Published on 18/03/2015 in Tech, tips & tricks
The first step of advanced malware is to target a victim (an individual or organization) and send some malicious or phishing mail or infect (so-called waterholing) websites. This is known to most of us. But what happens next is scarier.
The next step is to nest itself deeply in the software on the computer. The malware checks it is not running in a ‘sandboxed’ environment. The first thing it has to do is get administrator rights by using a vulnerability in the OS. Then the malware can hide itself on the disk, in the registry, in applications, in documents or even in the bios or in firmware. The malware will also ensure it can restart every time the computer is restarted. The malware will also ensure it cannot be erased by nesting itself deep in the OS. You will need to perform a hard reinitialization and reformatting of the hard disk to completely wipe out the virus. In order to be 100% sure malware doesn’t come up again, you may be forced to destroy your existing hardware. Another trick to avoid easy erasure is to spread itself to other computers, where the process starts all over again. Also, advanced forms of encryption of related network traffic are used in order to stay under the radar. Finally, if the attacker, from its command and control center, suspects that the malware is going to be detected, it may command the malware to go to sleep or even completely erase itself and all traces of itself.
The final stage is the evil-doing stage. This may be the exportation of the targeted sensitive data. This involves getting in touch with the command center, where the evil-doer will give a ‘go’ to do what the malware was originally intended for, most of the time this is about the exfilitration of sensitive or financial information, but it could also involve other harmful actions such as wiping the disk, executing a denial of service attack on a given target, destroying whatever is connected to the computer, etc. The malware may be sitting there for months before it is triggered by the command center.
Is there a solution to this? Advanced malware is disguising itself very well, so it becomes impossible to rely only on end-user vigilance or standard security solutions. The only way to defend your computer is to make sure your security solutions track all emerging threats and by complementing your existing prevention technologies with advanced detection and incident response. As this requires advanced security skills, your best bet may to rely on managed security services from organizations that deliver continuous security on a real-time, 24/7 basis.