Chances are good you’ve never seen malware up close and personal. Even if you threw caution to the winds and visited a dangerous site or clicked a treacherous link, your antivirus software probably wiped out any offending program before the latter could say boo. So, you might wonder, just what does malware look like? Would I even recognize a malware program if I saw it?To be fair, a lot of malicious programs don’t look like anything at all. A virus, for example, tries its best to hide from view while infecting other files and computers. A bot sits quietly on your computer until it gets orders from the command and control center to spew some spam or participate in a DDoS attack on a major website. Trojans, by contrast, appear to be useful, legitimate programs, putting up a pretty facade to hide background activities like stealing your personal data. And when ransomware hollers for your attention, it’s bad news.In the process of gathering and analyzing new samples for my hands-on malware protection tests, I've seen all of these variations. I start with literally thousands of malware-hosting URLs, download their nasty payloads, and put them through their paces. In the course of testing, I play the fool, launching unknown files, clicking through to let them install, and giving them any permissions they request. Below are some of the oddities I’ve encountered in my latest quest for the best test samples.One more thing: Some of the items pictured below don’t look like what you’d expect from malware. However, they’ve all been confirmed by the VirusTotal website. For each sample, I submitted the file’s unique fingerprint to the VirusTotal database. In return, it listed which of 70 different antivirus engines had identified that file as malware. All of the programs seen here got flagged by at least 40 of those antivirus engines.The Horror of RansomwareIf a ransomware attack hits your computer, you won’t know it at first. The ransomware stays out of sight, quietly encrypting your important files. Once the dirty work is done, the malware totally demands your attention with its ransom note. The perpetrators promise that if you pay the specified ransom (usually in Bitcoin or some other cryptocurrency) you’ll get your files back, but if they take your money and run, you don’t have any recourse. You really don’t want a direct encounter with ransomware. The ransomware called Maze wants to be very sure that you see its ransom note, so it takes over the entire desktop to get your attention. This one offers to decrypt a single file for free, to prove it’s possible, and to encourage you to pay up. Screen locker malware doesn’t encrypt your files. It just covers up the desktop and all programs, so you can’t use your computer. Often such attacks claim to be from some division of law enforcement, demanding that you pay a fine in untraceable currency. In some cases, you can call such ransomware’s bluff with simple recovery techniques. This sample is tougher, and plug-ugly. Even when I used the handy Yandex Translate on the image, I didn’t find a clear demand for ransom. But escape from its clutches isn’t easy. If you’re going to suffer having your computer access locked away, maybe it’s better when done beautifully? This screen locker, while just as uninformative as the ugly one, at least gives you flowers and a pretty anime girl. I defeated this one easily, which the perpetrators may have expected. I mean, the filename is ForNowLock.exe, not ForeverLock.exe.Foreign Installers Aren’t for YouMalware doesn’t respect national boundaries. Wherever there are people, whatever language they speak, you find malware trying for a foothold. If you happen to get hit with a Trojan meant for China, or Turkey, or Korea, you’ll almost certainly reject the installer. Just as folks in China or Turkey may reject a full-on English-language install program. This colorful montage pulls together four of the many foreign-language installers I encountered in my latest hunting trip. There’s nothing special about this group except for the fact that they fit together nicely. Acting like a proper fool, I clicked through each installer all the way to the end. You’re smarter than that.Malware Bundled With Your Order?Sometimes the problem with an installation isn’t the program itself, but the software that’s bundled with it. You may find completely legitimate software—even antivirus programs—bundled with adware, spyware, or other unwanted trash. In a case like that, the security vendor isn’t to blame. A third party created the deceptive bundle. AppEsteem is a young company with a mission to expose these deceptors and to warn legitimate companies when they stray too far toward the dark side of bundling. The installer shown here offers a free player for FLV video files. Along with the player you’re privileged to receive a shady Adware program masquerading as a coupon browser. There’s a checkbox that says you agree to its terms; uncheck the box and you can’t proceed. No video player for you! The best thing that can happen with this kind of bundling is that you’re forced to install a program you didn’t want. Mostly it’s worse than that, because the bundled bonus is malware. Now here’s something handy—a multi-utility install program. If you read Russian, you know it’s “the fastest and most convenient way to install programs.” Just check the boxes for the ones you want and turn the installer loose. The list includes browsers, messenger programs, video players, even antivirus utilities. But when you install them, you also get a dose of malware.Trojan Horses Open Your Gates to MalwareThe historical Trojan Horse was a literal wooden horse, a “gift” from the Greek army that had been besieging Troy. When the Greeks seemingly gave up and left, the Trojans brought the horse inside the city walls as a victory trophy. Unlike Monty Python’s King Arthur, the Greek troops remembered to hide inside the horse. When nightfall came, they slipped out and opened the city gates, letting in the rest of the Greek army.Modern Trojan Horses are made of bits and bytes, not wood, and they breach your PC’s gates to release malware, not soldiers. But they’re still big trouble. Here, we have a sharp-looking utility designed, apparently, to ensure that your PC doesn’t limp along with old, outdated drivers. However, if you try to update any drivers, or back up your existing drivers, you must pay. This is a model used both by some legitimate programs and by rogue antivirus scareware utilities. Lucky you, though: There’s a promotional price that ends today. I couldn’t determine exactly what chicanery this Trojan perpetrated in the background, but its overt activities are just a wee bit suspicious. Want to get into smartphone repair? This set of tools and manuals looks like it might be a big help. Alas, you can’t see just what you’re getting until you pay for your registration. While you’re perusing schematics, it collects personal information behind the scenes and takes orders for further unwanted activity from a remote command and control server. You probably don’t know this, but the EXE files that represent programs on your Windows computer are also called PE files, short for Portable Executable. Every PE file starts with an extensive header that contains a ton of information telling Windows about the program. Malware researchers learn a lot by digging into that header. I was tempted to keep this PE analysis tool for my own use, but the fact that more than 40 antivirus tools flagged it as a Trojan dissuaded me.Fun and GamesOver the years, every time I’ve slung my net to capture new malware samples, there have always been a few with a similar dramatic appearance. They typically display a highly detailed image of a stylized warrior, sorceress, or another game character, along with a screenful of information and prompts in Chinese. Yes, they come burdened with Adware, but they look amazing. Dropping this image on the OCR image translator from Yandex reveals the title: “Angel of the Day.” I remember angels as being more…feathery…but why not. It clearly relates to registering or logging in for gameplay. And a note at the bottom mentions, “Self-protection when living.” Here’s another game login warrior, this one with a person-sized sword. This, too, is a bid to have you register or log in (and suffer unwanted advertising). The text that Yandex managed to translate is cryptic, though. At the very bottom, it seems to say, “Play brain play injury makes sense.” Makes sense? Not to me.Let’s Hope You Don’t See TheseAs you can see, malicious programs, like legitimate programs, run the gamut from sad-looking attempts to totally professional ones. With any luck, and with powerful, up-to-date antivirus protection, these images are the only malware you’ll ever see. You should also check out our tips for staying secure online; malware is just one of many threats to your devices and private information. The Many Faces of Malware: A Tour of Real-World Samples
- Details
- pcmag.com RSS
- Hauptkategorie: IT News aus aller Welt
- Kategorie: Computer & Internet
Chances are good you’ve never seen malware up close and personal. Even if you threw caution to the winds and visited a dangerous site or clicked a treacherous link, your antivirus software probably wiped out any offending program before the latter could say boo. So, you might wonder, just what does malware look like? Would I even recognize a malware program if I saw it?To be fair, a lot of malicious programs don’t look like anything at all. A virus, for example, tries its best to hide from view while infecting other files and computers. A bot sits quietly on your computer until it gets orders from the command and control center to spew some spam or participate in a DDoS attack on a major website. Trojans, by contrast, appear to be useful, legitimate programs, putting up a pretty facade to hide background activities like stealing your personal data. And when ransomware hollers for your attention, it’s bad news.In the process of gathering and analyzing new samples for my hands-on malware protection tests, I've seen all of these variations. I start with literally thousands of malware-hosting URLs, download their nasty payloads, and put them through their paces. In the course of testing, I play the fool, launching unknown files, clicking through to let them install, and giving them any permissions they request. Below are some of the oddities I’ve encountered in my latest quest for the best test samples.One more thing: Some of the items pictured below don’t look like what you’d expect from malware. However, they’ve all been confirmed by the VirusTotal website. For each sample, I submitted the file’s unique fingerprint to the VirusTotal database. In return, it listed which of 70 different antivirus engines had identified that file as malware. All of the programs seen here got flagged by at least 40 of those antivirus engines.The Horror of RansomwareIf a ransomware attack hits your computer, you won’t know it at first. The ransomware stays out of sight, quietly encrypting your important files. Once the dirty work is done, the malware totally demands your attention with its ransom note. The perpetrators promise that if you pay the specified ransom (usually in Bitcoin or some other cryptocurrency) you’ll get your files back, but if they take your money and run, you don’t have any recourse. You really don’t want a direct encounter with ransomware. The ransomware called Maze wants to be very sure that you see its ransom note, so it takes over the entire desktop to get your attention. This one offers to decrypt a single file for free, to prove it’s possible, and to encourage you to pay up. Screen locker malware doesn’t encrypt your files. It just covers up the desktop and all programs, so you can’t use your computer. Often such attacks claim to be from some division of law enforcement, demanding that you pay a fine in untraceable currency. In some cases, you can call such ransomware’s bluff with simple recovery techniques. This sample is tougher, and plug-ugly. Even when I used the handy Yandex Translate on the image, I didn’t find a clear demand for ransom. But escape from its clutches isn’t easy. If you’re going to suffer having your computer access locked away, maybe it’s better when done beautifully? This screen locker, while just as uninformative as the ugly one, at least gives you flowers and a pretty anime girl. I defeated this one easily, which the perpetrators may have expected. I mean, the filename is ForNowLock.exe, not ForeverLock.exe.Foreign Installers Aren’t for YouMalware doesn’t respect national boundaries. Wherever there are people, whatever language they speak, you find malware trying for a foothold. If you happen to get hit with a Trojan meant for China, or Turkey, or Korea, you’ll almost certainly reject the installer. Just as folks in China or Turkey may reject a full-on English-language install program. This colorful montage pulls together four of the many foreign-language installers I encountered in my latest hunting trip. There’s nothing special about this group except for the fact that they fit together nicely. Acting like a proper fool, I clicked through each installer all the way to the end. You’re smarter than that.Malware Bundled With Your Order?Sometimes the problem with an installation isn’t the program itself, but the software that’s bundled with it. You may find completely legitimate software—even antivirus programs—bundled with adware, spyware, or other unwanted trash. In a case like that, the security vendor isn’t to blame. A third party created the deceptive bundle. AppEsteem is a young company with a mission to expose these deceptors and to warn legitimate companies when they stray too far toward the dark side of bundling. The installer shown here offers a free player for FLV video files. Along with the player you’re privileged to receive a shady Adware program masquerading as a coupon browser. There’s a checkbox that says you agree to its terms; uncheck the box and you can’t proceed. No video player for you! The best thing that can happen with this kind of bundling is that you’re forced to install a program you didn’t want. Mostly it’s worse than that, because the bundled bonus is malware. Now here’s something handy—a multi-utility install program. If you read Russian, you know it’s “the fastest and most convenient way to install programs.” Just check the boxes for the ones you want and turn the installer loose. The list includes browsers, messenger programs, video players, even antivirus utilities. But when you install them, you also get a dose of malware.Trojan Horses Open Your Gates to MalwareThe historical Trojan Horse was a literal wooden horse, a “gift” from the Greek army that had been besieging Troy. When the Greeks seemingly gave up and left, the Trojans brought the horse inside the city walls as a victory trophy. Unlike Monty Python’s King Arthur, the Greek troops remembered to hide inside the horse. When nightfall came, they slipped out and opened the city gates, letting in the rest of the Greek army.Modern Trojan Horses are made of bits and bytes, not wood, and they breach your PC’s gates to release malware, not soldiers. But they’re still big trouble. Here, we have a sharp-looking utility designed, apparently, to ensure that your PC doesn’t limp along with old, outdated drivers. However, if you try to update any drivers, or back up your existing drivers, you must pay. This is a model used both by some legitimate programs and by rogue antivirus scareware utilities. Lucky you, though: There’s a promotional price that ends today. I couldn’t determine exactly what chicanery this Trojan perpetrated in the background, but its overt activities are just a wee bit suspicious. Want to get into smartphone repair? This set of tools and manuals looks like it might be a big help. Alas, you can’t see just what you’re getting until you pay for your registration. While you’re perusing schematics, it collects personal information behind the scenes and takes orders for further unwanted activity from a remote command and control server. You probably don’t know this, but the EXE files that represent programs on your Windows computer are also called PE files, short for Portable Executable. Every PE file starts with an extensive header that contains a ton of information telling Windows about the program. Malware researchers learn a lot by digging into that header. I was tempted to keep this PE analysis tool for my own use, but the fact that more than 40 antivirus tools flagged it as a Trojan dissuaded me.Fun and GamesOver the years, every time I’ve slung my net to capture new malware samples, there have always been a few with a similar dramatic appearance. They typically display a highly detailed image of a stylized warrior, sorceress, or another game character, along with a screenful of information and prompts in Chinese. Yes, they come burdened with Adware, but they look amazing. Dropping this image on the OCR image translator from Yandex reveals the title: “Angel of the Day.” I remember angels as being more…feathery…but why not. It clearly relates to registering or logging in for gameplay. And a note at the bottom mentions, “Self-protection when living.” Here’s another game login warrior, this one with a person-sized sword. This, too, is a bid to have you register or log in (and suffer unwanted advertising). The text that Yandex managed to translate is cryptic, though. At the very bottom, it seems to say, “Play brain play injury makes sense.” Makes sense? Not to me.Let’s Hope You Don’t See TheseAs you can see, malicious programs, like legitimate programs, run the gamut from sad-looking attempts to totally professional ones. With any luck, and with powerful, up-to-date antivirus protection, these images are the only malware you’ll ever see. You should also check out our tips for staying secure online; malware is just one of many threats to your devices and private information. - Zugriffe: 89