- Who is Making All This Malware — and Why?
- Who creates malware and why?
- Who Writes Malicious Programs and Why
- What goes through the minds of hackers?
- Why do people write viruses?
- Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)
- What Makes Johnny (and Janey) Write Viruses?
Rogue security programs are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. They typically use bogus warning messages and alerts to indicate that your computer is infected with spyware or has critical errors as a scare tactic to goad you into downloading a malicious security application to fix it. The alerts can mimic system messages so they appear as if they are generated by the Windows Operating System. It is not uncommon for malware writers to use the names of well known security tools and legitimate anti-virus programs as part of the name for bogus and fake software in order to trick people into using them. There were at least two rogues that used part of or all of the Malwarebytes name including this Fake and Bundled Malwarebytes Anti-Malware 2.0. There also were rogues for SmitfraudFixTool, VundoFixTool, Spybot Search and Destroy, Avira AntiVir and many more. Even Microsoft has been targeted by attackers using such names as MS Anti-virus and Windows Defender in naming schemes for rogue applications.
Rogue antispyware programs are responsible for launching unwanted pop ups, browser redirects and downloading other malicious files so the extent of the infection can vary to include backdoor Trojans, Botnets, IRCBots and rootkits which compromise the computer and make the infection more difficult to remove. For more specific information on how these types of rogue programs and infections install themselves, read:
- Anatomy of a malware scam
- How does rogue security software get on my computer?
- Sunbelt: How to Tell If That Pop-Up Window Is Offering You a Rogue Anti-Malware Product
- GFI: How to tell if that pop-up window is offering you a rogue anti-malware product
- Social engineering in action: how web ads can lead to malware
- The ascension of Crypto-Ransomware and what you need to know to protect yourself
- Symantec: Ransomware A Growing Menace
- TechNet Blogs: The past year has been one of expansion for ransomware
- What is Social Engineering
- Common social engineering attacks
- Social Engineering Fundamentals, Part I: Hacker Tactics
- Social Engineering Fundamentals, Part II: Combat Strategies
- Avoiding Social Engineering and Phishing Attacks
- Five Reasons People Fall Victim to Social Engineering Attacks
Infections spread by malware writers and attackers exploiting unpatched security holes or vulnerabilities in older versions of popular software such as Adobe, Java, Windows Media Player and the Windows operating system itself. Software applications are a favored target of malware writers who continue to exploit coding and design vulnerabilities with increasing aggressiveness.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Time to Update Your Adobe Reader
- Malware exploits Windows Media Player vulnerabilities
- Eight out of every 10 Web browsers are vulnerable to attack by exploits
Unpatched Adobe Vulnerability Is Still Being Exploited in the Wild
Another PDF sample that exploits an unpatched vulnerability in Adobe Reader and Acrobat has been spotted in the wild...
Hole in Patch Process
...your machine may still be vulnerable to attacks if you never bother to uninstall or remove older versions of the software...a malicious site could simply render Java content under older, vulnerable versions of Sun's software if the user has not removed them....
Ghosts of Java Haunt Users
BlackHole toolkit enables attackers to exploit security holes in order to install malicious software
If a website has been hacked or displays malicious ads, they can exploit the vulnerable software on your computer.
The majority of computers get infected from visiting a specially crafted webpage that exploits one or multiple software vulnerabilities. It could be by clicking a link within an email or simply browsing the net, and it happens silently without any user interaction whatsoever.
Exploit Kits - Anatomy of an exploit kit
Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.
To help prevent this, install and use Secunia Personal Software Inspector (PSI), a FREE security tool designed to detect vulnerable and out-dated programs/plug-ins which expose your computer to malware infection.
A large number of infections are contracted and spread by visiting gaming sites, porn sites, using pirated software (warez), cracking tools, hacking tools and keygens where visitors may encounter drive-by downloads through exploitation of a web browser or an operating system vulnerability. Security researchers looking at World of Warcraft and other online games have found vulnerabilities that exploit the system using online bots and rootkit-like techniques to evade detection in order to collect gamer's authentication information so they can steal their accounts.
Dangers of Gaming Sites:
MMO Security: Are Players Getting Played?
The design of online game architecture creates an open door for hackers...hackers and malware hoodlums go where the pickings are easy -- where the crowds gather. Thus, Internet security experts warn game players that they face a greater risk of attack playing games online because few protections exist....traditional firewall and antimalware software applications can't see any intrusions. Game players have no defenses...Online gaming sites are a major distribution vehicle for malware....
Malware Makers Target Online Games to Spread Worms
Microsoft warns game developers of cyber thieves
online game + online trade = Trojan Spy
Real Flaws in Virtual Worlds: Exploiting Online Games
Dangers of Cracking & Keygen Sites:
Keygen and Crack Sites Distribute VIRUX and FakeAV
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...
Dangers of Warez Sites:
University of Washington spyware study
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.
Dangers of Porn Sites:
Porn Sites Lead to MBR Rootkit
Infections spread by using torrent, peer-to-peer (P2P) and file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some cases the computer could be turned into a virus honeypot or zombie. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites.
- US-CERT: Risks of File-Sharing Technology
- A Study of Malware in Peer-to-Peer Networks
- SANS Institute Peer-to-Peer File-Sharing Networks: Security Risks
- More malware is traveling on P2P networks these days
- File Sharing, Piracy, and Malware
Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Hackers are also known to exploit Flash vulnerabilities which can lead to malware infection. When visiting a website that hosts an HTML page which requires a Flash script, users may encounter a malicious Flash redirector or malicious script specifically written to exploit a vulnerability in the Flash Interpreter which causes it to execute automatically in order to infect a computer.
- What is Malvertising
- Malvertising: The Use of Malicious Ads to Install Malware
- malvertisement (malicious advertisement)
- Analyzing and Detecting Malicious Flash Advertisements
Mainstream Websites More Likely to Harbor Malware
...Internet users are 21 times more likely to become infected by visiting a legitimate online shopping site than by visiting a site used for illegal file-sharing...The problem isn't in the sites themselves; it's in the ads...
Clicking Online Ads More Likely To Deliver Malware Than Surfing Porn Sites
...According to Ciscos annual 2013 Security Report internet users are 182 times more likely to get malware from clicking on online ads than visiting a porn site...
Cisco Annual Security Report: Threats Step Out of the Shadows
Infection can also spread by visiting popular social sites and through emails containing links to websites that exploit security hole's in your web browser. When you click on an infected email link or spam, Internet Explorer launches a site that stealthy installs a Trojan so that it can run every time you startup Windows and download more malicious files. Email attachments ending with a .exe, .com, .bat, or .pif from unknown sources can be malicious and deliver dangerous Trojan downloaders, worms and viruses which can utilize your address book to perpetuate its spread to others.
One in 10 web pages laced with malware
At least one in 10 web pages are booby-trapped with malware...The tricks include hacking into a web server to plant malware, or planting it within third-party widgets or advertising...About eight out of every 10 Web browsers are vulnerable to attack by exploits...Even worse, about 30% of browser plug-ins are perpetually unpatched...
Bulk of browsers found to be at risk of attack
Researchers at the Global Security Advisor Research Blog have reported finding pornographic virus variants on Facebook. The Koobface Worm has been found to attack both Facebook and MySpace users. Virus Bulletin has reported MySpace attacked by worm, adware and phishing. Some MySpace user pages have been found carrying the dangerous Virut. Malware has been discovered on YouTube and it continues to have a problem with malware ads. MSN Messenger, AIM and other Instant Messaging programs are also prone to malware attacks.
- Conficker worm's copycat Neeris spreading over IM
- IM attacks get nastier
- MSN Most Dangerous IM Client in 2007
- IM attacks up nearly 80%
To learn more about this risk, please read:
- When is AUTORUN.INF really an AUTORUN.INF?
- Nick Brown's blog: Memory stick worms
- USB-Based Malware Attacks
- Microsoft Security Advisory (967940): Update for Windows Autorun
- Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows
- Taxonomy of Online Security and Privacy Threats
- Malicious website evolution
- Malicious HTML Tags Embedded in Client Web Requests
- IFrame Hack (PHP Exploit)
- Vulnerabilities Allow Attacker to Impersonate Any Website
- SQL Injection Overview- Threat and Vulnerability Mitigation: SQL Injection
One webpage gets infected by virus every 5 seconds
...More than 90 percent of these webpages belong to legitimate sites that have been compromised through hacking techniques such as SQL Injection...Hackers are apparently planting viruses into websites instead of attaching them to email. Users without proper security in place get infected by simply clicking on these webpages.
Phishing is an Internet scam that uses spoofed email and fraudulent Web sites which appear to come from or masquerade as legitimate sources. The fake emails and web sites are designed to fool respondents into disclosing sensitive personal or financial data which can then be used by criminals for financial or identity theft. The email directs the user to visit a web site where they are asked to update personal information such as passwords, user names, and provide credit card, social security, and bank account numbers, that the legitimate organization already has. Spear Phishing is a highly targeted and coordinated phishing attack using spoofed email messages directed against employees or members within a certain company, government agency, organization, or group. These fraudulent emails and web sites, however, may also contain malicious code which can spread infection.
Pharming is a technique used to redirect as many users as possible from the legitimate commercial websites they intended to visit and lead them to fraudulent ones. The bogus sites, to which victims are redirected without their knowledge, will likely look the same as a genuine site. However, when users enter their login name and password, the information is captured by criminals. Pharming involves Trojans, worms, or other technology that attack the browser and can spread infection. When users type in a legitimate URL address, they are redirected to the criminal's web site. Another way to accomplish these scam is to attack or "poison the DNS" (domain name system) rather than individual machines. In this case, everyone who enters a valid URL will instead automatically be taken to the scammer's site.
Finally, backing up infected files, is a common source of reinfection if they are restored to your computer. Generally, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding spaces to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions.
Now that you know How malware spreads, you may want to read Best Practices for Safe Computing - Prevention which includes tips to protect yourself against malware infection.
Edited by quietman7, 09 July 2015 - 04:44 AM.