With the Rise of Coding, Comes the Rise of Malware
I’m sure you might have read recent articles about how coding is going to be the ultimate skill in the coming years. Seems like this might as well be true, so it’s being pushed with the various online schools being developed (the list is getting exhaustive). With this huge rise of training comes a huge rise of smarter hackers and malware writers.
What is it about malware that seems so attractive? Money, fun, damage, etc.? We can get a glimpse of reality when we see the statistics on antivirus vendor websites, some say a million new samples are added weekly. Many of these issues arise out of the violence of society or the outward shame that is inflicted upon other people through the art of cyberbullying, hacking, and other threatening tasks.
What’s more is that when we study these aspects, we get a sense that most malware is targeting our wallets, stealing our identities. We need better protection. This is a call to someone who can make better, user friendly operating systems. If you know how to code or are training, please make sure to use it for good. You could in fact become a lot more rich making top security software than becoming a hacker – stealing and risking it all.
What’s better for you? Helping or hurting? Good wallet or prison time? Make your choice. Better humanity through an act of good will. Get out there and code for the good! Make a difference! BE THE DIFFERENCE!
Don’t be afraid to try new things. Set impossible goals. Shoot yourself into the future of technology and skyscrape the world over with your amazing new security software.
Something’s gotta give! And if something doesn’t happen soon, our threatening internet culture could begin to control us and steal our money. We’ll have a very unfair world by then. What if we impose CISPA? That’ll make a lot of people happy but also a lot of people mad.
What more can be helped for our cybersecurity problem? Feel free to comment and leave your suggestions.
Welcome back Ramnit – Anti-detection rootkit back in action
Ramnit is the name of a rootkit family, which is composed of a sophisticated virus-mutated rootkit, which tends to infect files with polymorphic code and then locks them to disk (some versions lock to disk).
What’s more? Now, it has a troubleshooting module, increased anti-detection capability, enhanced encryption & malicious payloads, and better-written polymorphic code.
“Ramnit is a frequently updated threat which gets updated by its developer every day,” said Tim Liu of the Microsoft Malware Protection Center in a blogpost on Thursday.
Ramnit originated in 2010, and focused on stealing personal credentials, and banking mining (laundering money).
“It looks like the troubleshooting module has become a common feature in recently developed botnets. The malware authors are analyzing the error reports and making the botnet component more stable,” Liu said.
A new payload module, Liu said, is called Antivirus Trusted Module v1.0; Ramnit kills all antivirus processes through this module, though only AVG AntiVirus 2013 has been moved into the module to date, Liu said.
Running Virtual Analysis on Malware is Failing These Days
As organizations take part in the virtualization of malware testing, it is beginning to fail.The biggest issues in testing malware on virtual machines and other environments, is that viruses and other malware are equipped with a component that recognizes the presence of a virtual environment. They are coded to see what environment they are running in, to help mitigate being tested by analysts and researchers.
There are also ways for businesses to run virtual environments to test how a threat entered their networks, what vulnerabilities exist, etc.
Hackers and malicious code writers have many ways of evading antivirus products:
- Encrypting the malware files (polymorphism) – example: the file download link stays the same on the website, but the server sends newly encrypted files each download instance.
- Testing tons of files’ malware detection using a load of antivirus engines to find out which are undetected least or not at all.
- Packing and encrypting the malware files so they have to be unpacked by the antivirus software before it can be checked.
And many more…
Anyway, what is the learning experience here? Well for one, it is a good idea to have proper protection for your entire server network in the business (see bottom of this post). Also, if a virtual environment will not successfully test the malware, you probably should test it on a live test box (a computer specified for testing that is not connected to the business network).