Malware

From Pulsed Media Wiki

Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer system, server, client, or computer network, leak private information, gain unauthorized access to information or systems, or otherwise jeopardize a user's computer, data or privacy. It is an umbrella term used to refer to a variety of hostile or intrusive software.

Malware is typically covert, acting against the interests of the user and often without their explicit knowledge or consent.

History of Malware

The concept of self-replicating programs dates back to theoretical discussions in the 1940s and early viruses in the 1970s, such as the experimental Creeper program and the Reaper program created to delete Creeper.

The spread of personal computers in the 1980s saw the emergence of viruses in the wild. Elk Cloner (1982) is considered one of the first widespread viruses for personal computers, affecting Apple II systems. The Brain virus (1986) is notable as one of the first viruses to infect IBM PC compatibles, spreading via floppy disks. These early examples were often relatively harmless, primarily designed to demonstrate capability or display messages.

The 1990s and early 2000s marked the era of mass-mailing worms and internet-borne threats. The Morris Worm (1988) was one of the first major worms distributed via the Internet, causing significant disruption. Viruses and worms like Melissa (1999), ILOVEYOU (2000), Code Red (2001), and SQL Slammer (2003) spread rapidly across the globe through email attachments and network vulnerabilities, impacting millions of computers and causing billions in damages. This period also saw the rise of Trojan horses disguised as legitimate software, and spyware designed to secretly collect user information.

The mid-2000s onwards saw a shift towards "crimeware" – malware explicitly designed for financial gain, including banking Trojans, data-stealing malware, and increasingly, ransomware. The widespread use of broadband internet and the sophistication of attack techniques contributed to a more professionalized cybercrime landscape.

Types of Malware

Malware exists in many forms, categorized by its behavior and method of spread:

  • Viruses: Programs that attach themselves to legitimate files and replicate when the infected file is executed.
  • Worms: Self-replicating malware that spreads across networks without needing to attach to existing files or require user interaction for spread.
  • Trojan Horses: Malware disguised as legitimate software, misleading users into executing it. They do not replicate automatically but can cause significant harm once run.
  • Spyware: Software that secretly observes the user's computer activity and reports it to others.
  • Adware: Software that automatically displays or downloads advertising material (sometimes unwanted or intrusive).
  • Rootkit: Malware designed to gain privileged access to a computer while hiding its presence and the presence of other malicious software.
  • Ransomware: Malware that locks or encrypts a victim's data or system and demands a payment (ransom) to restore access. (See dedicated section below).
  • Bots/Botnets: Malware that infects a computer and connects it to a central server, making it part of a network of controlled computers (a botnet) used for coordinated attacks (like DDoS) or spamming.

Ransomware

Ransomware is a type of malware that blocks access to data or a computer system, usually by encryption, until the victim pays a specified amount of money (the ransom).

The first known ransomware, PC Cyborg (also known as the AIDS Trojan), appeared in 1989. It was relatively simple, using basic encryption and demanding payment via postal mail.

Modern ransomware became a significant threat around 2013 with the emergence of CryptoLocker, which used strong encryption, making infected files practically impossible to recover without the decryption key held by the attackers. Payment demands shifted to hard-to-trace cryptocurrencies like Bitcoin.

Ransomware attacks have evolved into sophisticated operations, sometimes involving "double extortion" where attackers not only encrypt data but also steal it and threaten to leak it if the ransom is not paid. These attacks can target individuals, businesses, and even critical infrastructure.

Notorious Malware and Ransomware

Several malware strains and ransomware families have gained notoriety due to their widespread impact, destructive capabilities, or unique characteristics:

  • Morris Worm (1988): One of the first major internet worms. Not intentionally malicious, but flaws caused it to replicate excessively, slowing down or crashing systems.
  • ILOVEYOU (2000): A highly virulent worm that spread via email with the subject "ILOVEYOU", causing billions in damages by overwriting files and stealing passwords.
  • Code Red (2001): A worm that targeted Microsoft IIS web servers, defacing websites and launching a DDoS attack on the White House website.
  • SQL Slammer (2003): A fast-spreading worm that exploited a vulnerability in Microsoft SQL Server, causing significant disruption to network services globally within minutes.
  • Stuxnet (around 2010): A highly sophisticated worm believed to have been developed by nation-states to target industrial control systems, specifically targeting Iran's nuclear program. Known for its complexity and targeted nature.
  • Conficker (around 2008-2009): A worm that infected millions of computers, creating a large botnet.
  • CryptoLocker (2013): Pioneered the use of strong, asymmetric encryption in widespread ransomware attacks, making file recovery without the key infeasible.
  • WannaCry (2017): A major global ransomware attack that spread rapidly using an exploit believed to have been developed by the NSA ("EternalBlue") and leaked. Infected hundreds of thousands of computers, notably impacting healthcare systems.
  • Petya / NotPetya (2017): Another widespread attack, initially appearing as ransomware but later assessed to be a wiper disguised as ransomware, causing extensive damage, particularly in Ukraine. Also used the EternalBlue exploit.
  • Ryuk (active since 2018): Known for targeting large enterprises and demanding high ransoms, often deployed after attackers have already infiltrated a network.
  • Conti (active until around 2022): A prolific ransomware-as-a-service (RaaS) group responsible for numerous high-profile attacks and large ransom demands.

Prevention and Mitigation

Protecting against malware and ransomware requires vigilance and multiple layers of defense:

  • Keep operating systems and software updated.
  • Use reputable antivirus and anti-malware software.
  • Be cautious of suspicious emails, links, and attachments (especially phishing).
  • Use strong, unique passwords and enable multi-factor authentication.
  • Regularly back up important data to an external drive or cloud storage, and ensure backups are isolated from the network.
  • Use a firewall to control network traffic.
  • Be careful about downloading software from untrusted sources.

See also

Retrieved from "https://wiki.pulsedmedia.com/index.php?title=Malware&oldid=1002844"