Page 61 - Cyber Defense eMagazine September 2018
P. 61
61
Malware Basics
And a brief on new Self-updating, Anti-viral Malicious Software
by Joe Guerra, Cybersecurity Instructor, Hallmark University
Malware, which is concise for “malicious software”, is software designed to be utilized or foster the disruption of
computer operations, procure sensitive data, or acquire access to confidential information systems. It shows up
in the form of source code, short active scripts and tied to other software. Malware is the main nomenclature
used to reference the categorical forms of software that are annoying, hostile and intrusive.
In the early days of technology, malware was designed for the sole purpose of experiments or personal pranks.
However, today, malware is primarily utilized to steal confidential, sensitive, financial, personal or business data
for the gain of criminals-alike. They are sometimes implemented to gather secure information from government
or corporate sites to infiltrate and disrupt their overall operation. Nonetheless, malware is often applied in the
utilization against the public to garner personal data such as credit card or bank account numbers, social security
information, and other related personal identifiable information (PII).
Plainly speaking, malware operates through a threat vector to send a malicious payload that executes an adverse
function once it is conjured. Malware comes in a variety of flavors from viruses, Trojan horses, worms, spyware,
adware, and the profitable ransomware.
The way a successful malware attack works on computer systems, usually consists of two components. One is
the malware created by the attackers to penetrate the computers with the intent to corrupt or damage. The other
element is the tandem component in hacking called social engineering, which basically is tricking the user. But
let’s focus on the malware component since the programming aspect of creating these code creatures are
advancing exponentially.
One in particular is called “Baba Yaga.” It is a new advanced malware that Wordfence security discovered early
this year. The name they gave it stems from Slavic folklore for a mythical creature and they believe it was brought
into existence by Russian hackers. The key features that make this malware very unique and astonishing are
the fact that it is self-updating and has antiviral capabilities. It primarily infects Wordpress, Drupal, Joomla and
other generic PHP sites. It is crucial to elucidate the fact that this corrupting software is capable of installing and
upgrading Wordpress. That particular part of the code in the malware is in place to ensure that the website is
functional. The part that is mind-blowing is its antiviral process. BabaYaga has the capability to check your system
for existing files and if malware is detected, it replaces them with clean versions. It does this so that the existing
malware will not reveal its presence in the system.
With the advent of this new type of malware that implements an antiviral component, the future of malware
analysis is looking more dynamic by the second. Overall, this has thrown down the gauntlet for malware architects
to compete amongst each other in designing better-sophisticated code with not just the proliferation aspect, but
also the new anti-viral feature.