History of Malware

by News Editor on November 5th, 2013 in Researcher Comments.

This month, our friends from TopTenReviews are sharing with us their findings on the histroy of malware and how it has evolved over the years.

Malware is the collective term for viruses, Trojan horses and other malicious software that can infect your computer. Over the years, these harmful items have evolved and can affect smartphones and tablets as well. It is worth exploring the history of malware to see how it has changed over time.


What a year 2012 has been… Cyber thieves are constantly adapting their techniques to get hold of your private information. This year has been no different. We wanted to get a perspective of how the year has been in terms of online security, in the eyes of our Malware Lab team. To help you get a better perspective, we interviewed Malware Labs’ director, Andrew Browne to find out his take on malware in 2012 and his team was really thoughtful to compile a detailed report of the top malware trends of the year.


I found a couple of slides from a company internal training session and thought I would share them. It's just to give an example of the kind of work the Lavasoft research team at Malware Labs does.

It describes the binary analysis of a Win32.TrojanDropper.KGen sample, the malware multi-component structure and the payload it implements.


The” average Joe” probably sees the word "virus" as a generic term for all current threats out there in the wild. The reality is much different. There are a lot of categories which must be mentioned in this context.  The word "virus" should not be used as a catchall term for malicious infections. A virus is actually a malicious file which has the ability to infect/add malicious code to other files; we currently see a downward trend of this type of infections.


 

Strasbourg is not only the capital principal city and the capital of the Alsace region in France - it’s also the seat of the European Parliament. Yesterday, March 26, it was the place where the privacy of Internet users and the fundamental freedoms on the Internet was subjected to voting.


If you follow online security news, there’s little chance that you haven’t heard about Conficker – a new worm that has received extensive media coverage in the past weeks, due in part to Microsoft’s offer of a $250,000 bounty in return for information leading to the arrest of the malware’s perpetrators.


Lavasoft Malware Labs recently had a closer look on an IP range full of hoax sites. Reverse IP on 78.129.142.235 will reveal around 200 fraudulent domains which are hosted in United Arab Emirates.  Most of the sites hosted under 78.129.142.235 will use and take advantage of already existing products from the security industry and other popular software. The examples below display their way to make illegal domains look reliable.

hxxp://7zip-2009.info
hxxp://Directx-full.info
hxxp://Icq-full.info
hxxp://Messengerplus-2009.info
hxxp://Safari-full.info
hxxp://Winrar-2009.com
hxxp://Www-kaspersky.info


Some new rogue anti-virus programs to be aware of...First out is XPVirusProtection with a standard looking website.

Homepage


Antispyware3000 is a typical rogue. It shows a lot of false positives for files that do not even exist on the drive.  However, for some reason, their full scan does not show these hits.


XP Police Antivirus is a new rogue anti-spyware application. It will give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove threats which don't exist.

XPPoliceAntivirus


Win32.Worm.Waledac spreads itself using Valentine's Day "advertising" as the distribution method. It can be found on a website full of hearts with the text Guess, which one is for you? as picture 1 shows.

Picture 1


With the new version of Ad-Aware, comes a new classification: Potentially Unwanted Program, or "PUP". Why classify something as a "potentially unwanted application"?