Malicious software exists as long as the Internet. Threats have changed significantly, evolving from the software, which aimed to show hackers' skills and do only minor damage on the victim device, to today's highly advanced malware often used by organized gangs and criminal groups whose principal purpose is to make money.

The first known viruses spread by copying itself to new storage devices, but now the vast majority spreads via the Internet. Most computers that are currently in use are protected by a locally-installed anti-virus software that is constantly updated to identify new viruses.

 

VIRUS

A software (program or piece of malicious code) which is designed to spread copies of itself. Works and spreads by making changes in the code of another program to run itself without user consent.

Basic activity - infection

TYPES OF VIRUSES

• parasitic – spread by attaching themselves to programs
• polimorphic – change their virus signature every time they replicate and infect a new file in order to keep from being detected by an antivirus program

Most common: Chernobyl, CIH, Christmass Tree

Many virus spread via e-mail. This type of threats spread on a large scale in the 90s and has led to the development of the next segment of software to protect users - mail gateways, whose main aim was to scan incoming and outgoing e-mail correspondence for the content of various types of malware. Currently, the vast majority of companies use both anti-virus and anti-spam solutions.

 

TROJAN

Often being mistaken for viruses - does not replicate itself, does not infect other programs or data, but the installation of the so-called backdoor opens the door for hackers - providing access to computer resources. The idea of a Trojan horse is based on the user becoming confused. Distributed by cybercriminals as a useful or necessary software (not attacking computers alone). Can block programs.

Damage –  causing loss or theft of data, and possible system harm.

Most common: Connect4, Flatley Trojan, Poison Ivy

 

THE MOST DANGEROUS TYPES OF MALWARE

EXPLOIT -  is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).

ZERO-DAY - a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available. Traditionally, antivirus software relies upon signatures to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained, signatures generated and updates distributed to users. Because of this, signature-based approaches are not effective against zero-day viruses.

ROOTKIT - a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. Very difficult to detect and complicated to remove.

Most common: Hacker Defender, CD Sony Rootkit

KEYLOGGER - computer programs designed to steal passwords or credit card information.

SPYWARE - software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.

Most common: Gator, Cydoor

PHISHING - the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly,money) by masquerading as a trustworthy entity in an electronic communication.

PHARMING - a cyber attack intended to redirect a website's traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of avulnerability in DNS server software. Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.

CLICKJACKING - a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

 

THE SITUATION TODAY

Currently, the number of unique malware code is doubling every six months. Every day tens of thousands of new codes are created to steal data or money from Internet users, regardless of whether they are companies or individuals. Malicious software is distributed via email, posted on websites controlled by hackers or legitimate pages of different organizations that unknowingly infect more users.

One of the most exploited vulnerabilities are those that occur in a variety of Java plugins, Adobe, Active-X plug-ins and add-ons in web browsers. Susceptibilities are being discovered almost daily and extensively exploited by hackers. Time to wait for updates or patches can last from a few hours to a few weeks, which gives plenty of time for hackers to use these vulnerabilities. Such threats, called "Zero-Day" are now one of the biggest challenges for both developers and IT administrators.

MONEY

Modern cyber-business organizations generate huge financial turnover. Their main aim is to make money and steal confidential information to sell them on the black market. The most valuable data that are stolen are user data, passwords,  bank account or credit card numbers. In addition, many of the codes are written improperly, which means that in addition to data theft malware often causes complications in your computer or even prevent its operation. Hackers use also so-called botnets (many infected computers) to send spam e-mail, which  may lead to put an IP address on the so-called blacklists and block the possibility of sending e-mail. Botnet may be also used to participate in distributed denial-of-service attacks.

EFFECT

Risk of corporate, customer or personal data loss, errors in malicious software code and at the possibility of spreading malware may lead to company impaiment and exposure to large financial losses.

 

DIFFERENT TYPES OF PROTECTION

Currently available solutions to protect the IT environment can be divided into three main categories:

• software
• appliance
• seciruty services

 

SOFTWARE

In this model, the client is the owner of the software and is responsible for the selection of equipment on which the software will be run, an operating system upgrade, configuration and maintenance. This model is still the most popular and is one of the most often chosen option for clients who want to take care of their own equipment selection and system configuration.

 

APPLIANCE

Dedicated devices have been introduced in order to simplify the installation and system software operations as well as due to the guarantee of the performance by providing the hardware and software of a strictly defined technical parameters. Software and hardware are sold as a single system and the client remains the owner.

 

SECURITY SERVICES

Due to the rapidly changing environment of online threats, security services become more and more popular and widespread in the market. Such services include all the necessary elements of the system, software, hardware, if it is needed, updates, installation and management. Customer, buying security services cedes both ownership and responsibility for the efficient management of the system to the service provider, which allows to increase flexibility and save time spent on setup, administration and maintenance of the system, and thus reduce the cost of the entire system.