Evolutionary Malware: Mobile Malware, Botnets, and Malware Toolkits

Evolutionary Malware: Mobile Malware, Botnets, and Malware Toolkits

Michael Brian Pope (Department of Management and Information Systems, College of Business, Mississippi State University, Mississippi State, MS, USA), Merrill Warkentin (Department of Management and Information Systems, College of Business, Mississippi State University, USA) and Xin (Robert) Luo (Anderson School of Management, University of New Mexico, Albuquerque, NM, USA)
DOI: 10.4018/ijwnbt.2012070105
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Much as information systems themselves evolve and incorporate innovation, so too has malicious software, or “malware.” The increasing threat to those who use and trust in these systems is dangerous to overlook. This article examines recent trends in malware development. Reviewing statistics of dangerous infections of various malware families, it also expands on recent developments of actual exploit code. It further expands on the evolution of recent malware development techniques, particularly the use of malware development kits, or “exploit kits.” Mobile exploits taking advantage of smart phones, as well as malicious “polymorphic” code that self-mutates to evade detection are also discussed in detail.
Article Preview

Malware Threat Statistics: A Revisit

The Web is perceived to be the biggest carrier transmitting threats to security and productivity in organizations, because websites can harbor not only undesirable content but also malicious code, often penetrating defenses through flaws in the operating system, browser, and accessory software. Estimates for infection sources encountered overwhelmingly named compromised or malicious web sites as the most frequent source at nearly 80% (Sophos, 2013). The dilemma for organizations is that the Web is an indispensable strategic tool for both internal and external interaction, though it is also an open route for cybercriminals to seek possible victims. Unlike the past in which most malicious code writers were motivated by curiosity or bragging rights, today’s IT world is experiencing the transition from traditional forms of viruses and worms to new and more complicated attacks proliferated by active criminals intent on financial gain. This trend is due to the capitalization of the malware industry where most malicious code writers tend to exploit system vulnerabilities to capture such high profile information as passwords, credentials for banking sites, and other personal information for identify theft and financial fraud. More complicated attacks can involve multiple malware approaches, such as a rootkit installed to allow further malware, such as spyware or ransomware, to be deployed much more easily. Once infected, the software continues to fight attempts to detect and purge it, through methods such as morphogenic code that disrupts code patterns used to detect malware, and accelerating development of malicious software, straining the resources of security firms as they press harder to keep up with new threats. Incentives and resource sources such as financial fraud make these combined and combative approaches more common, more dangerous, and more numerous.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 6: 2 Issues (2017): Forthcoming, Available for Pre-Order
Volume 5: 2 Issues (2016): 1 Released, 1 Forthcoming
Volume 4: 3 Issues (2015)
Volume 3: 4 Issues (2014)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing