Malware and Its Programming

What is Malware?

Malware (Malicious Software) is computer program and usually created for finding some bugs from targeted software system. So, its creator can exposes the internal system and get all restricted / secret data which are saved inside that system. Even some malwares can destruct that system also with those data and we call it as sabotage purpose. If you want to know the signs of infected computer, please open this topic : How do I Know if My Computer is Infected by Virus?. 

Spyware or other malware is sometimes found embedded in programs supplied officially by companies, e.g., downloadable from websites, that appear useful or attractive, but may have, for example, additional hidden tracking functionality that gathers marketing statistics. An example of such software, which was described as illegitimate, is the Sony rootkit, a Trojan embedded into CDs sold by Sony, which silently installed and concealed itself on purchasers' computers with the intention of preventing illicit copying; it also reported on users' listening habits, and unintentionally created vulnerabilities that were exploited by unrelated malware.

• Virus, is kind of malware which has ability to infects other file and duplicates their "body" to other files. So, it can survives because all main virus programs are contained in every file and can infect other computer when one of those file is clicked.
• Worm, from its name we know that this malware acts like worm which means this malware will infects a system through vvulnerable open ports. It can duplicates his own body fast and consumes so much memory then victim computer is going crash / hang in result.
• Trojan Horse, Trojan horse or commonly called trojan is a program that has the ability to be undetected. Trojan hiding in specific ports and waiting to be activated by attacker and infected computer can be controlled. Trojan Horse is malware which pretends as a useful program, entertaining and rescue, but beyond that, it ruins the infected computer. Trojan horses can be ridden by other malware such as viruses, worms, spyware. Trojan Horse can not produce themselves. In general, they are carried by other utility programs or pretending as a utility program.
• Spyware, is a malware which is used for spying user's activities on infected computer and give the recorded log to attackers. Using that data, attackers can get many valuable informations like username/password, credit card numbers, or other data files which have a economic/politic value for attackers.
• Rootkit, a malware which is attacking the security vulnerability. Rootkit infects into a computer by an attacker after the computer successfully taken over. Rootkit is useful to remove traces of attacks, such as removing logs and hide the malware itself. Rootkits can also contains a backdoor so that in the next days later, the attacker can re-take over the system. Rootkit detection is difficult, because it is planted on the operating system at the kernel level, the core level of the operating system.

How Do Attackers Create a Malware ?

Creating a malware just simply using common programming languages like .NET, Visual Basic, C/C#, Delphi, or even Assembly. But, most favorite malware language is .NET. Because .NET is easier to obfuscate the malware, then that malware will has many different characteristic files and makes antivirus hard detecting it.

Also, there are many softwares for helping attackers create a malware. Those softwares have ability hiding the malware from antivirus and other rutins. This software commonly called as crypter. This crypter also can combines malware file with other file as example icon changer.

Assembly

Assembly is a low-level programming language and using short mnemonic codes. This programming language commonly used for microprocessor programming or other controller devices. Assembly language is representing machine language in symbol codes which understandable by human but not as easy like high-level programming languages.

Malwares from assembly are advanced because those malwares has self-modifying ability which is a way to avoid antivirus detection by change instruction codes when process initiation and activated in memory.

Mutation Engine is the first polymorphic program generator and created by Nick Dark Avenger. This program was launched first time at 1991 and used in 33 viruses on that periode.

Visual Basic 6

Categorized as a high-level programming language and easy to be understand also has same characteristic with VBScrypt. In the past, VBScrypt often used for creating a simple malware like "I Love You" malware.

VB6 can creates 2 program formats are Native and P-code. All programs which are created using VB6 need runtime file when activated. msvbvb60.dll runtime file is used for interpreting th p-code becoming a native API which is activated directly by system.

VB6 also commonly used for creating a crypter. Tejon Crypter is one of VB6 crypter which sale for malware creators. Tejon offering defense layers like anti-sandbox and avoid antivirus detection.

Visual Basic .NET

Visual Basic .NET is next generation from Visual Basic which is developed by Microsoft. With this high-level programming language, there are many emerging malwares. Because malware creators which used to use Visual Basic language can move easily to Visual Basic .NET without learn so much.

This time, there are so many malwares from Visual Basic .NET because attackers easily create their malware undetected from antiviruses using obfuscation technique.

There are some technique to make malware undetected by antivirus :

• Change symbol name
• Change class name, symbol, method, field, and event. This things can make malware harder to be disassembled.
• Hide method calling.
• Obfuscate technique which results method calling.
• String encryption

Conclusion

Internet development triggers faster malwares distribution. Criminal activities like data theft or digital credit card theft becoming bigger threat and attackers have economic purpose behind that. But also there are some political purpose and commonly called cyber war. In general, programming language in malware is not necessary as long they target is achieved.