Table of Contents

What Is Malware? ..………………………………………………………… 3
History of Malware …………………………………………………………. 4
Types of Malware …………………………………………………………… 5
How to Prevent Malware …………………………………………………… 7
Attacks on Mobile Devices …………………………………………………. 9
Conclusion …………………………………………………………………. 11
References ……………………………………………………………………. 14

What is malware Malware, short for malicious software, is any type of software that is used in order to disrupt regular computer operations, gather sensitive information, or gain access to private computer systems. Malware is not something new to computers; it is as old as software itself. Programmers have been creating it for as long as they have been creating legitimate software. There are many different reasons as to why a programmer would create such malware. Some programmers create malware for reasons as simple as pranks and experiments or more serious and organized Internet crime malware. There are many different types of malware that will be explained later but one must know that each type of malware attacks a computer in a different way and causes different levels of damage. (What is Malware, 2014) Creating malware is a very vicious thing to do. It attacks an individual’s computer without the knowledge of the user and before they know it, personal information is stolen and the computer is damaged. What would make someone want to create such a thing? In the earlier stages of software development, programmers wrote malware mainly for pranks that were played on fellow co-workers, or to simply “show off” one’s technical skills. (What is Malware, 2014) Now a days, programmers have figured out that they can make a pretty decent amount of money by successfully exploiting malware to their advantage. Programming malware has now become a way to defraud individuals and organizations of all sizes for financial gains. These, so called, criminals have gone to the extent of stealing individuals personal banking information to transfer money from the user’s bank accounts into their own accounts. They are also able to attack corporations with distributed denial of service attacks and ask for money in exchange for an end to the attack. Malware has transformed through out the years into harmful and destructive software. (What is Malware, 2014)
History of malware Malware had its start in the 1980s where most viruses were found in universities. Computers and systems were infected through floppy disks at this point. The most notable malware “included Brain (1986), Lehigh, Stoned, and Jerusalem (1987), the Morris worm (1988), and Michelangelo- the first headline grabber- in 1991” (Landesman, 2014). As the mid-90s rolled around, malware was infecting business networks more frequently. Towards the end of the 90s malware was making its way into home computers and emails. Once attackers found successful ways to target home users, they were able to write malware that would go after their personal information. It wasn’t until the early 2000s that worms (a type of malware) were making news headlines for attacking Internet services and emails. Some of the most famous worms included, “Loveletter- the first high-profile profit-motivate malware (May 2000), the Anna Kournikova email warm (Feb 2001), the March 2001 Magistr (which, like CIH before it, also impacted hardware), the Sircam email work in July 2001 which harvested files from the My Documents folder, the CodeRed Internet worm in August 2001, the Nimda-a Web, email and network worm in September 2001” (Landesman, 2014). Throughout the 2000s, malware became strictly a profit-motivated tool. Internet users experienced an immense amount of out-of-control popups and other Javascript bombs. The Internet soon became a ticking time bomb for pop ups and unwanted ads. Phishing and other credit card scams started to take off during the 2000s as well. The advancement in malware during the 2000s seemed to be too speedy for protection software to keep up. As technology began to standardize, many types of malware were able to find sturdy ground to advance on. The viruses that were written to attack Microsoft Office products were able to gain greater distribution through email. With the increase use of broadband Internet, Internet worms became more viable. The easiness to distribute these worms accelerated with the increase in use of the Web. Since 2007 until now the number of unique and creative malware has continued to grow exponentially. Programmers have become so creative with the creation of malware. There is simply no limit. Now that user’s have switched to mainly using handheld devices, there is no telling what forms of malware will be created.
Types of malware Malware comes in many forms. The most common types of malware are viruses, worms, spyware, Trojans, zombies, and rootkit. Each form of malware attacks a user’s computer in a different way. Some forms of malware are easy to manage and remove, others are more difficult and sometimes result in the destruction of a computer or stolen personal information. It is best for computer users to understand the difference between the types of malware in order to identify it quickly and address the problem within a timely manner. A virus is the most well known form of malware. Viruses are very similar to human viruses in the sense that they are able to self-replicate. The most interesting aspect of a virus is that its main purpose is not to cause damage, but to replicate itself onto another host so it is able to continue to spread throughout the computer. This is accomplished when a virus attaches itself to a piece of software and continues to reproduce once the software is run. Viruses mainly spread when software or files are shared between computers. Surprisingly, damage is not always the main side effect of a virus infection. (What is Malware, 2014) Worms are very similar to viruses in certain ways. What differentiates the two is the fact that worms are network-aware. When dealing with viruses they have difficulty transferring from computer to computer, worms do not. Worms are able to do this because they constantly seek for new hosts on the network and infect them. Unlike viruses, worms are able to infect computers globally within seconds. For this reason alone, controlling or even stopping worms is very difficult (What is Malware, 2014). Spyware is a type of software that “spies” on you. It tracks a user’s activity on the Internet in order to gather information and send advertisements based on the information received. This form of malware does not have any form of infection mechanism. Once the spyware is successfully installed on the user’s computer it is able to collect passwords, usernames, credit card numbers etc. (Gard, 2014). Trojans are considered the most dangerous form of malware. Their main purpose is to discover the user’s financial information or to take over the computer’s system resources. Trojans come disguised in many forms. Some of the most common disguises are in videos, games, pictures, and even known software packages. In each specific case the disguise is created to tempt to user to run it on their computer (Gard, 2014). A zombie functions similarly to spyware. The way that these two types of malwares infect a computer is the same, however the ways they are used are different. A zombie’s purpose is not to collect personal information from computers. Its main purpose is to stay dormant in a computer until the hacker acts on it to do something, turning them into zombie machines. Once this is accomplished the attacker is able to issue commands so all computers infected instantaneously sends network requests to a target host, overwhelming the host with traffic. (What is Malware, 2014) Lastly, a rootkit is considered one of the hardest forms of malware to detect and remove. It is designed in order to allow other forms of malware to get personal information from the user’s computer without them knowing. Experts say the only way to completely remove it from the user’s computer is to completely wipe the hard drive and reinstall everything from scratch. (Gard, 2014)
How to prevent it The effects of malware can range from simply being an annoyance to computer crashes and even identity theft. The act of removing malware is much more difficult than avoiding it. There is no expert training required to avoid malware. One must be careful and make sure that the documents or files being downloaded from the Internet are from trustworthy sites. The Internet is a very tempting place and it is sometimes hard to avoid certain promotions or ads. But when you click on ads from unknown websites, most likely you are downloading malware onto your computer. If you are unsure a website is legitimate or not the best thing to do is to leave the site and research the software the website is asking you to install. This allows you to look further into the software that is being “recommended” for installment from a website. If there is actual information about the software and what the software is used for then you are always able to revisit the initial site and install it. If it turns out that it was not legitimate software you successfully avoided a potentially harmful malware. When dealing with e-mails that may be spam, approach them with caution. When an email contains links or attachments make sure that the sender is a trusted person or company. If the sender is unknown avoid even opening the e-mail and delete it right away. (Phelps, 2010) Pop-up windows and illegal file-sharing services also come with the risk of harmful malware. Certain pop-up windows will try to corner you into downloading software or running a free “system scan”. Most of the time these types of pop-ups will include messages that inform you there are viruses on your computer currently. The user must close the pop-up without clicking anything inside the window. When downloading files illegally there is very little quality control on these sites. For this reason, it is easy for attackers to disguise a piece of malware as an album or movie to tempt you to download it. (Phelps, 2010) The first step in preventing malware is to be aware of the different forms it comes in. Know that attackers understand what works on user and what doesn’t. They know how to target a user and fool them into downloading something that is infected with malware. Fortunately, there are other ways to prevent viruses and malware then simply being aware. Installing and running anti-virus software is one of the most effective things you can do to prevent infection and attacks against your computer. There are software programs that directly target malware, spyware, and adware that strengthen your security software. Firewalls, boot the effectiveness of a computer’s anti-virus software. By continuously filtering what goes in and out of the user’s computer, it acts as an additional safeguard against outside threats. (Hooper, 2014)

Attacks on mobile devices Malware is now taking on a new form and attacking smartphones. Smartphones are mini computers that are handheld and just as easily infected by malware. Although the new platform of smartphones presents different challenges for hackers, malware writers are meeting these challenges head on. The mobile malware sector is in fact, growing at a more rapid pace technologically as well as structurally.
Mobile hackers are no longer lone hackers but part of a serious business operation. According to securelist.com, “There are various types of actors involved in the mobile malware industry: virus writers, testers, interface designers of both the malicious apps and the web pages they are distributed from, owners of the partner programs that spread the malware, and mobile botnet owners”
(Chebvshev&Unuchek, 2014). With the advancement in technology comes the advancement of malware. As stated before, there are many more participants in the creation and execution of malware now that devices have become more complex. Mobile malware is capable of doing everything computer malware does along with many other things. Mobile malware installs itself on an individual’s mobile device and from there is able to hack into e-mails, send out spam e-mail to all your current contacts, gain access to personal photos and videos, delete files and dates stored on the device, and ultimately initiate system-wide crashes. (Drew, 2014) Android remains a leading target for malicious mobile malware attacks. In 2013, 98.05% of all malware detected was targeted towards android. Thus proving the vulnerability of its structure as well as the popularity of the mobile OS. One of the most effective malware that attacks android was detected in mid-July 2013, Trojan-SMS.AndroidOS.Svpeng.a. It is explained as being “focused on stealing money from the victim’s bank account rather than from his mobile phone. It cannot act independently and operates strictly in accordance with commands received from the C&C server. This malicious program spreads via SMS span and from compromised legitimate sites that redirect mobile users to a malicious source” (Chebvshev&Unuchek, 2014). Once Svpeng is installed it is capable of collecting information about the smartphone, such as country, service provider, and operating system language, and then sends the information gathered to the host via the HTTP POST request. This is done in order to figure out the secure number of banks the individual uses. Currently, this type of attack is only taking place on clients with Russian banks. This does not mean it won’t soon transfer globally. In Russia, banks offer a servicer where the individual can transfer money from their bankcard to their mobile phone account. The customer is required to send text messages from their phone to a specific bank number in order for the transfer to occur. Sveng then sends out the corresponding messages to the SMS services of tow banks in order to infect the phone and find out the account balance. (Chebvshev&Unuchek, 2014) On top of all of this, android users globally encounter other forms of malware such as phishing, likejacking, and forcible redirect more than any other cellphone user. This, of course, is one of the biggest problems when dealing with an open source system. Tony Danova explains, “Clearly, allowing any number of third-party developers t infiltrate the system may ultimately lead to some malicious software floating around. Of course, sticking to Google Play and official app markets is likely the safest route” (Danova, 2014).
The iPhone does not experience this form of attack because Apple has a very closed business model. With Apple’s locked-down software, they only experienced 14% of all forms of malware attacks compared to Android’s 71%. However, experts predict that with the constant growth of iPhone users, attackers will develop malware for Apple devices. Apple limits its users to strictly use Apple-approved aps; because of this they have been able to stay clear of the mobile malware attacks. Unfortunately, this may not last for long. Recently U.S. courts rules that jail breaking the iPhone is now legal. This will give hackers the opportunity to create effective malware that will attack iPhones.
(Chebvshev&Unuchek, 2014) (Drew, 2014) Point of sale devices are being targeting by a recently identified piece of malware that has, in fact, already taken control of thousands of payment cards. The majority of these attacks are occurring in the United States. Adam Greenberg explains, “On May 23, Arbor Networks researchers discovered Soraya, a piece of malware that combines memory scraping techniques found in Dexter, a POS malware, with form grabbing abilities seen in Zeus, a Trojan that impacts PCs running windows” (Greenberg, 2014). The fact that this malware uses multiple techniques in the malware is very uncommon, according to Matt Bing and Dave Loftus who are security research analysts with Arbor Networks. As stated before, this malware has most likely already compromised thousands of payment cards. Bing and Loftus were able to gain access to payment card data from a command-and-control server and were able to determine that more than 65 percent of the cards were issued in the United States. Greenberg goes on stating that, “more than 21 percent of cards were issued in Costa Rica and more than 11 percent of cards were issued in Canada, according to the post, which adds that nearly 64 percent of compromised cards were debit cards and nearly 35 percent were credit cards” (Greenberg, 2014). This clearly presenting a large threat for credit and debit cardholders. The fact that a malware of this type is able to compromise such a large amount of cardholders is frightening. The creator of Soraya still remains unknown. There is no evidence to connect any one programmer to the creation of it. Fortunately, researchers have been able to gain a general idea of where some of the infection exists. They were able to send the cards that were compromised to the major card providers and from that they will receive information regarding the common point of purchases associated with the cards. (Greenberg, 2014)
Conclusion
Malware attacks on users of mobile banking accounts will continue to grow. Programmers are developing more complex and destructive software that are gaining ground. Mobile devices that lack a secure operating system will continue to be targeted by malwares of all types. It is not a predictable topic. There is no exact way to tell what device will be targeted next or what the programmers will target.
A distinct industry has developed and is now more focused on extracting profit. User’s personal information and bank information is what programmers are after. They are creating software that is difficult to track and spreads quickly, allowing them to remain under the radar. Malware programming will continue to grow as technology advances and users become more reliable on their hand held devices. User’s need to be made aware of the risks that come with using mobile devices or even online sites to make transactions. Using personal banking information through mobile devices and online websites is a risk within itself.
Before downloading any software or apps you must be sure that the site you are on can be trusted. Users must be aware of the ways malware tricks the user. Make sure that you are always on a trusted site before downloading anything. Make sure that the software being recommended to download is legitimate. If you receive e-mails from known or unknown senders and the message contains links or files attachments, do not click or download for they are most likely spam and may possibly contain a form of malware. The best advice is to be aware. Mobile device users and Internet users must become educated of the threats in order to avoid and prevent possible damage to their devices and personal information.

Bibliography

Chebyshev, V., & Unuchek, R. (n.d.). Mobile Malware Evolution: 2013. securelist.com.
Retrieved June 28, 2014, from https://www.securelist.com/en/analysis/204792326/Mobile_Malware_Evolution_2013

Danova, T. (2014, January 22). Nearly 100% Of Mobile Malware Attacks In 2013
Targeted Android Devices. Business Insider. Retrieved June 28, 2014, from http://www.businessinsider.com/nearly-all-mobile-malware-in-2013-targeted-android-devices-2014-1

Drew, J. (n.d.). Mobile Phones are Under Malware Attack –
TopTenREVIEWS. TopTenREVIEWS. Retrieved June 28, 2014, from http://anti-virus-software-review.toptenreviews.com/mobile-phones-are-under-malware-attack.html

Gard. (2014, June 28). A List of Malware Types and Their Definitions | FBI Ransom,
Virus. The Truth About Malware. Retrieved June 28, 2014, from http://www.malwaretruth.com/the-list-of-malware-types/

Greenberg, A. (2014, June 3). Soraya malware targets payment card data on POS devices and home computers. SC Magazine. Retrieved June 28, 2014, from http://www.scmagazine.com/soraya-malware-targets-payment-card-data-on-pos-devices-and-home-computers/article/349880/

Hooper, C. R. (n.d.). Ten Ways to Prevent Viruses and Malware –
TopTenREVIEWS. TopTenREVIEWS. Retrieved June 28, 2014, from http://anti-virus-software-review.toptenreviews.com/ten-ways-to-prevent-viruses-and-malware.html

Landesman, M. (n.d.). A Brief History of Malware; The First 25 Years.About.com
Antivirus Software. Retrieved June 28, 2014, from http://antivirus.about.com/od/whatisavirus/a/A-Brief-History-Of-Malware-The-First-25-Years.htm

Phelps, J. (2010, November 16). How to Avoid Malware. PCWorld. Retrieved June 28,
2014, from http://www.pcworld.com/article/210891/malware.html

What is Malware?. (n.d.). What Is Malware?. Retrieved June 28, 2014, from
http://www.websitedefender.com/what-is-malware/