Tag Archives: types of malware

CyberSecurity: A contractor planned logic bombs to keep his services going.

Very interesting story about a contractor who planned logic bombs in company spreadsheet so that company keeps calling the same contractor every time spreadsheet crashed.

Logic Bomb: Logic bombs, unlike viruses & Trojans are a type of malware that deliberately installed, generally by an authorized user. A logic bomb is a piece of code that sits dormant for a period of time until some event or date invokes it’s malicious payload. For example, Logic bomb could be a simple program which checks your payroll regularly, tracking different things regularly. Read in for more about malware

Abstract

LOGIC BOMBS WENT UNDETECTED FOR TWO YEARS

According to court documents, Tinley provided software services for Siemens’ Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders.

The spreadsheets included custom scripts that would update the content of the file based on current orders stored in other, remote documents, allowing the company to automate inventory and order management.

According to a report from Law360, the scheme fell apart when Tinley(Contractor) was out of town, and had to hand over an administrative password for the spreadsheets to Siemens’ IT staff, so they could fix the buggy scripts and fill in an urgent order.

Siemens IT employees found the logic bomb, and it all went downhill from there. Tinley was charged this May, and pled guilty last week, on July 19. The contractor’s sentencing hearing is scheduled for November 8.

CyberSecurity: What is the Malware and Types of malware?

Malware refers to software that has been designed for some nefarious purpose. Such piece of software is design to target & invade in the target system or devices. The purpose of these malicious software could be anything: from deleting files, steal private information, spying & access un-authorized systems.

There are multiple types of malicious softwares & all of them fall in the malware category such as Viruses, Trojan horses, Logic Bombs, spyware & worms.

Polymorphic Malware: The detection of malware is anti-malware programs is primarily done through the user of a signature. Files are scanned for sections of code in the executable the act as markers, unique patterns of code that enable detection. Just a human body creates antigens that match marker proteins, anti-malware programs detect malware through unique markers present in the code of the malware. Polymorphic malware is the software which changes signature on regular basis to avoid detection.

Viruses: The best-known type of malicious code is the virus. A virus is a piece of malicious code that replicates by attaching itself to another piece of executable code. When the other executable code is run, the virus also executes and has the ability to infect other files.

Armored Virus: When a new form of malware/virus is discovered, antivirus/researchers will try to find out functioning of malware. Armoring malware can make the process of determining internal working of malware more difficult, if not impossible.

Crypto Malware: Crypto-malware is a malware that encrypts files on a system and then leaves them or unusable either permanently, acting as denial of service or temporarily until a ransom is paid.

Crypto-malware is typically completely automated. Ransomware malware are crypto-malware. Ransomware is encrypt files of the users & keep as deadline to pay ransom. Most of the ransomware uses RSA Public key encryption & it is not easy to decrypt user data.

Keylogger: As the same suggests, a keylogger is a piece of software that logs all of the keystrokes that a user enters. Keyloggers in their won respect are not necessarily evil, for you could consider MS Word to be a key logger. What makes a key logger a malicious piece of software is when its operations is unknown to the user, not under the user’s control.

Keylogger malware are used to target specific user to get critical information such as password, network id’s & banking information etc.

Adware: The business needs revenue steam to support development & marketing and advertising is one form of revenue stream. Software that is supported by advertising is called adware. In general, User/Business agrees to show legitimate ads but some ads could be shown by the adware.

If you keep getting unwanted pop-up windows in your computer without even visiting some sites or application, You can be sure that your computer is infected by the adware.

Spyware: As name suggests, Spyware is a software that spies on users, recording & tracking user activities without user knowledge. Most of the apps are not less spyware than actual spyware. Like Google, Facebook etc. They do track every one of us.

Worm: Worms are piece of code that attempt to penetrate networks and computer systems. Once a penetration occurs, the worm will create a new copy of itself on the penetrated system. Virus needs another file or code. Worms are self replicable malware & network based. Some of the examples of Worms malware: SQL Slammer of 2003, Zotob worm 2005 took down CNN LIVE

Logic Bomb: Logic bombs, unlike viruses & Trojans are a type of malware that deliberately installed, generally by an authorized user. A logic bomb is a piece of code that sits dormant for a period of time until some event or date invokes it’s malicious payload. For example, Logic bomb could be a simple program which checks your payroll regularly, tracking different things regularly.

Trojan: A Trojan horse, or simply Trojan, is a piece of software that appears to do one thing but hides real functionality of it. The perfect example is Troy Movie last scene.

Trojan malware works pretty same as it is seen in the movie. Trojan horse is outside the wall and does not harm until it is within the walls. First, Trojan malware must be brought inside the system, networks. Generally, Trojans are stand-alone program that must be copied & executed by the user.

RootKit: Rootkits are a form of malware that is specifically designed to modify the operation of the operating system in some fashion to facilitate nonstandard functionality. A rootkit can do many things- in fact, it can do virtually anything that the OS does.