And a brief on new Self-updating, Anti-viral Malicious Software

by Joe Guerra, Cybersecurity Instructor, Hallmark University

Malware, which is concise for “malicious software”, is software designed to be utilized or foster the disruption of computer operations, procure sensitive data, or acquire access to confidential information systems. It shows up in the form of source code, short active scripts and tied to other software. Malware is the main nomenclature used to reference the categorical forms of software that are annoying, hostile and intrusive.

In the early days of technology, malware was designed for the sole purpose of experiments or personal pranks. However, today, malware is primarily utilized to steal confidential, sensitive, financial, personal or business data for the gain of criminals-alike. They are sometimes implemented to gather security information from government or corporate sites to infiltrate and disrupt their overall operation. Nonetheless, malware is often applied in the utilization against the public to garner personal data such as credit card or bank account numbers, social security information, and other related personally identifiable information (PII).

Plainly speaking, malware operates through a threat vector to send a malicious payload that executes an adverse function once it is conjured. Malware comes in a variety of flavors from viruses, Trojan horses, worms, spyware, adware, and the profitable ransomware.

The way a successful malware attack works on computer systems usually consists of two components. One is the malware created by the attackers to penetrate the computers with the intent to corrupt or damage. The other element is the tandem component in hacking called social engineering, which basically is tricking the user. But let’s focus on the malware component since the programming aspect of creating these code creatures are advancing exponentially.

One, in particular, is called “Baba Yaga.” It is a new advanced malware that Wordfence security discovered early this year. The name they gave it stems from Slavic folklore for a mythical creature and they believe it was brought into existence by Russian hackers. The key features that make this malware very unique and astonishing are the fact that it is self-updating and has antiviral capabilities. It primarily infects WordPress, Drupal, Joomla, and other generic PHP sites. It is crucial to elucidate the fact that this corrupting software is capable of installing and upgrading WordPress. That particular part of the code in the malware is in place to ensure that the website is functional. The part that is mind-blowing is its antiviral process. BabaYaga has the capability to check your system for existing files and if malware is detected, it replaces them with clean versions. It does this so that the existing malware will not reveal its presence in the system.

With the advent of this new type of malware that implements an antiviral component, the future of malware analysis is looking more dynamic by the second. Overall, this has thrown down the gauntlet for malware architects to compete amongst each other in designing better-sophisticated code with not just the proliferation aspect, but also the new anti-viral feature.

Malware, which is concise for “malicious software”, is software designed to be utilized or foster the disruption of computer operations, procure sensitive data, or acquire access to confidential information systems. It shows up in the form of source code, short active scripts and tied to other software. Malware is the main nomenclature used to reference the categorical forms of software that are annoying, hostile and intrusive.

In the early days of technology, malware was designed for the sole purpose of experiments or personal pranks. However, today, malware is primarily utilized to steal confidential, sensitive, financial, personal or business data for the gain of criminals-alike. They are sometimes implemented to gather security information from government or corporate sites to infiltrate and disrupt their overall operation. Nonetheless, malware is often applied in the utilization against the public to garner personal data such as credit card or bank account numbers, social security information, and other related personally identifiable information (PII).

Plainly speaking, malware operates through a threat vector to send a malicious payload that executes an adverse function once it is conjured. Malware comes in a variety of flavors from viruses, Trojan horses, worms, spyware, adware, and the profitable ransomware.

The way a successful malware attack works on computer systems usually consists of two components. One is the malware created by the attackers to penetrate the computers with the intent to corrupt or damage. The other element is the tandem component in hacking called social engineering, which basically is tricking the user. But let’s focus on the malware component since the programming aspect of creating these code creatures are advancing exponentially.

One, in particular, is called “Baba Yaga.” It is a new advanced malware that Wordfence security discovered early this year. The name they gave it stems from Slavic folklore for a mythical creature and they believe it was brought into existence by Russian hackers. The key features that make this malware very unique and astonishing are the fact that it is self-updating and has antiviral capabilities. It primarily infects WordPress, Drupal, Joomla, and other generic PHP sites. It is crucial to elucidate the fact that this corrupting software is capable of installing and upgrading WordPress. That particular part of the code in the malware is in place to ensure that the website is functional. The part that is mind-blowing is its antiviral process. BabaYaga has the capability to check your system for existing files and if malware is detected, it replaces them with clean versions. It does this so that the existing malware will not reveal its presence in the system.

With the advent of this new type of malware that implements an antiviral component, the future of malware analysis is looking more dynamic by the second. Overall, this has thrown down the gauntlet for malware architects to compete amongst each other in designing better-sophisticated code with not just the proliferation aspect, but also the new anti-viral feature.

About the Author

Joe Guerra, Cybersecurity Instructor, Hallmark University Joe Guerra is a cybersecurity/computer programming instructor at Hallmark University. He has 12 years of teaching/training experience in software and information technology development. Joe has been involved in teaching information systems security and secure software development towards industry certifications. Initially, Joe was a software developer working in Java, PHP, and Python projects. Now, he is focused on training the new generation of cyber first responders at Hallmark University.