display | more...

Famine. Pestilence. War. Death.

The four horsemen of the Apocalypse were named after the greatest causes of humanity's misery in the ancient world. If the Book of Revelation were written today, there would be six horsemen of the Apocalypse: Famine, Pestilence, War, Death, Frozen Dairy Dessert, and Malware. Malware -- a portmanteau of malicious software -- is not so much a recent phenomenon in the history of computing as it is a relatively recent umbrella term to describe a lot of different things.

It's not possible to describe literally every type of malware since there's a lot of overlap between them, so I'll stick to the most common types. Computer viruses are almost all by definition malware. What those viruses do, of course, varies wildly. The original computer viruses were designed to essentially cause infected computers to become unusable by wiping their hard drives and/or overwriting the BIOS. As computers and the internet in particular became more integrated with commerce, viruses also took on an economic dimension when they began to be used as tools to acquire things like credit card numbers or banking information. Self-replicating viruses known as worms disseminate themselves from one system to the next without the knowing participation of the sending or receiving .

Malware is frequently used to give unauthorized users access to multiple computers for unsavory and possibly illegal purposes. Infected computers are made to run background processes and hidden applications that do things like generate fake clicks to specific websites to increase the company's advertising revenue or facilitate the hosting and distribution of child pornography. All of this is done without the users even being aware that it is happening.

The type of malware that most people encounter is adware. As the name implies, adware is software that exists primarily to shove targeted advertising down the users' throats. Generally speaking, adware is more annoying than it is damaging since it is very often bundled with legitimate software that actually provides some service to the user. Many free or free-to-try programs come with adware and may not function if the ads are somehow disabled. 

A closely related type of malware is spyware, which tracks the user's computing activities without their informed consent. Some adware falls into the category of spyware, but other spyware programs are used for more nefarious purposes such as identity theft and even extortion

Speaking of extortion, my "favorite" type of malware is known as ransomware. After infection, the ransomware program locks the system up and prevents the user from doing anything on the computer other than staring at a screen telling them that they need to pay $100 (or some other amount of money) to regain access to their data. There are many variations on this theme. Sometimes the message purports to be from a legitimate company offering help to fix the problem ("oh no! You have a virus! Call us now and we'll take care of it!") Other times the message is supposedly from a law enforcement agency that has identified illegal content on your computer and you need to pay a fine immediately to get back into your computer. I experienced this one first hand when I was informed that the "FBI" had determined my computer had information on it that qualified as "material support for terrorism" and that I needed to pay $500 to resolve the charges pending against me. Then there are the ones that abandon any pretense of legitimacy and fully admit "yeah, we're holding your computer hostage, send us money or else."

Even though a lot of things fall under the rubric of "malware," there are a few things that don't. First, hacking does not count as malware although malware can help facilitate hacking. Next, phishing attacks -- tricking targets into revealing sensitive information such as login credentials more or less voluntarily -- are usually performed by individuals rather than software, although again, malware can be used to help phishers get the information they want. Finally, software that is just badly designed isn't malware, although poorly coded programs and applications that negatively impact overall system performance or compromise system security could be considered unintentional malware.

As with anything horrible, there are a handful of very well-known malware incidents out there. The Code Red worm from 2001 was an almost laughably simple virus that exploited a vulnerability  in Microsoft's IIS server by repeatedly using the letter "N" to cause a buffer overflow; infected machines were used to execute denial of service attacks against the White House. The Mydoom virus became the fastest spreading piece of malware in history when it infected over half a million computers in the space of just a few days in early 2004; it likely originated in Russia and again caused DDOS attacks.

Perhaps the greatest piece of malware ever conceived, however, was Stuxnet. It is probably the most sophisticated piece of malicious software ever written (at least that is known to the public). Stuxnet targets programmable logic controllers, which are essentially the types of computers that control automated assembly lines. However, Stuxnet only targeted a very specific kind of PLC and would  in fact deactivate itself if it infected a computer that it determined was not the kind it was looking for. In 2010, Stuxnet infected and effectively ruined a ton of computers in Iran that controlled the centrifuges integral to its nuclear power program. As many as 20% of these PLCs were rendered unusable due to Stuxnet. It is widely assumed that the governments of the United States and Israel collaborated on the creation of Stuxnet.

Unfortunately, as more people abandon PCs and laptops for smartphones, tablets, and other mobile devices, the creators of malware are hot on their heels. Malware is becoming a serious problem for mobile users and is leading to even more data becoming compromised. If the past is anything to go by, malware will exist and adapt right alongside the changing technological landscape. At the end of the day, though, malware is at least better than famine, pestilence, war, and death...but only slightly.

 For reQuest 2019: the reTurn