Why no news is bad news – at least when it comes to malware
Once upon a time, malware authors wrote code to infect thousands of machines for entertainment and intellectual stimulation. Today, it's all about the money, and the greatest threat may lie in the silence, making a far more dangerous landscape.
Let's look back at the brief history of malware. It is 1986, and the first computer virus has just been released. The "brain virus"– a benevolent-acting boot sector virus that immediately declares its presence on an infected machine. Ten years later, researchers at Columbia University predict that crypto-enabled ransomware may strike – the Archiveus Trojan fulfills the prophecy. It encrypts files on infected machines and offers the decryption key for sale. Yet a few years later, keyloggers become part of the everyday threat on the Internet. What has changed? They do not announce their presence. They hide. They spy. This is an important change in functionality, in particular when we talk about security attitudes of typical Internet users. To many, if the malware does not announce its presence, it simply is not there.
With practically no worries, people will install "fun applications" – games, screensavers, and other cute things that will put their machines in harm's way. Many people do not realize that a game may moonlight as a keylogger, a method of capturing and recording userkeystrokes. People will click "yes" if they are asked to install something time after time after time, and the question just won't go away as long as they click "no". Offer people convenience over security, and security will lose. The average Internet user is more lazy than security aware.
Average Internet users will play full-screen movies sent by friends, even if it means running self-signed executables (these are programs that have been certified to be good – but not by a trusted entity, but by the person who wrote the program.) They will buy and install pirated software, which of course can have been gently augmented to include malware. Ironically, a large portion of pirated anti-virus software may not help the user too much. And of course, it does not matter whether the original version was made by a respectable anti-virus vendor or not. People will put up their own websites, but not quite know how to manage their security. Many of these sites (unwittingly to their owners) become hosts for malware.
People do not know that their machines have been infected these days because it is not in the best interests of the malware authors that they do.
The silence is deadly. And because money is the main motivator, the term crimeware is increasingly being used instead of malware.
Build your tech library with our book giveaways.
Windows PowerShell 2.0 Unleashed
By Tyson Kopczynski, Pete Handley, Marco Shaw; Published by Sams
Windows PowerShell Unleashed will not only give you deep mastery over PowerShell but also a greater understanding of the features being introduced in PowerShell 2.0–and show you how to use it to solve your challenges in your production environment. Enter now!
Ubuntu Server Administration
By Michael Jang; Published by McGraw-Hill Osborne Media
Realize a dynamic, stable, and secure Ubuntu Server environment with expert guidance, tips, and techniques from a Linux professional. Ubuntu Server Administration covers every facet of system management -- from users and file systems to performance tuning and troubleshooting. Enter now!
Nice. Way to give us a bland
Nice.Way to give us a bland recount of history before your grand finale, a journey into the overstated and obvious. Thank you for pointing out that we are all slovenly and inept as well.
Do us all a service and tell us HOW TO DETECT and MITIGATE.
That would be worthy of inspection. This article, sadly, was not.
Markus, I think that pretty
Markus, I think that pretty much sums up the nightmares of the internet. Unfortunately even network administrators or local administrators will be just as lazy when it comes to security.