Malware is an abbreviation for the phrase “malicious software.” It comprises the tools used by thieves, vandals, and governments to steal, embarrass, and spy on others. The annual impact of malware can be measured in the hundreds of billions of dollars. It can cripple global businesses while also stealing from the most modest of individuals. It has been used as a tool of foreign policy while also undermining the campaigns of candidates and parties.
While malware may be just software, it can have very tangible effects. The Stuxnet worm was able to cause physical damage to Iran’s nuclear infrastructure, and the Wanna Cry ransomware forced hospitals around the world to postpone medical procedures.
Yet, for many, malware might as well be a spell cast by wizards and witches in a Harry Potter novel. It is so broadly or poorly reported that it remains a mystery despite the very real dangers it poses to individuals. The purpose of this course is to demystify malware by explaining what it is, how it works, and how it can be defeated.
Three Aspects of Malware
As a general rule, whenever you hear of a malware incident, there are three things you should seek to understand:
- What kind of device does it impact? Malware written for a computer, for example, typically can’t cross into another architecture, like that of a smartphone.
- What kind of operating system does it impact? While there are exceptions (and we’ll note them in this course), malware often attacks specific vulnerabilities in certain operating systems. In this sense, a Windows virus typically can’t infect a Linux computer.
- What is its vector of attack? While some malware requires the intervention of a user (e.g. opening a malicious attachment), others take advantage of software already running in the background on a computer and require no user interaction.
A History of Malware
While computer researcher Yisrael Radai coined the term “malware” in July of 1990 to describe the growing array of malicious software, the roots of modern malware trace back to the early days of networked computers. Many point to the Creeper program, written by BBN engineer Bob Thomas in the 1970s, as the first computer virus*. Thomas wrote the program to illustrate the potential for software to be able to move on its own through a network, something very helpful for system administrators.
However, as is often the case in computing, a potential feature also reveals a vulnerability. In the early 1980s, the affordable Apple II brought computers into the home and workplace. In 1982, a teenager named Rich Skrenta wrote Elk Cloner, which infected the Apple II via floppy disks and is often considered the first widespread computer virus.
In 1988, the malware lexicon expanded to include the term “worm,” as a Cornell University graduate student, Bob Morris, released a program on the Internet that quickly spread and shut down many systems. Unlike a virus, which needed help to spread, the worm took advantage of running programs on the target systems to spread itself. Morris also became the first person convicted under U.S. Computer Fraud and Abuse Act.
In the early 1990s, the World Wide Web came into existence, and the National Science Foundation removed restrictions on Internet access. The Internet boom was on, and with it came a proliferation of malware, much of it directed at the increasingly popular Microsoft Windows operating systems and programs. While users found great convenience in being able to share documents and software over the Internet, this connectivity greatly increased the potential for damage from malware.
That potential became reality on March 26, 1999, when David Smith of New Jersey released his Melissa virus. Within hours it spread around the world by taking advantage of vulnerabilities in the Microsoft Outlook email program. At the time, the virus was believed to have caused $80 million in damage. After an international investigation led by the FBI, Smith was identified and assigned a 10-year prison sentence, being released after 20 months.
While malware caused very real and measurable damage to organizations that had to spend hours cleaning infected computers or rebuilding lost data, the malice inflicted was often on the scale of a prank. However, during the 2000s and 2010s, malware moved into the realm of criminal enterprises. Over the past decade and a half, malware has been the tool by which massive botnets — some measuring in the millions of computers — have been assembled. When combined with other types of attacks, such as phishing, malware can also become very targeted, resulting in the disclosure of sensitive personal or even political information from specific victims. The advent of smartphones and various consumer Internet devices — everything from refrigerators to cars to lightbulbs are now connected to the Internet — has only increased the surface area and vulnerabilities for malware to attack.
Recommended for you Cloud Application Security
Review Checkpoint
To test your understanding of the content presented in this assignment, please choose your selected response.
1. Which of the following typically is false when describing malware?
a. Malware takes advantage of weaknesses in software.
b. One malware program often is able to infect machines with differing operating systems.
Correct.
c. Malware has been around since the early days of networking.
Recommended for you Trusted Cloud Services , Security Threats In Cloud Computing
