Mẹo What do we call a malicious program that can replicate itself to infect the computer and data stored on it?
Thủ Thuật Hướng dẫn What do we call a malicious program that can replicate itself to infect the computer and data stored on it? Mới Nhất
Dương Phúc Thịnh đang tìm kiếm từ khóa What do we call a malicious program that can replicate itself to infect the computer and data stored on it? được Cập Nhật vào lúc : 2022-08-23 13:26:02 . Với phương châm chia sẻ Bí quyết Hướng dẫn trong nội dung bài viết một cách Chi Tiết Mới Nhất. Nếu sau khi Read tài liệu vẫn ko hiểu thì hoàn toàn có thể lại Comment ở cuối bài để Mình lý giải và hướng dẫn lại nha.Malware explained: How to prevent, detect and recover from it
What are the types of malware? How can you prevent, detect, or remove it? We've got answers.
Contributing writer, CSO |
Nội dung chính- Malware explained: How to prevent, detect and recover from itWhat are the types of malware? How can you prevent, detect, or remove it? We've got answers.Types of malwareHow to prevent malwareMalware protectionHow to detect malwareMalware removalMalware examplesMalware trendsMalware attacks on businesses spikeCryptomining attacks declineRansomware becoming more targetedWhat is a malicious program that replicate itself?What is a program that replicates itself and infects computers?What do you call this malicious program that causes harm to a computer system or network?What name do we call malicious programs running on a computer?
Jakarin2521 / Simon2579 / Getty Images
Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information. As Microsoft puts it, "[malware] is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network." In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it.
This means that the question of, say, what the difference is between malware and a virus misses the point a bit: a virus is a type of malware, so all viruses are malware (but not every piece of malware is a virus).
Types of malware
There are a number of different ways of categorizing malware; the first is by how the malicious software spreads. You've probably heard the words virus, trojan, and worm used interchangeably, but as Symantec explains, they describe three subtly different ways malware can infect target computers:
- A
worm is a standalone piece of malicious software that reproduces itself and spreads from computer to computer.A virus is a piece of computer code that
inserts itself within the code of another standalone program, then forces that program to take malicious action and spread itself.A trojan is a program that cannot reproduce itself but masquerades as something the user wants and tricks them into activating it so it can do its damage and spread.
Malware can also be installed on a computer "manually" by the attackers themselves, either by gaining physical access to the computer or using privilege escalation to gain remote administrator access.
Another way to categorize malware is by what it does once it has successfully infected its victim's computers. There are a wide range of potential attack techniques used by malware:
- Spyware is
defined by Webroot Cybersecurity as "malware used for the purpose of secretly gathering data on an unsuspecting user." In essence, it spies on your behavior as you use your computer, and on the data you send and receive, usually with the purpose of sending that information to a third party. A
keylogger is a specific kind of spyware that records all the keystrokes a user makes—great for stealing passwords.A rootkit is, as
described by TechTarget, "a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system." It gets its name because it's a kit of tools that (generally illicitly) gain root access (administrator-level control, in Unix terms) over the target system, and use that power to hide their presence.Adware is malware that forces your browser to redirect to web advertisements, which often themselves seek to tải về further, even more malicious software. As The Tp New York Times
notes, adware often piggybacks onto tempting "không lấy phí" programs like games or browser extensions.Ransomware is a flavor of malware that encrypts your hard drive's files
and demands a payment, usually in Bitcoin, in exchange for the decryption key. Several high-profile malware outbreaks of the last few years, such as Petya, are ransomware. Without the decryption key, it's
mathematically impossible for victims to regain access to their files. So-called scareware is a sort of shadow version of ransomware; it claims to have taken control of your computer and demands a ransom, but actually is just using tricks like browser redirect loops to make it seem as if it's done more
damage than it really has, and unlike ransomware can be relatively easily disabled.Cryptojacking is another way attackers can force you to supply them with Bitcoin—only it works without you necessarily knowing. The
crypto mining malware infects your computer and uses your CPU cycles to mine Bitcoin for your attacker's profit. The mining software may run in the background on your operating system or even as JavaScript in a
browser window.Malvertising is the use of legitimate ads or ad networks to covertly deliver malware to unsuspecting users’ computers. For example, a cybercriminal might pay to place an ad on a legitimate website. When a user clicks on the ad, code in the ad either redirects them to a malicious website or installs malware on
their computer. In some cases, the malware embedded in an ad might execute automatically without any action from the user, a technique referred to as a “drive-by tải về.”
Any specific piece of malware has both a means of infection and a behavioral category. So, for instance, WannaCry is a ransomware worm. And a particular piece of malware might have different forms with different attack vectors: for instance, the Emotet banking malware has been spotted in the wild as both a trojan and a worm.
A look the Center for Internet Security's top 10 malware offenders for June of 2022 gives you a good sense of the types of malware out there. By far the most common infection vector is via spam email, which tricks users into activating the malware, Trojan-style. WannaCry and Emotet are the most prevalent malware on the list, but many others, including NanoCore and Gh0st, are what's called Remote Access Trojans or RATs—essentially, rootkits that propagate like Trojans. Cryptocurrency malware like CoinMiner rounds out the list.
How to prevent malware
With spam and phishing email being the primary vector by which malware infects computers, the best way to prevent malware is make sure your email systems are locked down tight—and your users know how to spot danger. We recommend a combination of carefully checking attached documents and restricting potentially dangerous user behavior—as well as just familiarizing your users with common phishing scams so that their common sense can kick in.
When it comes to more technical preventative measures, there are a number of steps you can take, including keeping all your systems patched and updated, keeping an inventory of hardware so you know what you need to protect, and performing continuous vulnerability assessments on your infrastructure. When it comes to ransomware attacks in particular, one way to be prepared is to always make backups of your files, ensuring that you'll never need to pay a ransom to get them back if your hard drive is encrypted.
Malware protection
Antivirus software is the most widely known product in the category of malware protection products; despite "virus" being in the name, most offerings take on all forms of malware. While high-end security pros dismiss it as obsolete, it's still the backbone of basic anti-malware defense. Today's best antivirus software is from vendors Kaspersky Lab, Symantec and Trend Micro, according to recent tests by AV-TEST.
When it comes to more advanced corporate networks, endpoint security offerings provide defense in depth against malware. They provide not only the signature-based malware detection that you expect from antivirus, but anti-spyware, personal firewall, application control and other styles of host intrusion prevention. Gartner offers a list of its top picks in this space, which include products from Cylance, CrowdStrike, and Carbon Black.
How to detect malware
It's fully possible—and perhaps even likely—that your system will be infected by malware some point despite your best efforts. How can you tell for sure? CSO columnist Roger Grimes has written a deep dive into how to diagnose your PC for potential malware that you might find helpful.
When you get to the level of corporate IT, there are also more advanced visibility tools you can use to see what's going on in your networks and detect malware infections. Most forms of malware use the network to either spread or send information back to their controllers, so network traffic contains signals of malware infection that you might otherwise miss; there are a wide range of network monitoring tools out there, with prices ranging from a few dollars to a few thousand. There are also SIEM tools, which evolved from log management programs; these tools analyze logs from various computers and appliances across your infrastructure looking for signs of problems, including malware infection. SIEM vendors range from industry stalwarts like IBM and HP Enterprise to smaller specialists like Splunk and Alien Vault.
Malware removal
How to remove malware once you're infected is in fact the million dollar question. Malware removal is a tricky business, and the method can vary depending on the type you're dealing with. CSO has information on how to remove or otherwise recover from rootkits, ransomware, and cryptojacking. We also have a guide to auditing your Windows registry to figure out how to move forward.
If you're looking for tools for cleansing your system, Tech Radar has a good roundup of không lấy phí offerings, which contains some familiar names from the antivirus world along with newcomers like Malwarebytes.
Malware examples
We've already discussed some of the current malware threats looming large today. But there is a long, storied history of malware, dating back to infected floppy disks swapped by Apple II hobbyists in the 1980s and the Morris Worm spreading across Unix machines in 1988. Some of the other high-profile malware attacks have included:
- ILOVEYOU, a worm that spread like wildfire in 2000 and did more than $15 billion in damageSQL Slammer, which ground internet traffic to a halt within minutes of its first rapid spread in 2003Conficker, a worm that exploited unpatched flaws in
Windows and leveraged a variety of attack vectors – from injecting malicious code to phishing emails – to ultimately crack passwords and hijack Windows devices into a botnet.Zeus, a late '00s keylogger Trojan that targeted banking informationCryptoLocker, the first widespread ransomware attack, whose
code keeps getting repurposed in similar malware projectsStuxnet, an extremely sophisticated worm that infected computers worldwide but only did real damage in one place: the Iranian nuclear facility Natanz, where it destroyed uranium-enriching centrifuges, the mission it was built for by U.S. and Israeli intelligence agencies
Malware trends
You can count on cyber criminals to follow the money. They will target victims depending on likelihood of delivering their malware successfully and size of potential payout. If you look malware trends over the past few years, you will see some fluctuation in terms of the popularity of certain types of malware and who the most common victims are—all driven by what the criminals believe will have the biggest ROI.
Recent research reports indicate some interesting shifts in malware tactics and targets. Cryptominers, which had surpassed ransomware as the most common type of malware, are falling out of favor due to the decline in cryptocurrency values. Ransomware is becoming more targeted, moving away from a shotgun approach.
Malware attacks on businesses spike
Businesses saw a 79 percent increase in the amount of malware they dealt with in 2022 over 2022, according to the Malwarebytes Labs State of Malware Report 2022. “What we usually see year-end or quarterly end is that there has been some sort of increase or large amounts of detections on the consumer side,” says Adam Kujawa, director of Malwarebytes Labs. “On the business side it might slowly grow, but certainly nothing like we’ve seen this last six months.” By comparison, consumer detections decreased by 3 percent over the same period.
“We’ve observed that there is a significant push by cyber criminals to move away from consumers and put their really heavy stuff against businesses instead,” Kujawa adds.
That “really heavy stuff” comes largely in the form of older consumer-focused malware that’s “been weaponized” to become a bigger, more versatile threat for business. Kujawa cites Emotet as one of the most significant. “It’s a nasty little information stealing Trojan that also installs additional malware, spreads laterally, and acts as its own spam sender. Once it infects a system, it starts sending email and tries to infect other people.”
Emotet has been around since 2014 and targeted mainly consumers. Originally, it infected a computer looking for an individual’s financial or credit card information to steal. Since then, it’s picked up new capabilities inspired by or borrowed from other successful malware like Wannacry or EternalBlue. “Now it’s become much more modular and we see it able to use these exploits to traverse through a corporate network whereas before they were limited to a single endpoint,” says Kujawa. “Even if it’s a small network in a small business, it’s more juicy than infecting Grandma.”
Lateral movement of malware is increasing, according to the Global Threat Report: The Year of the Next-Gen Cyberattack from Carbon Black. Nearly 60 percent of malware attacks on business are now designed to move laterally across a network.
One reason for the spike in malware attacks on business might be the EU’s General Data Privacy Regulation (GDPR). Kujawa believes it’s possible that attackers stepped up business attacks thinking that it would be harder to steal personal and other data after the regulation went into effect. That combined with the decline of cryptocurrency values and stepped up defenses against ransomware turned attackers to what worked in the past. “They always [go back to what works],” he says. “Cyber crime is cyclical. It always comes back around.”
Cryptomining attacks decline
The Malwarebyte Labs report has seen a shift away from cryptomining starting in the second quarter of 2022, due largely to the decline in cryptocurrency values. Still, the number of cryptomining detections increased for the year by 7 percent.
Instead, cyber criminals are turning to information stealing malware like Emotet to turn a profit. “Overall, it seems as though criminals have reached the consensus that sometimes stealing is better than mining,” the report stated.
Ransomware becoming more targeted
Kujawa notes that small and medium-sized businesses (SMBs) are becoming more popular targets. He attributes this to the likelihood of being paid for ransomware attacks—SMBs often can’t afford the downtime and see paying ransom as the fastest way to recover. They also often softer targets than larger businesses.
Ransomware detections actually declined by 26 percent worldwide in 2022, according to the Malwarebytes report. However, ransomware detections businesses rose by 28 percent. Industries most often targeted were consulting, education, manufacturing and retail. Kujawa believes criminals focus on these industries because of opportunity and likelihood of ransoms being paid.
More on malware
- Alien malware a rising threat to mobile banking usersHow SilentFade group steals millions from Meta ad spend accountsAfter a decade, Qbot Trojan malware gains new, dangerous tricksRyuk ransomware explained: A targeted, devastatingly effective attackMalware detection in 9 easy stepsHow to detect and prevent crypto mining malware 8 types of malware and
how to recognize themInfected with malware? Check your Windows registry
Josh Fruhlinger is a writer and editor who lives in Los Angeles.
Copyright © 2022 IDG Communications, Inc.
Post a Comment