Implementation Techniques | Internet Security Threats | Kaspersky Lab

Internet security center

Malware Implementation Techniques

Cybercriminals often exploit any vulnerabilities that exist within the operating system (OS) or the application software that’s running on the victim’s computer – so a net worm or Trojan virus can penetrate the victim’s machine and launch itself.

What is a vulnerability?

A vulnerability is effectively an error in the code or the logic of operation within the OS or the application software. Because today’s OSs and applications are very complex and include a lot of functionality, it’s difficult for a vendor’s development team to create software that contains no errors.

Unfortunately, there’s no shortage of virus creators and cybercriminals that are ready to devote considerable effort to investigating how they can benefit from exploiting any vulnerability – before it’s fixed by the vendor issuing a software patch.

Typical vulnerabilities include:

  • Application vulnerabilities
    The Nimda and Aliz mail worms exploited Microsoft Outlook’s vulnerabilities. When the victim opened an infected message – or even placed their cursor on the message, in the preview window – the worm file launched.
  • Operating system (OS) vulnerabilities
    CodeRed, Sasser, Slammer and Lovesan (Blaster) are examples of worms that exploited vulnerabilities in the Windows OS – whereas the Ramen and Slapper worms penetrated computers via vulnerabilities in the Linux OS and some Linux applications.

Exploiting Internet browser vulnerabilities

Recently, the distribution of malicious code via web pages has become one of the most popular malware implementation techniques. An infected file and a script program – that exploit the browser’s vulnerability – are placed on a web page. When a user visits the page, the script program downloads the infected file onto the user’s computer – via the browser’s vulnerability – and then launches the file. In order to infect as many machines as possible, the malware creator will use a range of methods to attract victims to the web page:

  • Sending spam messages that contain the address of the infected page
  • Sending messages via IM systems
  • Via search engines – whereby the text placed on an infected page is processed by search engines and the link to the page is then included in search result lists

Clearing the route for Trojan virus infections

Cybercriminals will also use small Trojans that are designed to download and launch larger Trojan viruses. The small Trojan virus will enter the user’s computer – for instance, via a vulnerability – and it will then download and install other malicious components from the Internet. Many of the Trojans will change the browser’s settings – to the browser’s least secure option – in order to make it easier for other Trojans to be downloaded.

Software developers and antivirus vendors respond to the challenge

Unfortunately, the period between the appearance of a new vulnerability and the start of its exploitation by worms and Trojan viruses, tends to become shorter and shorter. This creates challenges for both software vendors and antivirus companies:

  • The application or OS vendors have to rectify their mistake as soon as possible – by developing a software patch, testing it and distributing it to the users.
  • Antivirus vendors must work rapidly – to release a solution that detects and blocks the files, network packets or whatever other item is used to exploit the vulnerability.

© 1997 – 2014 Kaspersky Lab

All Rights Reserved. Industry-leading Antivirus Software