• Welcome to OnlyTech Forums
    An online community for the tech enthusiasts!
    Log in or Register

Be Aware of Malware


5 Aug 2011
Reaction score
If you thought the only threats on the Internet are viruses and you are well guarded from it, think again!

Picture this—you are on a lonely street in an alien land heading to your destination with no real sense of direction. Your only company is a stalking inconspicuous being, and hawk-like eyes are monitoring your every twitch. If this isn’t enough, there’s a predator around who is waiting to rob your personal details and take your identity. FLASH! In just a second, you are stranded in the middle of nowhere. If you thought, this was a Hitchcock plot, then I’m afraid to pop your bubble but this is the reality we live in every single day on the Internet.

“Every coin has two sides”, is an analogy fit for every situation in life. It is not different in the advent of computers. Initially, programs were developed to eliminate the manual handling of data, but then we live in a wild world which also has conniving people who develop programs to create havoc. Creating viruses began as a prank but soon it took an ugly turn and it was used as a tool to harass netizens. Viruses are no longer touring the cyber world in solitude. Malware has stepped in. Malware is a collection of various malicious programs that are constantly on a damaging spree threatening Internet users.

Malware? what’s that?
Malware is the collective term to describe malicious programs; these include viruses, Trojans, Spyware, Adware, Rootkits, Netbots, Backdoors, Key-Loggers, Fraudulent dialers, the list is endless. Some of the other threats include Phishing and Pharming. All this might keep you wondering whether it’s still safe to be active on the Internet with this prevailing insecurity? We bring you the answer straight from one of the market leaders in security solutions—Quick Heal antivirus, India’s only indigenously developed antivirus software.

We were fortunate to be invited by CAT computer services—the makers of Quick Heal antivirus—to their R&D facility at Pune, Maharashtra. Mr. Sanjay Katkar, the CTO and Mr. Kailash Katkar the CEO, were very co-operative in providing us information on current trends of viruses and also giving insight of how antivirus companies combat the Malware menace.

Who’s responsible?
Malware development isn’t restricted to any particular country. It is mostly targeted at nations with high penetration of Internet connectivity. These include regions like US, Europe, Japan etc. Also, Malware developed in one nation can spread rapidly to another country thousands of miles away. Initially it was difficult to trace the origin of any virus, but over the years, security experts have noticed that many of the attacks are targeted towards developed nations, though the virus developers may be from other countries such as the east European bloc.

The scenario now
Though the origin of malicious programs began with viruses, some years ago worms spreading through e-mails became a major threat too. In the last couple of years the trend has shifted to Spyware, Back doors and Trojans which are comparatively greater in number as compared to viruses or worms. Earlier there were about 20-30 worms released per month but now the count has jumped to 40-50 worms per month.Interestingly the Trojan count has shot from 18-20 per month to 300-400 per month. In short any computer connected to the Internet which isn’t armed with an updated antivirus is prone to be infected by Malware.

Presently, the Malware released every month is roughly between the range of 300-400 per day. Out of this glaring figure, viruses just constitute about 5 percent of the total Malware count. In the last two years, the authors of Malware have been developing them for commercial benefits such as spamming of advertisements and stealing credit card information of users and selling them to potential buyers who misuse the acquired information. Pharming is also a major threat, for instance, a fake website posing as your bank’s website asks you to update your personal details and misuses it.

Combating Malware
Most of the time an updated antivirus is equipped to combat Malware as the antivirus contains the virus signatures which are unique to every virus. With hundreds of viruses releasing each day, it’s not feasible to manually find the virus signature of each and every virus; hence an automated system is used.

For instance, the makers of Quick Heal developed an automated system to analyze the trapped malicious programs and find the virus signatures automatically as most of the viruses are variants of a handful of viruses. Only if a rare sample is detected, does the virus signatures get manually extracted.

To create a virus signature, an antivirus company collects the infected samples through their various honeypots (a system of computers that are made susceptible to Malware attacks but are constantly monitored) located in different countries. The malware is trapped in these honeypots and are scrutinized and categorized according to the type of Malware; for instance, whether it is a Virus, Worm, Trojan etc.

Once the Malware is categorized, a specific procedure is followed. If it’s a virus, it is required to be spread over a wide range of platforms and monitor its activities as their behavior varies from platform to platform. Later it is transferred to an analyzer to check if the virus is polymorphic or monomorphic.

The nomenclature of a Malware is done according to the guidelines set by an organization named EICAR (European Institute for Computer Anti-Virus Research). While naming the Malware, it is kept in mind not to include the name of the virus developer to avoid giving undue importance to such activities.

The normal time required in finding the solution to a virus outbreak is 6-8 hrs. In the initial 2-3 hrs of a virus outbreak there is no solution by any antivirus company. In 48 hours all the antivirus companies are out with the solution. But what happens till the virus updates are released and the Malware spread is going great guns causing menace? The solution is ‘Heuristics’, and is used by some antivirus programs today.

Heuristics is a process in which the detection of previously unknown Malware can be done up to some extent. Heuristics analyzes all programs running in the computer and detects if any one of them is functioning in an abnormal manner. In order to do this it quarantines a sample of the infected file and uses an emulator or a virtual environment within the OS known as Sandbox, wherein the infectious sample is tested. If the program is found guilty it is eliminated from the system or else it is let go.

Nowadays, antivirus developers need to think beyond heuristics, as it requires a lot of system resources; also this process can’t be achieved in real time. For instance, when you receive an attachment with an e-mail it is not possible to create a sandbox and check for the unknown Malware. To resolve this, Quick Heal has come up with an ingenious solution called the DNA scan technology. What it does is, it senses each and every change effected by an application in the computer and analyzes the code that is executed in the computer. If it comes across an application whose behavior is suspected to be malicious, it quarantines the file and also traces all the changes done by the application in the computer. The sample is then sent to Quick Heal labs automatically after the user approves of it and the sample is analyzed automatically.

DNA scan technology can also detect those applications whose coding appears suspect. For instance, if a programmer used to develop Malware earlier, and if he has mended his ways now, and written a genuine application, his coding pattern might be the same and might not have followed the standard coding procedure. Even this is detected by the DNA scan.

In one such incident, a Quick Heal client in France stated that he has a genuine program but the DNA scan detected it as a virus. Quick Heal developers analyzed the application and found that the application was genuine but it was not coded using standard procedures of EICAR. It was later found that the application was written by a developer who had a past in developing viruses. The application was written partly in assembly language, visual studio and at some instances, encryption was used. Now the antivirus developers in their forum have decided not to recruit a person if he has ever been involved in the development of a virus unless he serves his term and assures he would not get in to such criminal activities anytime in the future.

Shareware or freeware
Most of us might be satisfied with the free antivirus products which are only meant for home users. These same antivirus software also have a shareware version. In case of a virus outbreak, the shareware users get the first priority to download the updates followed by freeware users. Hence, the freeware user is prone to get affected by the virus outbreak. Also for the shareware users, the updates are hosted on high priority servers hence the antivirus can be updated in less time as compared to the freeware users that get updates from a low priority low bandwidth server. So if your computer has critical data and is always connected to the net, a shareware or paid version is always advised.

Future of Malware
Earlier viruses were developed to gain fame, but these days Malware is being developed for commercial purpose. Hence, the trend of developing more deadly Malware is going to continue in a big way. There has been an upsurge of programmers who develop and sell Malware for financial gains.

For instance, a Bot is developed to track a PC not patched for certain vulnerability and is connected to the Internet. Once these PCs are detected, the Bot is loaded into all these PCs and when these are spread over a network of thousands to a million PCs they are known as a Botnet. The author of the Bot now has control of all the PCs that are infected by the Bot created by him and now he can get various viruses or Trojans downloaded into the various infected PCs. This Botnet is then sold to a potential buyer, such as an adware developer who wants their ads to appear across all the PCs. The adware developer in this case instructs the Botnet owner to download a certain Trojan that contains his ads into the infected computers and within seconds the entire set of PC’s in that Botnet are infected.

In case of phishing websites, the buyer of the Botnet can lead you to a fake website that pose as a genuine secure website, misleading you into entering your bank account details and this information is passed on to malicious users for fraudulent activities. A Botnet created in one country may spread rapidly in some other faraway nation. Bringing such Malware creators to justice is not possible because the cyber laws of all nations are not the same and worse—some nations do not have any. With the advancement in mobile networks as 3G gets introduced offering fast Internet, these new avenues will enable fraudsters get quicker access to people’s personal information. Viruses can be evolved to such an extent that they can infect devices running on a similar platform.

Source : Chip magazine.
Top Bottom