Malware

Malware, an abbreviated version of malicious software, is "software designed specifically to damage or disrupt a system." Malware remains a major security threat for Internet users.

Common Examples of Malware

 * Adware: This software is responsible for undesired pop-ups and other kinds of aggressive advertisements.


 * Bots: This software, once installed, operates based on orders given from an outside party, such as a hacker. While bots can be used for harmless purposes, they can also create large security threats if programmed to "infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices." Bots can be used in botnets, DDoS, spam or fast flux attacks. Botnets have become an increasing problem in recent years, and individuals with compromised computers may not be aware they are infected.


 * Ransomware: this allows a malicious third party to essentially stop users from accessing their computers, often by locking the users' system or encrypting files, until a specified amount of money is paid. Sometimes attackers using ransomware will pose as legitimate authorities. McAfee security observed a large increase in ransomware in 2012 with 200,000 new versions of it found per quarter.


 * Spyware: this software monitors the user's activities and then sends the information to other "interest parties." Spyware can track a user's Internet history, log keystrokes, and steal data. A recent Kindsight Security Report indicated that spyware is also targeting and spreading to mobile devices.


 * Trojans: trojans or trojan horses are a fairly well known classification of malware. They disguise themselves as harmless files and downloads; however, after they are installed, they can severely hobble a computer or system by creating backdoors or distributing other malware. Trojans can also harvest personal data, change files and settings, or allow a hacker to control the computer.


 * Viruses: this type of malware can spread from system to system, often by using infected attachments. Unlike some of the other kinds of malware listed, viruses can copy themselves or insert themselves into other programs.


 * Worms: this malware can also replicate itself and does not "require a host program or human help to propagate." Worms often use system vulnerabilities to infect computers or networks.

Public Perception
Spreading malware is a practice that is viewed very negatively. Malware can be used to crash a computer, steal data, or freeze an entire network. As such a large threat, many users are aware of the dangers posed by malware and choose to use Internet security services. However, malware is a constantly evolving threat.

Outcome
Malware is dangerous and has equally severe consequences. Malware can slow down a computer's operating system, use infected computers in cyber attacks, completely disable a network, or steal private or financial data.

Historical Use
Malware is evolving and changing, both in the sophistication of the malware used and the type of malware favored by attackers. For example, in the late 1990s and early 2000s, worms and viruses that spread through email attachments were a major threat. The early 2000s also saw the emergence of using links and social engineering in emails to spread malware. In recent years, attention has shifted to trojans and botnets. According to a 2013 PandaLabs Report, trojans represented about 80% of computer infections. Sophos's 2014 Threat Report highlights the growing threat that botnets pose to Internet users. The amount of malware available also seems to be growing. The same PandaLabs Security Report found that as many as 6.5 million pieces of malware were created in the first quarter of 2013. The increasing amount of malware available reveals the serious threat faced by Internet users.

ICANN Policy

 * ICANN does not have a policy or reporting procedure relating to malware as "malware are outside of ICANN's scope and authority."


 * 2013 Registry Agreement (RA): This agreement, which all new gTLD applicants were required to sign, states that registries must require their registrars to include policies that prohibit registrants from activities like creating and distributing malware. Additionally, registries are required to "periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats" and to keep security files on threats and the remedial actions taken by the registries.

Legislation

 * Computer Fraud and Abuse Act (CFAA): This act makes it illegal to use "malicious code" to damage protected computers.
 * In addition to this act, many states also have legislature that addresses computer crimes.


 * Many other countries also have laws that address malware and other computer crimes. In some countries, it is illegal not only to use malware but to have or create malware, such as in Japan.


 * In 2004, the Computer Software Privacy and Control Act was introduced in congress with the goal of addressing adware and spyware, particularly. However, the bill was not enacted.

DNS Award
Awardees take proactive steps to monitor, identify, and prevent the spread and distribution of malware.

Additional Resources

 * Read Microsoft's Malware, a Ten Year Review
 * See Kindsight Security Lab's Malware Report: Q2 2013
 * View Sophos Security Threat Report for 2014

Related Articles

 * Botnet Attacks
 * DDoS Attacks
 * Pharming
 * Phishing
 * Spam