Header Ads

A brief history and classification of Malware

The word Malware etymologically is derived from two other words, “malicious” and “software.” Hence as the name implies, Malware is malicious software. Being malicious in nature, such software executes code which is destructive to computers, networks or the computing environment as a whole. Malware is either “in the wild,” which means actively spreading and infecting computers or isolated within lab environments. The latter is the case when a researcher(s) discovers a vulnerability in a system that can be exploited with malicious code and develops a proof of concept demonstrating the potential exploit.

Before the word Malware was coined by Yisrael Radai in 1990, malicious programs were known as computer viruses. This is because much of the early malicious programs were mainly file infectors and replicators, mirroring the nature of an actual virus, they were called computer viruses. But the term computer virus didn’t catch on immediately, because when the When the first computer virus known as ELK Cloner, written by then ninth-grader Rich Skrenta in Pittsburgh, Pennsylvania, appeared in 1982, in a mass-produced microcomputer, the Apple II, nobody knew what to call it. It took the ingenuity of Dr. Frederick Cohen in 1984 having written a research paper titled “Computer Viruses – Theory and Experiments” and using the term “computer viruses” to refer to such malicious codes for the term to catch on. 
Another notable archaic malware was ‘Brain’ (1986), which had its root in Pakistan, impacted the boot sector. In 1987, IBM Christmas Worm originated. In 1988, Robert Morris released an Internet Worm which impacted a significant number of computers. In 1998, the spamming of AOL Trojans affected the users of AOL e-mail facility. Melissa hit in 1999 and was the first mass-mailing e-mail virus. Subsequently, ILOVEYOU Worm infected systems around the world, in the year 2000. The Melissa and ILOVEYOU viruses overwrote and deleted files on a huge number of PC's around the world, and used contact lists of users to enable their replication and spread.

Malware can be classified based on behavior, target platform or attack directive. When based on behavior, Malware can be classified into four broad classes as seen below.

Table. Malware Classes1
Removal of evidence
Removal of registries
AV engine termination
Firewall termination
Notification of updates termination
Language checking
Scanning of known-vulnerable service
E-mail sending (spam)
IRC/IM known port connection
IRC/IM unencrypted commands
Creation of new binary
Modification of existing system binary
Creation of unusual Mutex
Modification of the name resolution file
Modification of the browser proxy settings
Modification of the browser behavior
Download of known malware
Download of unknown file
Driver loading
Stealing of system/user data
Stealing of credentials or financial data
System/user information reading
Process hijacking

We will begin with the most popular and first type of Malicious program, the computer virus. Its ontology and ways of mitigating it will be discussed in the next blog post. 

1. Grégio, A. R. A., Jino, M., & de Geus, P. L. (2012). Malware Behavior. Ph.D. thesis, University of
Campinas (UNICAMP), Campinas

No comments

Powered by Blogger.