Discuss about the Recent Trends in Malware for Viruses and Trojan Horses.
Malware or in other words malicious software can include a large number of hostile or criminal software that can cause various forms of security threats like worms, viruses, Trojan horses, and rootkits. The harm is caused by infiltrating a computer without the awareness of the host. AS technologies a have developed over past few years, malwares have also grown with new threats that are difficult to overcome (M., 2008). Attacks through malware are increasing through social networks, search engines and mobile devices exposing web users to infections. In 2010, over 1 million websites were infected by malware and around 1.5 million advertisements were distributed as observed by Dasient. A protection measure requires the use of an antivirus that not just protects a machine from normal viruses but also from malware threats and spywares. In several cases, an anti-malware produced used along with anti-virus would give better protection to a system using internet (Mills, 2011). Considering the large number of compromises caused by malware attacks, malware can be considered as an important area to explore and understand such that awareness about dangers can be created and appropriate protection measures can be identified and used for combating malware related threats. Thus, this report would explore recent trends in malware threats and explore solutions (Mariotti, 2014).
As per 2013 Batchelder report, malware made on top of the list of threats faced by websites. Malware attack websites by injecting malicious JavaScripts by exploiting their vulnerabilities. These malware attacks affect organizations in major ways out of which data breach is one of the most prominent and harmful threat. They are updated, encrypted with anti-debugging capabilities added and commercialisation of exploit kits with automation has added complexities to incident detection and tracking of malware activities (Mansour & Parrizas, 2014).
Malware have become persistent threats to the web ecosystem and layered defences are unable to provide a complete protection due to Advanced Persistent Threats (APT) caused by malware. These malware are mostly targeted to evading the privacy or performing some criminal activities like theft, sabotage or espionage (Dionysopoulou, 2014).
With a large number of malware existing today, it becomes a challenge to properly classify them. As on March 6, 2007, there were 30,000 distinct variants of malware that were identified. Initially, this classification was done manually but in recent years, the processes are automated for grouping new viruses. However, this automatic classification poses many challenges mainly due to lack of well-defined notions of multiple malware instances (Li, Liu, Gao, & Reiter, 2010).
Another major challenge occurs because of lack of awareness about malware attack behaviour in users who open doors for such attacks too often putting their systems to risks. Moreover, internet security technologies that are used by enterprises for protection may not be reared to fight the modern malware techniques leaving their machines vulnerable to attacks (Oltsik, 2013).
Technologies are used for detecting malware such that they could be prevented from getting downloaded to cause harm to systems. Various malware detection techniques that are used today include signature based, anomaly based and specification based methods (Agrawal, Singh, Gour, & Kumar, 2014).
PAYL is a program that is used for dynamic anomaly based detection. It calculates the expected payload for every system port and creates byte frequency distribution for developing a centroid model. Incoming payloads are compared with this model to identify variations. If the incoming payload is much more than expected payload as per the model, then that is recognized as malicious.
Intrusion detection can use data mining techniques for creating malware detection agents that can audit data of incoming connections to identify intrusions. Privacy-invasive software (PIS) like Adware and Spyware can be identified using Forensic Tool Kit (FTK) software. Other malware protection technologies use techniques like Finite State Automata (FSA) approach to detection, process profiling of system calls, Audit trail pattern analysis, Network Analysis of Anomalous Traffic Events (NATE), Fileprint (n-gram) analysis, cross-view diff-based detection and so on (Idika & Mathur, 2007).
Various areas of recent in the malware trends include:
The report explores two studies conducted by M. Papadaki on Attack Pattern Analysis: Trends in Malware Variant Development and by Shahid Alam on Current Trends and the Future of Metamorphic Malware Detection.
This research delved into the practices of development of malware variants such that the insights could be used for developing additional protection layers to deal with these variants. The study was conducted by exploring three popular malware threats including Beagle, Netsky and Mytob. Some malware trends seen between the years 2003 and 2005 were identified including mass mailing worms, threats to confidential data, bots and their variants, and blended threats.
The analysis of specific threats revealed that mass mailing worms like Netsky are propagated through emails and folders that are shared over web. In such cases, worms use some advanced social engineering techniques such that lure users into opening files and a malicious code gets executed the moment user previews or views the file.
Just like Netsky, Beagle also used same channels for propagation and also peer-to-peer networks at times. The difference was found in the way worms are utilized on attacked website. While Netsky sent the whole malicious code for attack, Beagle sent only part of code that was used for downloading entire malicious code from a website. This makes it easier for security communities to block downloads but at the same time makes users vulnerable in future with spamming.
Mytob was the newer worm that incorporated mall mailing as well as botnet functionalities. It uses a basic mass mailing functionality but an advanced level of backdoor entry by connecting to IRC servers to receive commands giving servers access to local systems through web or ftp.
The research suggested that, it is not the complexity which poses biggest challenge, but the combination of various techniques that they use for tricking users that can pose danger. Thus, malware detection software need to understand evolution of variants of malware and their incremental development behaviour to develop counter-techniques (M.Papadaki, S.M.Furnell, N.L.Clarke, Bakar, & G.Pinkney, 2005).
This research explored trends in malware threats and characteristics of malware detection systems. The paper identified techniques that malware developers use to protect malware software from getting detected by antivirus applications such as packing or compression, polymorphism that involves mutation of static binary code, and metamorphism that involves mutation of dynamic binary code.
Various types of metamorphic malware were identified including closed-world malware that can generate newly mutated codes and open-world malwares that can communicate with other websites through internet to update themselves. The report suggested that malware detection can be used as a measure for protection and major types of detection techniques include Opcode-based analysis (OBA) that disassembles binaries to extract opcodes, Control Flow Analysis (CFA) that assesses calling relationships between program functions, and Information Flow Analysis (IFA) that checks changes in propagated values over time.
The report also observed future trends that can occur in the malware threat propagation. The research revealed that web and mobile malware are likely to get more sophisticated in future which is why a hybrid protection involving both static and dynamic analysis may be required for protection. With increasing use of Internet-of-Things devices, embedded system threats are also likely to increase and this demands use of newer malware detection and protection techniques to protect systems from sophisticated malwares like Stuxnet. Further, the paper suggested that a distributed malware detection system may be used over cloud to secure communications between various devices and cloud (Alam, Traore, & Sogukpinar, 2014).
The researches recognized the challenge and requirement for understanding malware variations and their developmental techniques but it did not cover the methods that are used by malware creators for disguising users or tricking them into opening or downloading malware such as code signing and modified browser settings (Sagar, 2009).
The researchers also did not explore the evasion techniques used by malware currently such as environmental awareness, obfuscation of internal data, timing-based evasion and confusing automated tools. There are over 500 evasive behaviours that can be used in combination for causing malware attacks. How security techniques can be used for detecting these evasive behaviours of malware was not covered in the researches explored.
The researchers did not explore latest techniques used by various types of malware like botnets, espionage, ransomware and so on. This could have included an exploration of specific types of malware, their varieties, attack techniques and evolution (OECD, 2008).
The researchers did not include insights into how systems can get affected which could be useful in identifying causes that would be used for building awareness in users such that threat exposure could be minimized. Some of the techniques that could have been explored here include drive by downloads that involves downloading of an executable file, piggyback attacks which involves embedding of malware code in an otherwise safe executable file (Peterson, 2006).
Some lessons about malware and their attack, evasion, detection and impact trends include:
Conclusions
The report explored recent trends in malware including different types of threats from malware, techniques used for development of malware, strategies used for attacking users and measures used for protection from malware. The paper explored two past researches done in this area to understand the trends and identified research gaps by uncovering issues that were not discussed in the chosen researches. Based on the understanding of malware trends and the research gaps, some lessons that were learned from the exercises on the topic of interest were presented in the end.
References
Agrawal, M., Singh, H., Gour, N., & Kumar, A. (2014). Evaluation on Malware Analysis. International Journal of Computer Science and Information Technologies, 3381-3384.
Alam, S., Traore, I., & Sogukpinar, I. (2014). Current Trends and the Future of Metamorphic Malware Detection. University of Victoria.
Dionysopoulou, N. (2014). The key to advanced malware protection. McAfee.
ESET. (2016). Trends 2016 (IN) Security Everywhere. Eset.
Idika, N., & Mathur, A. P. (2007). A Survey of Malware Detection Techniques. West Lafayette, IN: Purdue University.
Li, P., Liu, L., Gao, D., & Reiter, M. K. (2010). On Challenges in Evaluating Malware Clustering. Chapel Hill, NC, USA: University of North Carolina.
Lindorfer, M., Kolbitsch, C., & Comparetti, P. M. (2011). Detecting Environment-Sensitive Malware. Vienna University of Technology.
M., A. H. (2008). Malware 101 – Viruses. SANS Institute.
M.Papadaki, S.M.Furnell, N.L.Clarke, Bakar, U., & G.Pinkney. (2005). Attack Pattern Analysis: Trends in Malware Variant Development . Plymouth, United Kingdom: University of of Plymouth.
Mansour, Y., & Parrizas, A. A. (2014). An Early Malware Detection, Correlation, and Incident Response System with Case Studies. SANS Institute.
Mariotti, J. (2014). An introduction to malware . CERT-UK.
Mills, E. (2011). Emerging Trends in Malware – Antivirus and Beyond . WayTek.
OECD. (2008). Malicious Software (Malware): A security Threat to Internet Economy. OECD.
Oltsik, J. (2013). Malware and the State of Enterprise Security. ESG.
Peterson, P. (2006). Malware Trends:The Attack of Blended Spyware Crime . Ironport Systems.
Sagar, A. (2009). Current Threat Scenario and Recent Attack Trends. CERTIN.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download