Identifying and Detecting Malware Threat

Identifying and Detecting Malware Threat

It seems that malware has many more types that you need to decipher before you even get to know which one has attacked your system. For example, Ransomeware is one such malware that locks out your system denying you access unless you cough up significant amount to unlock your system. It is as easy as clicking a link on your social media website or your account wall. Hackers are smart enough to design malware that travels by clicking a link posted on your wall. As soon as it enters your computer, you will be bombarded with adware and popup ads that appear even when you have not launched any browser. All this is annoying indeed.

There are other sneaky types of malware that are waiting to enter your system and wreak havoc. If you are not able to identify this only then will you be able to confront it. Let us learn more about it.

Operating System Subversion

We are aware that Windows Explorer is where all our files, documents, pictures and other essentials are organized in a hierarchy. The OS is involved in fetching file information required. The gateway is open for any program to penetrate the system and directly contact the file system. This can lead to attacks on the hardware and OS. Rootkit is such a technology that allows a malware to be erased from the system. This results in undetected infection to the OS. Rootkit deletes its evidence from the system while allowing file exchange between Windows. Antivirus that works on seeking requests from Windows about the file system will not be able to detect this malware. Even Registry settings are hidden by some form of this malware.

No-file Malware

The initial activity undertaken by any antivirus is to check the system by performing a full scan. This also includes scanning each file on the system before execution. However, all these efforts of scanning the system can be easily thwarted if there are no file copies. Slammer worm is one such malware that leaves no evidence of file on the disk. This was 10 years ago, recently the most popular antivirus Kaspersky has come out with detecting yet another form of malware. The Java infection is a no-file malware that was propagated via Russian news website. As soon as a visitor clicks the links to this website the malware would enter their system. It is said to be propagating using banner ads, the creators of this malware injected the code into the Java itself. It is said to be potent enough to take control of the server by turning off the User Account Control. This can be controlled by installing the Lurk Trojan.

By restarting the system, the malware can be detected and purged. However if you are not aware of its existence then you might never end up taking this essential step.

Return Oriented Programming

Return Oriented Programming or ROP is yet another vulnerable spot for providing gateway to malware entry. Using ROP is dangerous as it will not install executable codes. It seeps into the blocks of codes and reconstructs the instruction of return or RET. As soon as the CPU gains access to instruction, the ROP malware launches the code from another source of program. This is what makes it invisible and almost impossible to detect.

Frankenstein’s Malware

As the name suggests, it is a malware that is designed by patches of various chunks of codes put together. This creates a new binary that results in a new malware similar to Frankenstein’s monster. This malware is dangerous as it can replicate the technique used in ROP ending in RET instructions.

Detecting Malware Threat

All of the above listed sneaky malware can be detected. You can choose an antivirus program that is designed to detect and remove Rootkits. Other techniques involve taking note of all the files on your system lying on the disk. Then run a query directed to the file system to bring out any discrepancies. Another simple solution for an average user can be to choose an antivirus that does not boots in Window OS. This way any sneaky malware will not be able to get past undetected.

You can choose to go with Norton File Insight by Symantec that is quick to point out any discrepancies in the system. As far as ROP attacks are concerned you need not worry about it as it targets specific areas and it is not widespread.