Impelled by the proliferation of high speed connections and the global coverage, Internet has become a powerful means for knowledge sharing as well as commercialization. The increasing dependence on the Internet, however, also makes it an obvious target for the miscreants to spread computer viruses and other types of malicious software (malware).
Creating viruses and worms is no longer mere pleasure for a handful of curious college graduates learning to hack. It is rather a full-fledged business running out there, with extreme level of sophistication and expertise being put in by the huge work-force of the black hat hackers.
The power of malware has reached the level where it can not only penetrate, manipulate and destroy information systems but can even reside on them indefinitely gaining complete control over them without user getting the slightest hint.
None of the AV products in market can claim to contain all sort of malware. Moreover, plentiful vulnerabilities in the operating systems, browsers and other applications further puts the malware authors at advantage. Under such circumstances, even if an average computer user installs the best antivirus/firewall software and follows the basic safe computing practices, he could still fall victim to some of the gruesome malware attacks.
Thus, improvements have to be made in many areas, and international co-operation would benefit greatly in areas such as: proactive prevention (education, guidelines and standards, research and development); improved legal frameworks; stronger law enforcement; improved tech industry practices; and better alignment of economic incentives with societal benefits.
1.1 Commonly Exploited Vulnerabilities by Malware
The following types of vulnerabilities are typically exploited by malware to disseminate, propagate, and install themselves:
- Buffer overflows (the real vulnerability is a design flaw, i.e., the lack or failure of input validation to prevent the submission of overlong data strings).
- Weak access control (due to poorly designed or configured access controls)
- Poor or incorrect handling of malformed data (due to lack or failure of input validation to filter out malformed data)
- Decoding errors (e.g., browser or Web server Uniform Resource Locator [URL] decoding errors)
- Sabotaged configurations (e.g., through tampering with the configuration script)
- Vulnerabilities in anti-virus software (exploited to disable the software or evade its detection).
1.2 Most prevalent vectors for Malware Propagation
Malware propagation vectors refer to the electronic methods by which malware is transmitted to the information systems, platforms or devices it seeks to infect.
- Email (includes spam and other phishing emails)
- World Wide Web
- Instant messages
- Removable media (e.g., “thumb” drives, compact discs [CD])
- Application with built-in scripting languages (Acrobat, Flash, etc.)
- Networked shared files
- P2P file sharing networks
- Wireless Local Area Networks (WLAN)