Back to Basics: Malware Maketh the Machine
December 06, 2023
With the advent of the digital age, we daily put more and more of our lives into computers, the internet, and digital devices. This increase in digitization means the amount of value that can be found online is staggering. While this is a good thing in many ways, it also means that there is increased opportunity for bad actors to exploit this digital land of plenty.
Welcome to Back to Basics, a series where we’re going to be reviewing basic engineering concepts that may require a more complex explanation than a quick Google search could provide.
By nature of how the internet works, we put data online. Some of that data is useless — like the like and subscribe we gave a video of someone baking cookies blindfolded — while some of it is incredibly valuable, like our SSN or banking info. Malware taps into this data and steals it for people to profit off of.
The Power of a Good Cry
To better understand malware, let’s briefly define it. Malware is any form of software created with malicious or illegal intent that generally exists for some kind of gain. Understanding malware is contingent on two questions:
What value do the creators of this malware want?
How do they get past security measures to get it?
Let’s look at a few examples of malware attacks from the perspective of these questions.
In 2017, a ransomware worm called WannaCry infected over 200,000 computers in over 150 countries.
Let’s pause and define terms. Ransomware works by getting its way onto a system, and then encrypting everything on it, making it unusable. It then asks for the user to purchase a key to unlock it. Think about if someone broke into your house, changed all the locks, and then tried to sell you the new key for $1500. Not fun, right?
Worms are a type of ransomware that work by replicating themselves through online network connections, without any help from a user.
Now, let’s move on and ask our two questions.
First, what value was WannaCry after? Since WannaCry was ransomware, this answer is easy. When you incapacitate hundreds of thousands of computers and then ask upwards of $300 to fix them, the financial gain is huge.
Secondly, how did WannaCry get that value? This question is more interesting to answer. WannaCry worked by using a networking exploit built into the Windows OS called EternalBlue. By tapping into a “hole” in the code that everyone had on their computer, WannaCry could get the computer to spread the malware without any user input. Since the exploit was built into Windows, it meant that finding targets was easy, making WannaCry a perfect piece of malware.
Spoiler Alert: You Will Not Win that Free iPad
Let’s do another example that’s a bit less “historic” and a little closer to home.
We’ve all been on some website trying to download something and been swarmed by various popups saying “START” or “CLICK TO DOWNLOAD”, or seen ads that clearly are selling something that doesn’t exist. These ads and popups usually host malware, hence why the basic rule of thumb is don’t click them.
So, what value are these malware ads trying to get at? Most of the time, these popups host not ransomware, but something else: Trojans and Adware.
Trojans are malware containing malware, much like the Trojan Horse. Download a Trojan, and a bunch of other problems download themselves along with it. Adware is malware that works by changing default programs on your computer or inserting itself into your browser to display unwanted ads.
These get value out of you by forcing you to see ads, which advertisers then pay the malware producers, often unknowingly, for.
Then, to answer the question of how they work, these pop ups exploit user error. They are designed to trick you, the user, into thinking that they offer a legitimate link, and then, once the click is registered, they download unwanted malware.
When looking at malware from a value standpoint, it’s a little easier to see how to protect yourself online. Wherever you have digital value, there are people trying to access, steal, or corrupt it. Vigilance is key — obviously don’t go clicking on anything unless you are certain it’s benign, and a good antivirus is a great aid in that goal.
Check out our Back to Basics series on coding fundamentals!