Recent Trends in Malware Viruses and Trojan Horses

Question: Discuss about theRecent Trends in Malware for Viruses and Trojan Horses. Answer: Introduction Malware or in other words malicious software can include a large number of hostile or criminal software that can cause various forms of security threats like worms, viruses, Trojan horses, and rootkits. The harm is caused by infiltrating a computer without the awareness of the host. AS technologies a have developed over past few years, malwares have also grown with new threats that are difficult to overcome(M., 2008). Attacks through malware are increasing through social networks, search engines and mobile devices exposing web users to infections. In 2010, over 1 million websites were infected by malware and around 1.5 million advertisements were distributed as observed by Dasient. A protection measure requires the use of an antivirus that not just protects a machine from normal viruses but also from malware threats and spywares. In several cases, an anti-malware produced used along with anti-virus would give better protection to a system using internet(Mills, 2011). Considering the large number of compromises caused by malware attacks, malware can be considered as an important area to explore and understand such that awareness about dangers can be created and appropriate protection measures can be identified and used for combating malware related threats. Thus, this report would explore recent trends in malware threats and explore solutions(Mariotti, 2014). Research Report Challenges As per 2013 Batchelder report, malware made on top of the list of threats faced by websites. Malware attack websites by injecting malicious JavaScripts by exploiting their vulnerabilities. These malware attacks affect organizations in major ways out of which data breach is one of the most prominent and harmful threat. They are updated, encrypted with anti-debugging capabilities added and commercialisation of exploit kits with automation has added complexities to incident detection and tracking of malware activities(Mansour Parrizas, 2014). Malware have become persistent threats to the web ecosystem and layered defences are unable to provide a complete protection due to Advanced Persistent Threats (APT) caused by malware. These malware are mostly targeted to evading the privacy or performing some criminal activities like theft, sabotage or espionage(Dionysopoulou, 2014). With a large number of malware existing today, it becomes a challenge to properly classify them. As on March 6, 2007, there were 30,000 distinct variants of malware that were identified. Initially, this classification was done manually but in recent years, the processes are automated for grouping new viruses. However, this automatic classification poses many challenges mainly due to lack of well-defined notions of multiple malware instances(Li, Liu, Gao, Reiter, 2010). Another major challenge occurs because of lack of awareness about malware attack behaviour in users who open doors for such attacks too often putting their systems to risks. Moreover, internet security technologies that are used by enterprises for protection may not be reared to fight the modern malware techniques leaving their machines vulnerable to attacks(Oltsik, 2013). Technologies Technologies are used for detecting malware such that they could be prevented from getting downloaded to cause harm to systems. Various malware detection techniques that are used today include signature based, anomaly based and specification based methods(Agrawal, Singh, Gour, Kumar, 2014). PAYL is a program that is used for dynamic anomaly based detection. It calculates the expected payload for every system port and creates byte frequency distribution for developing a centroid model. Incoming payloads are compared with this model to identify variations. If the incoming payload is much more than expected payload as per the model, then that is recognized as malicious. Intrusion detection can use data mining techniques for creating malware detection agents that can audit data of incoming connections to identify intrusions. Privacy-invasive software (PIS) like Adware and Spyware can be identified using Forensic Tool Kit (FTK) software. Other malware protection technologies use techniques like Finite State Automata (FSA) approach to detection, process profiling of system calls, Audit trail pattern analysis, Network Analysis of Anomalous Traffic Events (NATE), Fileprint (n-gram) analysis, cross-view diff-based detection and so on(Idika Mathur, 2007). Research Areas Various areas of recent in the malware trends include: Types of malware software like viruses, worms and so on such as ransomware, espionage, crime ware and so on. The techniques used by malware software for evasion such as stalling codes, environmental triggers and so on(Lindorfer, Kolbitsch, Comparetti, 2011) Malware detection techniques used for protection from malware threats Probabilities and impacts of malware attacks on systems including various types of malicious activities that can be performed Malicious behaviour categories including evasion, execution, network, packing, auto start, file and memory attacks. Technologies or techniques that can be used for detecting malware Various types of threats that can be caused to various types of users in the case of malware attack incidences(ESET, 2016) Discussion Summary The report explores two studies conducted by M. Papadaki on Attack Pattern Analysis: Trends in Malware Variant Development and by Shahid Alam on Current Trends and the Future of Metamorphic Malware Detection. Attack Pattern Analysis: Trends in Malware Variant Development This research delved into the practices of development of malware variants such that the insights could be used for developing additional protection layers to deal with these variants. The study was conducted by exploring three popular malware threats including Beagle, Netsky and Mytob. Some malware trends seen between the years 2003 and 2005 were identified including mass mailing worms, threats to confidential data, bots and their variants, and blended threats. The analysis of specific threats revealed that mass mailing worms like Netsky are propagated through emails and folders that are shared over web. In such cases, worms use some advanced social engineering techniques such that lure users into opening files and a malicious code gets executed the moment user previews or views the file. Just like Netsky, Beagle also used same channels for propagation and also peer-to-peer networks at times. The difference was found in the way worms are utilized on attacked website. While Netsky sent the whole malicious code for attack, Beagle sent only part of code that was used for downloading entire malicious code from a website. This makes it easier for security communities to block downloads but at the same time makes users vulnerable in future with spamming. Mytob was the newer worm that incorporated mall mailing as well as botnet functionalities. It uses a basic mass mailing functionality but an advanced level of backdoor entry by connecting to IRC servers to receive commands giving servers access to local systems through web or ftp. The research suggested that, it is not the complexity which poses biggest challenge, but the combination of various techniques that they use for tricking users that can pose danger. Thus, malware detection software need to understand evolution of variants of malware and their incremental development behaviour to develop counter-techniques(M.Papadaki, S.M.Furnell, N.L.Clarke, Bakar, G.Pinkney, 2005). Current Trends and the Future of Metamorphic Malware Detection This research explored trends in malware threats and characteristics of malware detection systems. The paper identified techniques that malware developers use to protect malware software from getting detected by antivirus applications such as packing or compression, polymorphism that involves mutation of static binary code, and metamorphism that involves mutation of dynamic binary code. Various types of metamorphic malware were identified including closed-world malware that can generate newly mutated codes and open-world malwares that can communicate with other websites through internet to update themselves. The report suggested that malware detection can be used as a measure for protection and major types of detection techniques include Opcode-based analysis (OBA) that disassembles binaries to extract opcodes, Control Flow Analysis (CFA) that assesses calling relationships between program functions, and Information Flow Analysis (IFA) that checks changes in propagated values over time. The report also observed future trends that can occur in the malware threat propagation. The research revealed that web and mobile malware are likely to get more sophisticated in future which is why a hybrid protection involving both static and dynamic analysis may be required for protection. With increasing use of Internet-of-Things devices, embedded system threats are also likely to increase and this demands use of newer malware detection and protection techniques to protect systems from sophisticated malwares like Stuxnet. Further, the paper suggested that a distributed malware detection system may be used over cloud to secure communications between various devices and cloud(Alam, Traore, Sogukpinar, 2014). Uncovered Issues The researches recognized the challenge and requirement for understanding malware variations and their developmental techniques but it did not cover the methods that are used by malware creators for disguising users or tricking them into opening or downloading malware such as code signing and modified browser settings(Sagar, 2009). The researchers also did not explore the evasion techniques used by malware currently such as environmental awareness, obfuscation of internal data, timing-based evasion and confusing automated tools. There are over 500 evasive behaviours that can be used in combination for causing malware attacks. How security techniques can be used for detecting these evasive behaviours of malware was not covered in the researches explored. The researchers did not explore latest techniques used by various types of malware like botnets, espionage, ransomware and so on. This could have included an exploration of specific types of malware, their varieties, attack techniques and evolution(OECD, 2008). The researchers did not include insights into how systems can get affected which could be useful in identifying causes that would be used for building awareness in users such that threat exposure could be minimized. Some of the techniques that could have been explored here include drive by downloads that involves downloading of an executable file, piggyback attacks which involves embedding of malware code in an otherwise safe executable file(Peterson, 2006). Lessons Learnt Some lessons about malware and their attack, evasion, detection and impact trends include: The danger is more in the combination of evasion techniques used by malware than in the complexities of attacks because evasion techniques target users who are not educated to handle security threats Malware producers keep coming with variations that older technological solutions would not be able to adapt to and thus, newer technologies and updates may be required to prevent such malware from affecting systems. Use of anti-virus software may not be sufficient for complete protection and a complementing malware detection software may be needed Organizations are not prepared with technological solutions that are capable of managing and preventing threats caused by latest malware There are over 500 evasive behaviour used by malware and the list keeps on increasing making it difficult for security solution providers to keep them updated Because of a huge number of variants of malware, a correct classification of malware becomes difficult as this is mostly done use automated tools that have limited information about the characteristics of malware. Conclusions The report explored recent trends in malware including different types of threats from malware, techniques used for development of malware, strategies used for attacking users and measures used for protection from malware. The paper explored two past researches done in this area to understand the trends and identified research gaps by uncovering issues that were not discussed in the chosen researches. Based on the understanding of malware trends and the research gaps, some lessons that were learned from the exercises on the topic of interest were presented in the end. References Agrawal, M., Singh, H., Gour, N., Kumar, A. (2014). Evaluation on Malware Analysis. International Journal of Computer Science and Information Technologies, 3381-3384. Alam, S., Traore, I., Sogukpinar, I. (2014). Current Trends and the Future of Metamorphic Malware Detection. University of Victoria. Dionysopoulou, N. (2014). The key to advanced malware protection. McAfee. ESET. (2016). Trends 2016 (IN) Security Everywhere. Eset. Idika, N., Mathur, A. P. (2007). A Survey of Malware Detection Techniques. West Lafayette, IN: Purdue University. Li, P., Liu, L., Gao, D., Reiter, M. K. (2010). On Challenges in Evaluating Malware Clustering. Chapel Hill, NC, USA: University of North Carolina. Lindorfer, M., Kolbitsch, C., Comparetti, P. M. (2011). Detecting Environment-Sensitive Malware. Vienna University of Technology. M., A. H. (2008). Malware 101 - Viruses. SANS Institute. M.Papadaki, S.M.Furnell, N.L.Clarke, Bakar, U., G.Pinkney. (2005). Attack Pattern Analysis: Trends in Malware Variant Development . Plymouth, United Kingdom: University of of Plymouth. Mansour, Y., Parrizas, A. A. (2014). An Early Malware Detection, Correlation, and Incident Response System with Case Studies. SANS Institute. Mariotti, J. (2014). An introduction to malware . CERT-UK. Mills, E. (2011). Emerging Trends in Malware - Antivirus and Beyond . WayTek. OECD. (2008). Malicious Software (Malware): A security Threat to Internet Economy. OECD. Oltsik, J. (2013). Malware and the State of Enterprise Security. ESG. Peterson, P. (2006). Malware Trends:The Attack of Blended Spyware Crime . Ironport Systems. Sagar, A. (2009). Current Threat Scenario and Recent Attack Trends. CERTIN.