Software unknown, targeted, stealthy and zero day characteristics. Stealing
Software is a set of programs which
constitute the computing system. Operating systems, device drivers, network
infrastructure, database management systems, executable commands on web pages
are examples of software programs which are built for various useful purposes.
There are also programs which are being written to attack the computing system
at different program levels. Such programs breaching a computer system’s security
policy with respect to confidentiality, integrity and availability of data are
called as bad programs or malwares. This computer security threat causes
serious security vulnerabilities in various applications like education,
communication, hospitals, banking, entertainment etc.
Malware is a general term used to
describe various types of malicious software such as viruses, worms, rootkits,
trojan horses, backdoors, botnets, spywares, adwares, ransomwares. Initially
the common term spread towards malware is ‘computer viruses’. It can add,
change or remove any program from the system to intentionally harm the system’s
functions. The programmers who write malicious code are called as malware
writers or authors. These programmers write programs with the intention to
steal or manipulate some private data from the system, degrading its
capabilities, or using the device to launch cyber-attacks on other systems. While
other forms of malware arrived into scene due to the increased advancements in
internets, the prevailing malware variants such as rootkits, botnets and
ransomwares exhibit unknown, targeted, stealthy and zero day characteristics.
Stealing information for financial gains remains the main objective of targeted
Different traditional techniques were
used to detect and defend these malwares like Antivirus Scanner, firewalls, etc.
But they are inefficient with the new unknown malwares. Also, there are new (evasion)
techniques capable of evading the traditional signature based techniques.
Recently, the McAfee Labs team identified a new class of malware that allows
cybercriminals to evade digital signature apps validation on both Personal
Computers (PCs) and Android-based devices, which largely contributed to the malware
findings this quarter. The total amount of digitally signed malware has
increased by 50% to more than 1.5 million samples documented. Malware variants
were based on infection routes and propagation techniques.
sophisticated variants of
complex and mutating viruses may be metamorphic or polymorphic malwares. Many
new malware families were discovered with improved encryption and anti-detection
techniques to make recognition and elimination a difficult task. The new
malware families are termed as advanced malwares due to their capability to
change their forms and disguise themselves to fool the malware analysts. These
mutant malwares are called as polymorphic malwares. Code obfuscation techniques
are evasion techniques which evade most malware detection approaches to avoid
detection and perform malicious actions. Malware variants perform action
against infection routes and propagation techniques. Malwares propagate by
means of bundled software, freeware, email attachments, malicious websites,
removable or network drives and spam emails. Since the nascent days of the
Internet, email has been the vector of choice for attackers delivering malware
to a target, but that trend is rapidly changing. While email certainly
continues to be a major source of malware, attackers are increasingly turning
to real-time, web-enabled applications to deliver malware that is undetectable
by traditional antivirus solutions. These real-time applications provide
practical and technical advantages for an attacker, and the data shows that
they are disproportionally successful at avoiding traditional antivirus as
compared to email. Currently, security standards lack in Internet of Things
(IoT) devices, adware deploying advanced techniques, file-encrypting ransomware
that can steal user data, and increasing attacks on e-wallet and other online
payment systems. QuickHeal Annual Threat Report reported that Mirai botnet took
advantage of IoT devices in 2016.
Ransomware is a major and rapidly
growing threat at present. Malware analysis should be done irrespective of the
unknown and stealthy malware attack characteristics in order to achieve a
secure information world. This is possible only when efficient malware
detection techniques are employed.
of Windows malware detected by Quick Heal Labs in 2016 is given in figure 1.