Computer related Crime

 

Unit 3: Computer related Crimes

 

       i)        Damage to Software and Hardware

 

A. Introduction to malware: What are they???

 

Malware, a contraction of malicious software, denotes any software deliberately crafted to damage, exploit, or undermine the operation of computer systems, networks, or devices. It manifests in diverse forms and is crafted with malevolent intent by entities commonly referred to as cybercriminals. Grasping the nature of these malware variants is vital for individuals and organizations to enact robust cybersecurity measures, safeguarding against potential threats. Essential security practices, including routine software updates, the use of antivirus software, and educating users, are pivotal in reducing the risks linked to malware.

 

Here are some common types of malware:

 

1. Viruses:

 

I.          Definition: Viruses are malicious programs that attach themselves to legitimate executable files or documents. When the infected file is executed, the virus activates and can replicate by attaching its code to other files.

 

II.        Characteristics: Viruses often require user interaction to spread, such as executing an infected program or opening an infected document.

 

2. Worms:

 

I.          Definition: Worms are standalone programs that can self-replicate and spread across computer networks without user intervention. They exploit vulnerabilities in network protocols to infect other computers.

 

II.        Characteristics: Worms can spread rapidly and consume network resources, often causing disruption and slowdowns.

 

3. Trojans (Trojan Horses):

 

I.          Definition: Trojans are deceptive programs that masquerade as legitimate software to trick users into installing them. Once installed, they can perform a variety of malicious actions, such as stealing information or providing unauthorized access to the system.

 

II.        Characteristics: Unlike viruses and worms, Trojans do not replicate themselves. They rely on social engineering to convince users to install them.

 

4. Ransomware:

 

I.          Definition: Ransomware is a type of malware that encrypts a user's files or entire system, rendering it inaccessible. The attacker then demands a ransom, usually in cryptocurrency, for the decryption key.

 

II.        Characteristics: Ransomware often spreads through malicious email attachments, compromised websites, or vulnerabilities in software.

 

5. Spyware:

 

I.          Definition: Spyware is designed to secretly monitor and gather information about a user's activities without their knowledge or consent. This may include capturing keystrokes, tracking web browsing habits, or stealing sensitive information.

 

II.        Characteristics: Spyware operates stealthily and can compromise user privacy and security.

 

6. Adware:

 

I.          Definition: Adware displays unwanted advertisements on a user's device. While not necessarily harmful on its own, it can be intrusive and negatively impact the user experience.

 

II.        Characteristics: Adware often comes bundled with free software and may lead to pop-up ads, browser redirects, or changes to browser settings.

 

7. Rootkits:

 

I.          Definition: Rootkits are malicious programs designed to gain unauthorized access to a computer's system or network. They often hide their presence and provide backdoor access for attackers.

 

II.        Characteristics: Rootkits can be difficult to detect and remove because they often operate at a low level, manipulating the operating system to conceal their activities.

 

The Motive behind creating malware:

 

The motivations behind creating malware are diverse and can vary depending on the goals and intentions of the individuals or groups involved. Here are some common motivations behind the creation of malware:

 

1.   Financial Gain:

 

Many instances of malware are created with the primary goal of financial profit. This can be achieved through various means, such as stealing sensitive financial information (e.g., credit card details, online banking credentials) or conducting ransomware attacks where victims are extorted for payment to regain access to their files or systems.

 

2.   Espionage and Cyber-Surveillance:

 

Nation-states, intelligence agencies, or cybercriminal groups may develop and deploy malware to conduct espionage and gather sensitive information. This information could include state secrets, military plans, or corporate intellectual property.

 

3.   Sabotage and Disruption:

 

Malware may be created to disrupt the normal functioning of computer systems, networks, or critical infrastructure. Sabotage can be politically motivated, aiming to create chaos or damage an adversary's capabilities.

 

4.   Political and Activist Agendas:

 

Malware can be used to further political or activist causes. Individuals or groups with specific agendas may deploy malware to make a political statement, influence public opinion, or disrupt the activities of organizations they oppose.

 

5.   Data Theft and Identity Theft:

 

Malware is often designed to steal sensitive information, including personal data, login credentials, and intellectual property. Stolen data can be sold on the dark web or used for identity theft, fraud, or other illicit activities.  

6.   Botnet Creation:

 

Malware may be used to create botnets, networks of compromised computers controlled by a single entity (botmaster). These botnets can be leveraged for various purposes, such as launching distributed denial-of-service (DDoS) attacks, distributing spam, or conducting further cybercrimes.

 

7.   Research and Experimentation:

 

Some individuals or groups create malware for research purposes, testing vulnerabilities, and understanding the dynamics of cybersecurity. However, such activities can have unintended consequences if the malware is released into the wild or falls into the wrong hands.

 

8.   Personal Vendettas:

 

Malware can be created for personal reasons, such as revenge or settling scores. Individuals may develop and deploy malware to harm specific individuals, organizations, or entities they have a grievance against.

 

Malware can employ various techniques to remain dormant, propagate, and then activate its destructive payload. Here's a general overview of the process:

 

1.   Dormancy:

 

a.    Stealth Techniques: Malware often employs stealth techniques to avoid detection by security software. This may involve polymorphic code that changes its appearance each time it infects a new system, making it more challenging to detect.

 

b.    Rootkit Installation: Some malware installs rootkits, which are software tools that hide the presence of the malware from the operating system and security software. Rootkits can manipulate system functions to conceal malicious activities.

2.   Propagation:

 

a.    Exploiting Vulnerabilities: Malware exploits vulnerabilities in software, operating systems, or network protocols to propagate. This could involve taking advantage of unpatched software or leveraging known vulnerabilities.

 

b.    Social Engineering: Malware often spreads through social engineering techniques, such as phishing emails or deceptive websites. Users may unknowingly download and execute malware, allowing it to infect their system.

 

3.   Activation and Payload Delivery:

 

a.    Triggers and Conditions: Malware may include triggers or conditions for activation, such as a specific date, a user action, or reaching a certain number of infected systems. This helps the malware avoid detection until the desired conditions are met.

 

b.    Command and Control (C&C) Servers: Malware often establishes communication with external servers controlled by attackers. These servers can send commands to the malware, instructing it to activate its payload or download additional malicious components.

 

c.    Polymorphic Payloads: Some malware has polymorphic payloads, meaning the actual destructive code can change over time or upon specific triggers. This makes it more challenging for antivirus programs to detect and signature-based defenses to block.

 

4.   Destructive Payload Execution:

 

a.    Data Manipulation: Malware with destructive payloads may alter or delete files, overwrite data, or manipulate critical system structures. For example, ransomware encrypts files, rendering them inaccessible until a ransom is paid.

 

b.    Denial-of-Service (DoS): Malware may launch a DoS attack, overwhelming a system or network with traffic to disrupt normal operation.

 

c.    System Modification: Some malware modifies system settings, compromising security configurations or granting unauthorized access to the attackers.

 

5.   Persistence:

 

a.    Establishing Persistence: Malware often attempts to establish persistence by ensuring it remains on the infected system even after a reboot. This may involve creating registry entries, modifying system files, or using auto-start mechanisms.

 

6.   Concealment:

 

a.    Continued Evasion: Malware continuously tries to evade detection and removal by employing anti-analysis techniques, obfuscation, and countermeasures against security software.