Devina Budhan’s 750-Word Expanded Definition of Malware

Introduction

The reason I am writing this memo is to inform you about a word that is commonly used in my field of study in computer information systems. The word I have chosen to explain more on is malware. By looking up different definitions and examples of the word and how it’s used from articles and the web I will show how it’s changed over the years or if it has changed at all.

Definitions

Malware is actually the combination of “malicious” and “software/hardware” and originates from the English language. According to the Oxford English Directory (OED), malware is defined as “programs written with the intent of being disruptive or damaging to (the user of) a computer or other electronic devices; viruses, worms, spyware, etc., collectively” (OED, 2019). In other words, OED describes malware a type of program that is created to attack or harm a user’s computer or any electronic device. In addition to the OED’s definition, the National Institute of Standards and Technology (NIST), describes malware as “Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system.” (NIST, 2019). This describes malware as a software that was initially made to deny access to particular functions and resources of a computer system affecting the confidentiality of the information, the validity of the information contained in the system and the availability of the information to be used meaning the data can be walled from being used. A third definition from “Randed”, malware is defined as “Any software used to disrupt computer or mobile operations, gather sensitive information, and gain access to private computer or mobile operations”, this explains malwares specific purpose of infiltrating information and denying access to computer systems.

From the many definitions I was able to gather, malware has not changed much in terms of what it is. However, OED’s definition describes malware as what it is and how it affects a user and lists different threats. The threats today for malware are mostly tied to trojans, ransomware and keyloggers. These malwares are used for gathering data or forcing entry and locking the user out of their data. In order for the user to unlock their files they have to pay the ransom for a chance to maybe unlock the files. Trojans give the hacker access to the system. Due to all these unique threats a single term was used to encompass the general meaning of software that has an intent to cause malicious damage. Originally the term that encompassed all of them was virus but since a lot of the malicious attacks today are focused only on one computer it could no longer be classified as a virus and instead was labeled under malware.

Context

“However, with the past of the years the objective change and currently the main objective is to enter in another system in order to steal any kind of information, change parameters inside, being redirected to a website with more malware… The idea is to create chaos in the system that they are enter to” (Randed, 2019). The word in this sentence is described by the actions of malware to enter another system and stealing that type of information. The article explains the general idea and use of malware such as creating chaos by causing user to panic should they be locked out of their system or redirecting the users to another site that is impersonating another site to install more malware that can reach deeper into the system. Thieves that use computers are called cyber criminals and their main type of attack is using malwares on unsuspecting users and stealing data such as username, passwords, bank information and personal information that can be used to steal the user’s identity. “Malware typically employs as many as 10 evasion techniques per sample, which indicates both that malware analysis is a great concern of malware authors and that they are aware of the efforts taken to develop effective malware detection methods” (Or-Meir et al., 2019). This goes to show that malware is a high stakes game of cat and mouse. Where the cyber criminals know their exploits are being discovered and traced back so the need to evolve and stay ahead. This in turn causes cyber security experts to think of new ways of detecting the malicious program. One such way is to have a malware scanner that is based on the behavioral pattern of malware instead of signature based. Signature based malware prevention is when a copy of the malware code is kept and compared to the new malware being scanned. If they are similar it is a hit and that malware will be quarantined and removed. The new type of anti-malware becoming more prominent is a type that monitors the activity of all programs and should any of them be recording data or sending them in suspicious ways they will trigger an alarm. As stated in the quote, cyber security experts are increasing efforts to finding new ways to detect malware even before new ones are created. “The number of malware alterations for mobile devices created for phishing activities, information theft related to bank cards and for money theft from bank accounts increased almost 20 times” (Iovan et. al, pg. 267). Malware in this context is used as a “backdoor” to infiltrate the mobile device to obtain personal information such as bank information, social security, etc. This is similar to the definition that NIST provided where it affects the integrity, confidentiality and availability of information.

Working Definition

Malware relates to my field of study because as an IT operation major, it is important to learn about attacks to prevent data breaches. It is important to study malware due to the fact that in IT operations not only is the data of the company being managed but also the personal information of all employees is stored there. By studying malware, we will be able to increase security and prevent data and identity theft of everyday user thus creating a safer environment for all. Based upon the examples and definitions found from various sources such as OED, articles and websites malware means a program or software created to exploit a user’s computer or electronic device for personal and financial information.

References

Iovan, Ş., & Marge, R. (2018). Malware for Mobile Devices and Their Security. Fiability & Durability / Fiabilitate Si Durabilitate, (1), 267–272.

malware, n. (2019). Oxford English Dictionary Online. Retrieved from www.oed.com/view/Entry/267413.

Malware, what do you need to know. From where it comes from to types of it. (2019, January 16). Retrieved from https://randed.com/malware-what-do-you-need-to-know-from-where-it-comes-from-to-types-of-it/?lang=en.

Malware. (n.d.). Retrieved from https://csrc.nist.gov/glossary/term/malware.

Or-Meir, O., Nissim, N., Elovici, Y., & Rokach, L. (2019). Dynamic Malware Analysis in the Modern Era–A State of the Art Survey. ACM Computing Surveys, 52(5), 1–48.

Leave a Reply