What is malware?
“Malware” is a term for any software that gets installed on your machine and performs unwanted tasks, often for some third party’s benefit. Malware programs can range from being simple annoyances (pop-up advertising) to causing serious computer invasion and damage (e.g., stealing passwords and data or infecting other machines on the network). Additionally, some malware programs are designed to transmit information about your web-browsing habits to advertisers or other third party interests without you knowing.
To protect all computers from unwanted attacks, IS&T provides Sophos anti-virus software free of charge to the MIT community. Sophos can be installed on Windows, Linux, and Mac computers.
Types of malware
Some categories of malware are:
- Virus – Software that can replicate itself and spread to other computers or are programmed to damage a computer by deleting files, reformatting the hard disk, or using up computer memory.
- Adware – Software that is financially supported (or financially supports another program) by displaying ads when you’re connected to the Internet.
- Spyware – Software that surreptitiously gathers information and transmits it to interested parties. Types of information that is gathered includes the Websites visited, browser and system information, and your computer IP address.
- Browser hijacking software – Advertising software that modifies your browser settings (e.g., default home page, search bars, toolbars), creates desktop shortcuts, and displays intermittent advertising pop-ups. Once a browser is hijacked, the software may also redirect links to other sites that advertise, or sites that collect Web usage information.
How malware gets through
Malware writers are very experienced in using tricks to get users to download their malware. Software that comes bundled with “other software” is often called a “Trojan Horse.” For example, an instant messenger software could be bundled with a program such as WildTangent, a known spyware offender. Peer-to-peer file sharing software bundle various types of malware that are categorized as spyware or adware. Software that promises to speed up your internet connection or assist with downloads (e.g., My Web Search) will often contain adware. Another common way to infect a computer is through email containing a seemingly benign link or email attachment.
Malware can exploit security holes in your browser as a way of invading your machine. Sometimes websites state that software is needed to view the site, in an attempt to trick users into clicking “Yes,” thus installing software onto their machines. Another trick is if you click “No,” many error windows display. Other sites will tell you that using a certificate makes their site “safe” which is not the case. Certificate verification means only that the company that wrote the software is the same as the company whose name appears on the download prompt.
Some malware provides no uninstall option, and installs code in unexpected and hidden places (e.g., the Windows registry) or modifies the operating system, thus making it more difficult to remove.
Source: MIT Edu
Ransomware: A Growing Menace
Ransomware that locks a computer and uses law enforcement imagery to intimidate victims has spread from Eastern Europe to Western Europe, the United States, and Canada over the past year. The scam has been copied and professionalized from initial early attacks, with established online criminal gangs now branching out into the scheme. Each gang has separately developed, or bought, their own different version of the ransomware.
This malware is highly profitable, with as many as 2.9 percent of compromised users paying out. An investigation into one of the smaller players in this scam identified 68,000 compromised computers in just one month, which could have resulted in victims being defrauded of up to $400,000 USD. A larger gang, using malware called Reveton (aka Trojan.Ransomlock.G), was detected attempting to infect 500,000 computers over a period of 18 days.
Given the number of different gangs operating ransomware scams, a conservative estimate is that over $5 million dollars a year is being extorted from victims. The real number is, however, likely much higher.
Ransomware is a category of malicious software which, when run, disables the functionality of a computer in some way. The ransomware program displays a message that demands payment to restore functionality. The malware, in effect, holds the computer ransom. In other words, ransomware is an extortion racket. The scam has evolved over time, using various techniques to disable a computer. The most recent evolution locks the computer display and does not allow the user to access any programs. The computer then displays a message that claims to be from a branch of local law enforcement.
Messages are usually something along the lines of “You have browsed illicit materials and must pay a fine” (as in the preceding Figure 1 example). Law enforcement logos are used to give the message an air of authenticity. A lot of individuals do pay up, either because they believe the messages or because they realize it is a scam but still want to restore access to their computer. Unfortunately, even if a person does pay up, the fraudsters often do not restore functionality.
The only reliable way to restore functionality is to remove the malware. Initially confined to one or two countries in Eastern Europe, the malware has spread throughout Europe and across the Atlantic to the United States and Canada. Criminals will go wherever the money is. From just a few small groups experimenting with this fraud, several organized gangs are now taking this scheme to a professional level and the number of compromised computers has increased.
Symantec has identified at least 16 Figure 1 Example of a typical ransomware message Ransomware: A Growing Menace Page 3 Security Response different versions of ransomware. Multiple gangs have retained programmers to develop these different versions independently. In fact, there is not just one single family of ransomware composed of multiple variants, but rather multiple families each with their own unique behavior.
This paper documents an investigation into these different families, describing how multiple gangs are branching out from previous frauds, such as fake antivirus or financial Trojans, and moving into ransomware. It discusses how the criminals launder their money, how much money the scheme may be worth, and how ransomware has become a serious threat.