of malware and the cybercriminals behind it date back to 1982 when the malicious software was discovered on a Macintosh computer. And in 1986, the first PC-based malware, known as Brain, was seen.
This article is focused on malware and how it is loaded onto the device without the user's knowledge in order to harm or exploit any programmable device, service, or network and expose the user's private data.
The term malware is used to describe all kinds of malicious software that slowly and completely destroy devices, which is why you should protect yourself against malware as effectively as possible.
Since its birth more than 35 years ago, malware has found several methods of attack. They can get onto your device via email attachments, malicious advertisements on popular sites (malvertising), fake software installations, infected USB drives, infected apps, phishing emails and even text messages.
During the late 1980s, most malicious programs were simple boot sector and file infectors spread via floppy disk.
By the late 1990s, viruses had begun impacting home users, with email propagation increasing. The popular ones at the time include:
Brain was the first "stealth" virus, i.e. one that included means to hide its existence.
Jerusalem was a DOS virus discovered in 1987.
The Morris Worm, released in 1988, was the first known to be distributed via the internet.
Michelangelo, appeared in 1991. It designed to infect DOS-based systems.
CIH was a Microsoft Windows 9x virus that was released in 1998.
Melissa was a macro virus discovered in 1999.
In 2000, internet and email worms surfaced and made headlines across the globe:
ILOVEYOU virus surfaced in year 200 attacking millions of Windows-based computers.
In 2001, thehe Anna Kournikova email worm appeared and caused problems in email servers around the world.
Sircam, which was active in 2001, spread itself through email on Windows-based systems.
The CodeRed worm and Nimda also spread in 2001 by taking advantage of a buffer overflow vulnerability in Windows-running computers
2004: An email worm war broke out between the authors of MyDoom, Bagle, and Netsky. As a result of this war, email scanning became more sophisticated and more users so began subscribing to email filtering, which eventually nearly eliminated mass-spreading email worms.
2005: The discovery and disclosure of the now-infamous Sony rootkit led to the inclusion of rootkits in most modern-day malware.
2007: Website compromises escalated due in large part to the discovery and disclosure of MPack, a crimeware kit used to deliver exploits online. SQL injection attacks had begun to ramp up; victims included the popular Cute Overload and IKEA websites.
2008: By now, attackers were employing stolen FTP credentials and leveraging weak configurations to inject IFrames on tens of thousands of smaller websites. In June 2008, the Asprox botnet facilitated automated SQL injection attacks, claiming popular retailer, Walmart as one of its victims.
2009: In early 2009, Gumblar emerged, infecting systems running older versions of Windows. Its methodology was quickly adopted by other attackers, leading to botnets that are harder to detect.
2010: Industrial computer systems were targets of the 2010 Stuxnet worm. This malicious tool targeted machinery on factory assembly lines. It was so damaging that it's thought to have caused the destruction of several hundred of Iran's uranium-enriching centrifuges.
2011: A Microsoft-specific Trojan horse called ZeroAccess downloaded malware on computers via botnets. It was mostly hidden from the operating system using rootkits and was propagated by Bitcoin mining tools.
2012: As part of a worrying trend, Shamoon targeted computers in the energy sector. Cited by cybersecurity lab CrySyS as "the most complex malware ever found," Flame also known as Flamer, sKyWIper, and Skywiper was used for cyber espionage in the Middle East.
2013: An early instance of ransomware, CryptoLocker was a Trojan horse that locked the files on a user's computer, prompting them to pay a ransom for the decryption key. Gameover ZeuS used keystroke logging to steal users' login details from financial transaction sites.
2014: The Trojan horse known as Regin was thought to have been developed in the U.S. and U.K. for espionage and mass surveillance purposes.
2016: Locky infected several million computers in Europe, including over 5,000 computers per hour just in Germany. Mirai launched highly disruptive distributed DoS (DDoS) attacks on several prominent websites and infected the IoT.
2017: The global WannaCry ransomware attack was halted when a cybersecurity researcher found a "kill switch" within the ransomware code. Petya, another instance of ransomware, was also released, using a similar exploit to the one used by WannaCry.
2018: As cryptocurrency started to gain traction, Thanatos became the first ransomware to accept payments in Bitcoin.
Cybercriminals typically use it to extract data that they can leverage over victims for financial gain. That data can range from financial data to healthcare records, to personal emails and passwords—the possibilities of what sort of information can be compromised have become endless.
Tricking a victim into providing personal data for identity theft
Stealing consumer credit card data or other financial data
Assuming control of multiple computers to launch denial-of-service attacks against other networks
Infecting computers and using them to mine bitcoin or other cryptocurrencies
There is a lot of malware out there, but understanding the different types of malware is one way to help protect your data and devices according to hone security:
A virus is a type of malware that spreads through normal programmes. A virus usually comes as an attachment in an email that holds a virus payload, or the part of the malware that performs the malicious action. Once the victim opens the file, the device is infected.
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files until a ransom is paid. One of the most popular and one of the most profitable, types of malware amongst cybercriminals is ransomware. This malware installs itself onto a victim’s machine, encrypts their files, and then turns around and demands a ransom (usually in Bitcoin) to return that data to the user.
A malicious computer programms designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection. Cybercriminals scare us into thinking that our computers or smartphones have become infected to convince victims to purchase a fake application. In a typical scareware scam, you might see an alarming message while browsing the Web that says “Warning: Your computer is infected!” or “You have a virus!” Cybercriminals use these programs and unethical advertising practices to frighten users into purchasing rogue applications.
Worm is self-replicating malware that duplicates itself to spread to uninfected computers. Worms have the ability to copy themselves from machine to machine, usually by exploiting some sort of security weakness in a software or operating system and don’t require user interaction to function.
Spyware is any software that installs itself on your computer and starts covertly monitoring your online behavior without your knowledge or permission. Spyware is often used by law enforcement, government agencies and information security organizations to test and monitor communications in a sensitive environment or in an investigation. But spyware is also available to consumers, allowing purchasers to spy on their spouses, children and employees.
When installed on the computer, it captures and transmits personal information or Internet browsing habits and details to its user.
A Trojan Horse is a type of malware that pretends to be something useful, helpful, or fun while actually causing harm or stealing data. Trojans masquerade as harmless applications, tricking users into downloading and using them. Once up and running, they then can steal personal data, crash a device, spy on activities, or even launch an attack.
Adware is unwanted software designed to throw advertisements up on your screen, most often within a web browser. Adware programs are often installed in exchange for another service, such as the right to use a program without paying for it. Adware programs push unwanted advertisements at users and typically display blinking advertisements or pop-up windows when you perform a certain action.
Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove.
In general, no device is safe from malware infection. Malware attacks on iOS are much less common due to the enormous security architecture.
Nevertheless, there is now malware that automatically deactivates the security systems within Mac devices, for example. A well-known example of malware specialising in macOS is CrescentCore.
CrescentCore malware searches for existing antivirus programs and security solutions inside the device. As soon as any are found, the malware terminates all programs in order to make detection impossible. The devices are then no longer protected, making them vulnerable to any kind of malware. For this reason, it is always advisable to take a regular look at your own systems.
The Android operating system in particular is at risk for attacks and malware if there is insufficient protection.