ITC595 Research Project: Malware Trends and Future Predictions

Verified

Added on 2021/06/15

AI Summary

This research project, conducted for ITC595, provides a comprehensive overview of malware, encompassing its historical development, current threats, and future predictions. The project delves into various types of malware, including ransomware, adware, botnets, and spyware, tracing their evolution from early forms to modern sophisticated attacks. It highlights significant incidents like the WannaCry ransomware and Mirai botnet, along with emerging threats like malvertising and financial malware. The research also examines the challenges in combating malware, such as the need for updated antivirus measures and the vulnerabilities in trusted software sources. Furthermore, the project explores the impact of malware on smart devices, the use of rootkits, and the rise of spyware. The project concludes by discussing the importance of staying informed about the ever-evolving landscape of malware to ensure robust cybersecurity measures. This project underscores the dynamic nature of malware and the ongoing need for vigilance and proactive security strategies.

ITC595 Research Project (Malware: Past, Present &
Future)
Name of Student
Name of University
ABSTRACT – Malware is basically a kind of malicious software
which damages, disrupts, gains access of a computer and steals
important data from the victimized computer. There are various
types of malwares like ransomware, adware, botnets, spyware and
so on. The history of malware dates back in 1949. Since then
malwares have modified in to various forms like ransomware and
adware. The first android malware was found in the year 2010 as a
fake windows media player which was a malicious fake link and it
affected several android devices. The recent malware that hit
almost 300000 computers worldwide was “wanna cry” ransomware
which spread in the year 2017. Apart from this IOT botnet is a huge
threat in today’s world (Arp et al., 2014). Many attacks were done
using the botnet named “Mirai”. The malwares distributed through
malvertising is also a new trend of spreading of malware, some
keyloggers, spywares also spread the malvertising (Sanz et al.,
2013). Financial malware, point of scale malware is slowly
spreading. Android malware started from a “Trojan” that used to
send SMS to best services, apart from the worry and authorization
by the user to complicated code that can possibly infect
authenticated applications, encrypt data using symmetric-key
encryption (AES), circulate via the official Android play store. The
challenges of malware are to stop it from spreading through various
trusted sources of downloading software and upgrading the
antivirus according to the latest malware vulnerabilities. The topic
has been chosen for research because it is one of the most buzzing
topic in the world of cyber-security and ethical hacking. The
research has huge scope to understand the trend of malware in
future.
Keywords— Malware, Malware history, futuristic malware,
current malware scenario
INTRODUCTION
The development of the digital trends and techniques have
changed the world and has offered significant benefit to the
users. The mass surge in the adoption of the digital industry is
citing as an evident for the benefits it has offered. The most
prominent factor of the digital industry is the internet which
can be considered as the most revolutionary innovation of the
era. It has enabled the people to connect and communicate
with other users that are geographically away from them in an
instance. The internet has and even is acting as a platform for
different innovations. In the current scenario a major
population of the earth are associated themselves with the
internet and it has developed given birth to a major problem
for the digital industry. The discussed challenge is malware
that is abbreviation for malicious software.
A. Research Problem
The subject, malware stands for an extensive meaning that
contains ransomware, computer viruses, spyware, botnet and
several other tools or techniques that can interrupt in the
computing process within it. The threat offered by the subject
is prominent because the most crucial activities are conducted
through the computing services (that includes computer,
servers, smart devices and other necessary means) and it also
acts storage for the private and confidential data. The halt or
hijacking of the computing systems can be result in great
challenges for the individual, organisation, country or even the
whole world and hence, it is necessary to mitigate the deem
challenge as soon as possible.
B. Research Justification
The first step in devising a strategy to mitigate the discussed
challenge would be to earn a deep insight into the subject.
Keeping the former statement in mind the discussed paper will
attempt at gaining an insight into the past, present and future
of the subject. The paper will achieve its objective by
reviewing the literature works from the past and present and
will conclude the paper by summarizing all the findings.
LITERATURE REVIEW
According to Suarez-Tangil, Tapiador, Peris-Lopez &
Ribagorda, (2014), smart devices are equipped with features
such as powerful computing, sensing and capabilities of
networking that leads to malwares. The author describes that
smart devices has features of incorporating external or third
party applications that leads to security issues as the
applications may be malicious ha According to Rudd, Rozsa,
Günther & Boult, (2017), the professional, financial and social
aspects of an individual has given rise to digital world. This has
resulted in more targets for malware to attack. The malwares
are characterized as viruses, Trojan, rootkits, worms and other
malwares. These software are used to harm the main
computer, compromise the access controls, steal data and
bypass computer functions.
Advertisements and pop up ads are some common
examples of adware. Sometimes adware are provided with
free software. These bundled adware often act as a revenue-
generating tool and sometimes they come preloaded with
spywares (What Is Malware? (Malware Definition) - Lifewire,
2018). The spywares are used for stealing information and
tracking the activity of the user.
For perform specific functions automatically, software
programs known as bots are used. Bots are used in video
games, online contests and internet auctions but often they
are used for malicious purposes. They are used for DDos
attacks with the help of botnets and as spambots. Sometimes
they are used to capture server data with the help of wen
spiders (Malware Detection in Cloud Computing
Infrastructures, 2018). To prevent these bots, some websites
use the mechanism of CAPTCHA to determine if the user id
actually human.
Bugs are another type of Malware that has existed since the
90s. These are flaws in the compiler or source code that
renders undesired outcomes. These remain undetected and
can cause the system to freeze or crash. Some bugs are

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

security related and can steal data, override privileges and
compromise user authentication. These malwares can be
prevented with the help of code analysis tools, quality control
and developer education (What is Malware and How to
Protect Against It? | Kaspersky ..., 2018).
Another type of Malware, which has gained traction
recently, is ransomwares. These malwares hold the user’s
device captive until and unless a ransom has been submitted
to the attacker. The ransomware prevents the user from
accessing the computer by locking the system, encrypting the
entire device or showing a display message that can be only
prevented by paying the certain amount (Malware: Viruses,
Spyware, Adware & Other Malicious ..., 2018). The
ransomware typically gets access to the system by being
downloaded as like a worm through a downloaded file.
Another recent malware activity is the rootkit software.
This program passes undetected by security programs or the
user to remotely control or access the system. After installing
the rootkit, the attacker gains the power to control the
computer, install other malwares, alter software to prevent
other software from detecting the malware, modify system,
access information and access files remotely. Preventing
rootkit malwares from attacking is difficult due to their
stealthy operations. Typical antiviruses are ineffective as the
malware hides its presence (How to remove a Trojan, Virus,
Worm and Malware (Windows ..., 2018). The only way to
prevent the rootkit from getting access to the system is by
continuously upgrading the software and operating system
through regular patches and avoiding unnecessary downloads.
Other recently developed malwares that are used
increasingly is spywares which spies on the user’s activity
without their prior permission. The spying activities can range
from data harvesting, collecting keystrokes to monitoring the
user. Some spywares have the added functions of modifying
the browsers and software to interfere with networks.
The Trojan horse is a very well-known malware that is used
to install other malwares into the system by disguising itself as
a normal file (How to remove malware from your Windows PC
(PCWorld, 2018). It can give remote access to the computer
and allows it to anonymize the internet activity, use the device
as botnet, monitor the victim’s activity, install programs that
are more unscrupulous and steal financial data.
On May 12, a cyber-attack was launched against the
Windows Operating system known as the Wannacry
Ransomware. More than 10 countries were affected along
with large organizations as well as government bodies. The
ransomware encrypted the entire system of the victim and
demanded that the victim pays a certain amount in Bitcoins
within 3 days of the attack or else the cost will increase. If the
user refused to pay the mount, all the files on the computer
will be deleted. The ransomware used an exploit in Windows
operating system known as the EternalBlue exploit
(Ransomware claims more victims, 2016). Microsoft has since
patched the exploit. A hacker group known as the
ShadowBrokers used this to their advantage of infecting
millions of computers. The Eternal blue used an exploit in the
SMB protocol and used a process called pool grooming to
continuously attack the kernel memory. To use the IP address
of the user, a shell code was injected for directly
communicating through the SMB protocol. Moreover, Double
pulsar (an analysing tool) was used to check if the infected
computer was indeed running the ransomware. The
ransmware in the end affected several countries such as India,
Taiwan, Ukraine and Russia. It also managed to infiltrate the
NHS system present in England (Dunham, 2015). A fee of $300
was asked by the ransomware to be payed and the amount
will double in the next 3 days if it is unpaid. To prevent the
virus, Marcus Hutchins, a cybersecurity researcher discovered
the kill switch that was present in the script. The kill switch
domain was iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com.
He registered the domain name, which pointed to a Los
Angeles sinkhole to get data about the ransomware. The
attacks reduced the moment when he accessed the sinkhole.
The attack highlighted the urgent need to keep systems
updated and install regular patches that re provided by the
impending operating systems (Ismail, Marsono, Khammas &
Nor, 2015). Unnecessary protocols and services need to be
disabled or uninstalled. Moreover, it also highlights the need
for backing up data whenever possible to restore the data if
the system is compromised by a ransomware.
Mirai botnet was created through the source code,
which was initially used to attack the website of Krebbs.
Through Telnet, the botnet checks those users who are still
using the factory default passwords and usernames and
infects those poorly secure systems accordingly. The main
reason of the propagation of the malware was due to insecure
devices that are still used by users in this modern digital age
(Malware - CNET, 2018). The malware used two components
known as command and control centre or CnC and the virus
itself. The scanner process present in the virus checks out
potential devices that can be compromised and used more
than attack vectors to propagate itself. The CnC was used to
send data for continuing the attack on one or more
computers. The scanner process randomly tried to login into
the device using Telnet process using port 2323 or 23. A
simple command was present in the CnC, which allowed the
attacker to check the attack duration, the IP address of the
victim and put the attack vector. After discovering a new
device, the CnC executed a cop of the virus that was used to
create more Bots in the future.
Spreading malwares through advertises is known as
malvertising. It uses legit advertising websites to inject
unscrupulous codes into the ads. The ads are a prominent
vector for propagating the malware as it attracts various uses
to buy and sell products. Moreover, this type of malwares can
be spread easily without compromising the website (Elisan &
Hypponen, 2013). It is a relatively new concept and the best
part of the malware is that the malware does not exploit any
system vulnerabilities or require the action of the user.
In the future, relate the malware attacks will be only with
software exploits. Some examples of these malwares are
Bubbleboy, KAK and Code red (Free Cyber Security & Anti-
Malware Software | Malwarebytes, 2018). The malwares will
have the capability to infect the buffer overflows. Moreover,
the malwares will have the capability to propagate itself
through social engineering and attachment in the future. The
malwares can also use hybrid exploits such as destructive
Trojans, rootkits and RATs. Moreover, customization will be
exploited with the help of targeted attacks. Most of the users
nowadays use the two-factor authentication mechanism which
has its own flaws that can be used in the future by malwares.

The number of malware attack will rise in the future due to
new discovery of exploits such as ATM vulnerabilities and
exploits on Retail point of sale systems. The number of
malware attacks is going to increase in the near future as more
exploits are discovered.
PROPOSED DESIGN
The proposed paper will follow secondary data collection
method to collect the necessary data for the proposed
research work. The sampling of the data will be done through
critical analysis. Interpretivism will be the research philosophy
for the proposed paper. The research design will be meta-
analysis and the approach will be deductive in which the
author of the proposed paper will attempt at deducing the.
CONCLUSION
The subject of thee paper malware is one of the most
crucial subject that has gained the attention of many scholars
as well as the commoners because of the prominence of
threat it is posing. The journey of the subject is considered to
have started back in late 1940’s and does not seems to be
stopping in the near future. The reason for stating the above
made statement lays on the fact that the supporters of the
subject that is the cybercriminals and others are developing
themselves with the introduction of the disruptive
technologies. The paper has conclusively discussed the various
malwares that has been operating from the past and has
distinctly provided the future trends of the malware. Although
the recent number of malware attacks has dwindled over the
couple of years, researchers has estimated that these
estimates will likely triple in the near future with the
introduction of IoT devices and numerous new protocols that
will be launched in the coming years. In the present scenario,
many individuals are aware of malwares due to the recent
wannacry ransomware and IoT botnets. In the future, with the
introduction if MMORPG and IM services, the malwares will
find innovative methods to propagate themselves. Social
engineering will play a massive role in the future as well as
present trends of malware propagation. While the present and
the future trends remain uncertain and unexplored, it is quite
evident that in the long run, the number of malware attacks
will increase in spite of the innovations in anti-malware
applications.
REFERENCES
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.,
& Siemens, C. E. R. T. (2014, February). DREBIN:
Effective and Explainable Detection of Android
Malware in Your Pocket. In Ndss (Vol. 14, pp. 23-26).
Dunham, K. (2015). Android malware and analysis. Boca
Raton, FL: CRC Press.
Ehrenfeld, J. M. (2017). Wannacry, cybersecurity and health
information technology: A time to act. Journal of
medical systems, 41(7), 104.
Elisan, C., & Hypponen, M. (2013). Malware, rootkits &
botnets. New York: McGraw-Hill.
Free Cyber Security & Anti-Malware Software | Malwarebytes.
Retrieved from https://www.malwarebytes.com/
How to remove a Trojan, Virus, Worm and Malware
(Windows ... Retrieved from
https://malwaretips.com/blogs/malware-removal-
guide-for-windows/
How to remove malware from your Windows PC | PCWorld.
Retrieved from
https://www.pcworld.com/article/243818/security/h
ow-to-remove-malware-from-your-windows-pc.html
Ismail, I., Marsono, M., Khammas, B., & Nor, S. (2015).
Incorporating known malware signatures to classify
new malware variants in network
traffic. International Journal Of Network
Management, 25(6), 471-489. doi: 10.1002/nem.1913
Malware - CNET. Retrieved from
https://www.cnet.com/tags/malware/
Malware Detection in Cloud Computing Infrastructures.
(2018). International Journal Of Recent Trends In
Engineering And Research, 223-227. doi:
10.23883/ijrter.conf.20171201.044.wsqfb
Malware: Viruses, Spyware, Adware & Other Malicious ...
Retrieved from
https://www.umass.edu/it/security/malware-viruses-
spyware-adware-other-malicious-software
Ransomware claims more victims. (2016). Network
Security, 2016(12), 2. doi: 10.1016/s1353-
4858(16)30110-6
What is Malware and How to Protect Against It? | Kaspersky ...
Retrieved from https://usa.kaspersky.com/resource-
center/preemptive-safety/what-is-malware-and-how-
to-protect-against-it
What Is Malware? (Malware Definition) - Lifewire. Retrieved
from https://www.lifewire.com/what-is-malware-
2625933