61


        Malware Basics


        And a brief on new Self-updating, Anti-viral Malicious Software
        by Joe Guerra, Cybersecurity Instructor, Hallmark University




        Malware, which is concise for “malicious software”, is software designed to be utilized or foster the disruption of
        computer operations, procure sensitive data, or acquire access to confidential information systems. It shows up
        in the form of source code, short active scripts and tied to other software. Malware is the main nomenclature
        used to reference the categorical forms of software that are annoying, hostile and intrusive.

         In the early days of technology, malware was designed for the sole purpose of experiments or personal pranks.
        However, today, malware is primarily utilized to steal confidential, sensitive, financial, personal or business data
        for the gain of criminals-alike. They are sometimes implemented to gather secure information from government
        or corporate sites to infiltrate and disrupt their overall operation. Nonetheless, malware is often applied in the
        utilization against the public to garner personal data such as credit card or bank account numbers, social security
        information, and other related personal identifiable information (PII).

        Plainly speaking, malware operates through a threat vector to send a malicious payload that executes an adverse
        function once it is conjured. Malware comes in a variety of flavors from viruses, Trojan horses, worms, spyware,
        adware, and the profitable ransomware.

        The way a successful malware attack works on computer systems, usually consists of two components. One is
        the malware created by the attackers to penetrate the computers with the intent to corrupt or damage. The other
        element is the tandem component in hacking called social engineering, which basically is tricking the user. But
        let’s  focus  on  the  malware  component  since  the  programming  aspect  of  creating  these  code  creatures  are
        advancing exponentially.

        One in particular is called “Baba Yaga.” It is a new advanced malware that Wordfence security discovered early
        this year. The name they gave it stems from Slavic folklore for a mythical creature and they believe it was brought
        into existence by Russian hackers. The key features that make this malware very unique and astonishing are
        the fact that it is self-updating and has antiviral capabilities. It primarily infects Wordpress, Drupal, Joomla and
        other generic PHP sites. It is crucial to elucidate the fact that this corrupting software is capable of installing and
        upgrading Wordpress. That particular part of the code in the malware is in place to ensure that the website is
        functional. The part that is mind-blowing is its antiviral process. BabaYaga has the capability to check your system
        for existing files and if malware is detected, it replaces them with clean versions. It does this so that the existing
        malware will not reveal its presence in the system.

        With the advent of this new type of malware that implements an antiviral component, the future of malware
        analysis is looking more dynamic by the second. Overall, this has thrown down the gauntlet for malware architects
        to compete amongst each other in designing better-sophisticated code with not just the proliferation aspect, but
        also the new anti-viral feature.