by Ana María Restrepo
Many times we have talked about virtual attacks, and perhaps many will be the news and articles that we will publish about this, because this is the reality that today is presented for companies, governments and people.
From the end of 2008 and the beginning of 2009, different security companies around the world began to alert Internet users about the advance of malware (malicious software) because cybercriminals redesigned their architecture and focused on obtaining profits, making the Internet the greatest means to spread malware, as stated in tren Micro's annual report "Summary of threats and forecasts for 2009".
Also in January 2009, PandaLabs reported that the number of computers infected by the Conficker worm grew by about 6% (5.77%) of computers worldwide. Infection with this worm has spread through 83 countries reaching very high levels in Spain, the United States, Taiwan, Brazil or Mexico.
A month later, ESET presented the ranking of malware spread in which it was ratified that the first place on the list was headed by the Conficker worm, followed by Win32/PSW. OnlineGames and inF/Autorun in third place.
Overview
This is very alarming data and the worrying thing is that most computer users do not know what malware is and do not have the necessary protection installed on their computers.
Jorge Mieres, security analyst at ESET Latin America, explains that, literally speaking, malware is the acronym for Malicious Software (malicious code) and as such is represented by a set of applications (such as viruses, worms, botnets, spyware, adware, etc.) that cause some type of damage to an operating system regardless of its intentionality.
As Daniel J. Molina, McAfee's director for Latin America at Advanced Business Solutions - Networking / Risk & Compliance, argues, this malicious software is a code that tries to do something harmful to the system that receives it, and usually happens on crowded platforms, such as Windows, and even on smartphones such as the iPhone.
Among the main features of the malware is the use of deception methodologies that seek to capture the attention of users to get them to execute the file that contains the malicious instructions that will infect their computers. Likewise, email and instant messaging clients help make the propagation mechanisms much faster.
There are many applications that include malware and as such the best known are worms, Trojans, viruses, spyware, adware, rogue, botnets, among others, but there is a high number of malicious codes that coexist on the Internet.
How does it attack?
Like its multiple varieties, malware attacks computer systems in various ways and from different fronts, and although some do not reach through the network, its focus of propagation begins with it.
Malicious codes can enter the computer through removable storage devices, email, navigation, P2P, social networks, instant messaging, or through private (business, home) or public data networks (airports, open wireless networks, others), according to Omar Calvo, technical director of Softeam Internacional S.A.
Social engineering has been in the last year the most used form of deception by hackers. By this method, cybercriminals achieve contact with the user, who accepts the entry of the malicious program and its execution from any means of transfer. It is important to note that malware always pretends to come from trusted sources, and modifies the options of the opening menu that loads automatically when USB devices are connected.
Some malware methods employ techniques such as camouflage to establish themselves in the system. These files are not visible in the folder in which they are hosted, nor is it possible to see the program easily loaded (running) in system memory. They can use system file names such as Svchost.exe, thus hiding between programs that are normally active in memory and displayed among them, but are located in different folders than non-malicious programs.
Signs of disease
Anti-malware companies claim that out of ten attacks six are detected, which presents an average daily effective detection rate of 60% of new malware. So on any computer you can find malicious software wreaking havoc and it has not been detected, let alone trapped.
But how do you know that a system has malware?
Like many diseases of the body that cannot be detected, but are there doing harm, the types of malware become asymptomatic and do not reveal their location, but if they present some indications.
Daniel explains that the main signal is when there is a low performance of the system or a wrong behavior in it. "Sometimes it manifests itself with random pop ups. Sometimes it changes the home page for the browser and sometimes, as in Conficker, it blocks the pages of protection manufacturers."
Regarding this point, Jorge adds that there are also sudden system reboots, network collapse, appearance of unknown processes resident in memory, and even an unjustified decrease in storage space on the hard disk, RAM and network resources.
Likewise, Omar affirms that new icons appear on the desktop or next to the time of the system without a program having been installed in a conscious way, Internet activity is presented without having open the mail or the browser or other programs that depend on the network for its operation, the antimalware protection program is deactivated and system options such as: start and run, or in Windows Explorer in the "Tools" menu disappears Folder Options/View/show hidden files.
Files and folders are also automatically created on USB removable storage devices, and when these devices are connected to other computers, a virus detection alert is given by means of an antivirus different from the one installed on the infected system; In addition, error messages or programs that request authorization to run, never seen before, appear at the start of the system, and system errors related to the blocking or detection of a program that is running are presented.
Your current state
Today, and as mentioned above, malware is hogging all the attention in the computer world. According to experts, this malicious software represents one of the main problems that compromises the security of home users and any type of company, regardless of its scope and size.
Jorge Mieres affirms that because organizations are increasingly dependent on information networks, there is a potential risk of infection for all computers that are connected to the Internet and a network, in addition to "with the increasing complexity of the techniques and methodologies of propagation and infection, the creators of malware are the order of the day with the constant adaptation of their creations to technological advances, which makes it difficult to prevent computer attacks if you do not become aware of the importance of complementing the installation of adequate antivirus security tools with the implementation of measures such as a correct security policy, in the case of companies and a correct use of Internet resources, in the case of users," he adds.
It must be taken into account, as mentioned by Omar Calvo, that malware attacks are motivated by economic reasons mainly, and attackers seek through these to obtain economic benefits, since criminal groups are developing specific malware to attack an organization with a special purpose and this is marketed in countries of the former Union of Soviet Socialist Republics and in Eastern countries.
And it is that the creativity of hackers has no limits, because apart from the fact that they use email, social networks and instant messaging, they also adhere to the tastes and hobbies of Internet users to make them fall, as is the case of the manipulation of the results of information searches that led to more than a million false domains that used a recognized car manufacturer to download malware.
Omar exposes that criminals generate chains of disinformation by guiding the media and the public to wait for events that all they do is generate distraction so that they carry out accurate attacks.
As for the intensification of the spread of malware in recent years, Daniel comments that from 2007 to 2008 there was a growth of more than 500% in malware according to McAfee data. "In 2008 we saw more than 2,000,000 independent threats. That's more than one threat every 15 seconds."
There are many variants of malware that are distributed around the world, but it should be noted that one of the threats that grew the most in the last year is the download of fake antivirus, which has multiplied by one hundred in the first quarter of 2009, detecting 111,086 new and unique copies of false antivirus, 20% more than in all of 2008, according to information from PandaLabs.
Action/reaction
According to what experts explain, there are many users who are exposed to malware because it mainly attacks weaknesses or vulnerabilities in the operating system, or an application. Therefore, companies must implement strict security policies that mitigate the possibility of being affected, as well as use patches that correct such vulnerabilities.
Additionally, companies can be empowered with firewalls and recognized antivirus programs, although it should be noted that this is not enough, so these solutions must be based on an adequate education plan that contains rules and procedures that are part of the company's security policy.
For their part, people should also protect themselves with antivirus systems and check very well where the emails and programs they will download on their computers come from.
Infection and creation in Latin America
Because these types of threats spread over the Internet, they can reach any corner of the planet in a few seconds regardless of the distance between the sender and the receiver; but although the codes have a high rate of global infection, Jorge says that in recent years there has been an increase in the development of malware from Latin America.
For his part, Daniel comments that the region is at a historical point for what is malicious software. "In Brazil, for example, we see incredible digital penetration, which also brings an increase in malware. We see a lot of malware there specifically against the Brazilian financial sector.
Omar reinforces Daniel's approach, explaining that the Latin American country with the highest incidences of CrimeWare and Phishing is Brazil, followed by Argentina and finally there are Colombia, Venezuela and Mexico.
Leave your comment