From UPSC perspective, the following things are important :
Prelims level : Malwares
Mains level : Cyber attacks and the treats posed to national security
This newscard is an excerpt from the original article published in The Hindu.
Try this question from CSP 2018:
Q.The terms ‘WannaCry, Petya, Eternal Blue’ sometimes mentioned news recently are related to
(b) Crypto currency
(c) Cyber attacks
(d) Mini satellites
What is NetWire?
- NetWire, which first surfaced in 2012, is a well-known malware.
- It is also one of the most active ones around.
- It is a remote access Trojan, or RAT, which gives control of the infected system to an attacker. Such malware can log keystrokes and compromise passwords.
- This malware essentially does two things:
- One is data exfiltration, which means stealing data. Most anti-virus software is equipped to prevent this.
- The other involves infiltrating a system, and this has proven to be far more challenging for anti-virus software.
- NetWire is described as an off-the-shelf malware, while something like Pegasus, which used a bug in WhatsApp to infiltrate users’ phones in 2019, is custom-made and sold to nations.
Back2Basics: Classification of malicious softwares
- A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program.
- It spreads from one computer to another, leaving infections as it travels.
- Viruses can range in severity from causing mildly annoying effects to damaging data or software and causing denial-of-service (DoS) conditions.
- Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program.
- When the host code (alternative word for a computer program) is executed, the viral code is executed as well.
- Ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
- While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion.
- This encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
- Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage.
- In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate.
- To spread, worms either exploit the vulnerability on the target system or use some kind of social engineering to trick users into executing them.
- A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.
- More advanced worms leverage encryption, wipers, and ransomware technologies to harm their targets.
- A Trojan is a harmful piece of software that looks legitimate.
- After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses).
- Trojans are also known to create backdoors to give malicious users access to the system.
- Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
- Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
- “Bot” is derived from the word “robot” and is an automated process that interacts with other network services.
- Bots often automate tasks and provide information or services that would otherwise be conducted by a human being.
- A typical use of bots is to gather information, such as web crawlers, or interact automatically with Instant Messaging (IM), Internet Relay Chat (IRC), or other web interfaces.
- They may also be used to interact dynamically with websites.