Malware
The term malware is often tossed around, but what exactly does it mean? Malware refers to any software that is inherently hostile, intrusive, or annoying in its operation and that performs any action or activity without the knowledge or consent of the system’s owner.
In the past, malware was designed to infect and disrupt; disable; or even destroy systems, applications, and data. In some cases, this disruption went one step further and used an infected system as a weapon to disable or disrupt other systems. In recent years the nature of malware has changed with the software seeking to remain out of sight in an effort to evade detection and removal by the system owner for as long as possible. All the while, the malware is resident on a system taking up resources and power for whatever purpose the attacking or infecting party may have in mind.
Today, malware is dramatically different in nature, with the criminal element realizing the advantages of using it for more malicious purposes. In the past, it was not uncommon for malware to be written as a prank or to annoy the victim, but times have changed. Malware has been adopted by criminals for a wide array of purposes to capture information about the victim or commit other acts. As technology has evolved, so has malware—from the annoying to the downright malicious.
In the past, the term malware covered just viruses, worms, Trojans, and other similar software that carried out malicious activities or performed no useful function. Malware has evolved to include new forms, such as spyware, adware, scareware, and ransomware. Software that used to just connect to systems or annoy the victim now redirects browsers, targets search engine results, or even displays advertisements on a system.
Another aspect of malware that has emerged is its use to steal or destroy information. Malware programs have been known to install what is known as a keystroke logger on a system. The intention here is to capture keystrokes as they are entered to gather information such as credit card numbers, bank account numbers, or other similar information. For example, malware has been used to steal information from those engaging in online gaming and banking to obtain players’ account information.
Malware’s Legality
Malware has tested and defined legal boundaries since it came into being. Lawmakers have passed statues specifically to deal with the problem. Malware initially was perceived as being harmless, relegated to the status of a prank. But times changed, and a more serious look at the problem of malware has become necessary. Over the past few years, the problems posed by malicious code have been addressed technologically. In addition, new legal remedies have emerged in several countries.
In the United States, several laws have been introduced since the 1980s. Some of the more notable ones include:
The Computer Fraud and Abuse Act of 1986—This law was originally passed to address federal computer–related offenses and the cracking of computer systems. The act applies to cases that involve federal interests, or situations involving federal government computers or those of financial institutions. It also covers computer crime that crosses state lines or jurisdictions.
The Patriot Act—This act expanded on the powers already included in the Computer Fraud and Abuse Act. The law:
Provides penalties of up to 10 years in prison for a first offense and 20 years for a second offense
Assesses damages over the course of a year to multiple systems to determine whether such damages are more than $5,000 total
Increases punishment for any violation that involves systems that process information relating to the justice system or military
Covers damage to foreign computers involved in US interstate commerce
Includes, in calculating damages, the time and money spent investigating a crime
Makes selling computer systems infected with malware a federal offense
California State Senate bill SB-1137—This California state law, passed in 2016, was one of the first to define malware as a standalone crime. It doesn’t have to be related to any other criminal activity.
Each country and even some local jurisdictions have approached the problem of malware a little differently, with penalties ranging from jail time to potentially steep fines for violators. In the United States, California, West Virginia, and a host of other states have put in place laws designed to punish malware perpetrators. Although the laws have different penalties designed to address malware’s effects, it has yet to be seen what the effects of these laws will be.
Types of Malware
Although the term malware may refer to any software that fits the definition, it is also important to understand the specifics and significance of each piece of software under the malware banner. A broad range of software types and categories exists, some of which have been around for a long time. Malware includes the following:
Viruses
Worms
Spyware
Adware
Scareware
Ransomware
Trojans
Rootkits
Malware’s Targets
A quick review of the targets of malware authors gives a good taste of why the problem is so serious:
Credit card or other personal financial data—Credit card data and its related personal information are a tempting and all-too-common target. Upon obtaining this information, an attacker can go on a shopping spree, purchasing any type of product or service: web services, games, merchandise, or other products.
Passwords—Passwords are another attractive target for attackers. The compromise of this sort of information can be devastating to the victim. Most individuals reuse passwords over and over again, and stealing a person’s password can easily open many doors to the attacker. Stealing passwords can allow a hacker to read passwords from a system that includes everything from email and Internet accounts to banking passwords.
Insider information—Confidential or insider information is another target for an attacker. An attacker may very well use malware to obtain such information from an organization to gain a competitive or financial benefit.
Data storage—In some cases, a system infected with malware may find itself a point for storing data without the owners’ knowledge. Uploading data to an infected system can turn that system into a server hosting any type of content. This has included illegal music or movies, pirated software, pornography, financial data, or even child pornography.