Malware Spotlight: Wabbit
Nilsa Cantos
Beginnings are often steeped in myth, legend and a good helping of storytelling, with malware being no exception to this rule. Way back in 1974, before many of our readers were born, malware was still in its infancy, with early pioneers inventing different types of malware to simply explore what could be done.
This article will detail the Wabbit type of malware and will explore what Wabbit is, the history of Wabbit, how Wabbit works, the fork-bomb Wabbit variant, and potential applications for this early type of malware.
This name is incredibly accurate for what this malware is, as it refers to the fact that rabbits reproduce very fast. Wabbit is the first self-replicating malware to ever exist (some historians will argue that Creeper was) and can reproduce so fast that the system it is installed on literally chokes as its resources are all used up by Wabbit.
Due to the rarity of Wabbit and some of its unique peculiarities, modern malware discussions do not mention it as a type of malware. Looking back at it historically, however, it is clear to see that not only is it malware but possibly one of the best, as it has solid potential as an educational tool and for historical purposes as well.
Wabbit is indeed a relic of a past computing age, essentially designed to take advantage of the way the IBM OS processed information. You see, IBM used to use what was called the ASP job stream, which would communicate with its console less and less as resources were consumed. Looking at this malware through modern eyes, Wabbit most closely matches up to the denial-of-service attack (DoS).
Wabbit is most applicable in the arena of computer science and information security education. While Wabbit can cause damage to systems, it is a relatively simple piece of malware that can be used to demonstrate process and program replication in education.
Computer science students can be given a time limit to stop Wabbit, where the natural end of the exercise is either stopping Wabbit or the infected system crashing. This would also have value in teaching students about just how simple malware can be and how you sometimes need to understand it to stop it.
Wabbit was originally meant to be more tongue-in-cheek than malicious. However, this malware can easily be programmed to not only be malicious but also to infect modern systems, making it a bona fide type of malware.
Throughout the early 2000s, malware became even more prevalent. The use of rootkits, toolkits, crimeware kits, and even SQL injection attacks rose dramatically. Along with new techniques came even larger infection rates. The ILOVEYOU Worm alone affected over 50 million computers and caused over $5.5 billion dollars in damages. The virus, sent through an inconspicuous email, caused parts of the Pentagon and British government to shut down some of their email servers.
The SQL Slammer Worm was developed in 2003. This vicious attack affected over 75,000 computers in less than ten minutes. The effects from this was slower internet usage worldwide. The Cabir Virus in 2004 was the first to attack mobile phones, while the Koobface Virus the following year targeted social media platforms such as Facebook and Twitter. The Conficker Worm also caused widespread damage in 2008. Not only was the spread and rate increasing with each new development in malware, but also new platforms and devices were being targeted.
As developments in malware progressed from the 1940s and 1950s, new techniques and uses for malicious software were developed. Programs were no longer harmless or accidentally harmful. They were intended for destruction and corruption. Whether to steal files, spy on computer usage, delete or corrupt files, ransom accounts for profit, or something else, malware has come along way since its beginnings.
As the spread of malware increases, new uses for the programs are being developed as well. No longer carried by floppy disks, viruses have the potential to spread though internet access, email, and far more, posing a threat to individuals, small businesses, corporations, and government entities alike. Unless systems are protected against these attacks, businesses and organizations risk losing data or having their systems crash. The loss in time and money can be devastating.
Making sure your systems are kept safe is essential to protecting your personal files and assets, as well as that of your business or organization. Understanding how malicious software might be disguised or where there are weak areas in your system will go a long way in protecting you from attacks. As new malware is created, it is important to stay vigilant. Corruption from malware can happen to you, and it can cost you dearly if you are not taking precautions against it. IT security professionals consistently emphasize the following four points to stay in front of the malware threat:
The general usage of this term - Anti-malware - refers to a number of software programs and applications that are capable to detect and remove malware from individual systems or from larger networks. Though the term is usually used in connection with classic antivirus products, the anti-malware abilities can include anti-spyware, anti-phishing or anti-spam solutions. Lately, the term has spread to name specialized software that fights data stealing malware delivered by online criminals.
Anti-spam term or better said the anti-spam techniques are employed by special software programs that fight spam, which is unsolicited e-mail. The spam problem needs to be solved not only at the individual level of each user, but at an even greater level, that of system administrators that need to secure thousands of computers from spam. Spamming attempts become a greater problem for everybody because this is one of the main ways to deliver the most dangerous malware in the wild and additional phishing threats.
Antivirus software, sometimes called an anti-malware program, appeared a few years ago to protect computers from viruses and other threats that affected the initial modern computers. Nowadays, antivirus programs protect users from more advanced online dangers, like ransomware, rootkits, trojans, spyware, phishing attacks or botnets. Nevertheless, the name "antivirus" was preserved for these software solutions that protect computers from a large number of threats.
Atmos is a form of financial malware emerged from Citadel (which, in turn, is based on the ZeuS leaked code). Atmos has been active since late 2015, but there was no serious uptick in activity until April 2016.
An attack signature is a unique piece of information that is used to identify a particular cyber attack aimed at exploiting a known computer system or a software vulnerability. Attack signatures include certain paths used by cyber criminals in their malicious compromise attempts. These paths can define a certain piece of malicious software or an entire class of malware.
Autorun worms are malware programs that use the Windows AutoRun feature to launch automatically when the device, usually a USB drive, is plugged into a PC. AutoPlay, a similar technology has been used recently to deliver the infamous Conficker worm. Microsoft has set on new systems the AutoRun setting to off, so this issue should disappear in the future.
A backdoor Trojan is a way to take control of a system without permission. Usually, a backdoor Trojan poses as a legitimate program spreading though phishing campaigns and fooling users into clicking a malicious link or accessing malware on a website. Once the system is infected, the Trojan can access sensitive files, send and receive data online and track the browsing history. To avoid this type of infection, you should keep the system up-to-date with the latest patches and have strong anti-malware protection.
Skilled computer users with malicious intents, they seek to compromise the security of a person or organization for personal gain. Blackhat hackers frequently specialize, for example in malware development, spam delivery, exploit discovery, DDoS attacks and more. Not all blackhat hackers use the malware they developed or the exploits they discover. Some just find them and sell the know-how to the highest bidder. Their favorite targets are financial information (such as credit card data or bank accounts), personal information (like email accounts and passwords), as well as sensitive company data (such as employee/client databases).
A blended threat is a widely-used term that describes an online attack that spreads by using a combination of methods, usually a combination of worms, trojans, viruses and other malware. This combination of malware elements that uses multiple attack vectors increases the damage and makes individual systems and networks difficult to defend.
A boot sector malware is capable of replicating the original boot sector of the system, so that at the following system boot-up, the malware may become active. This way, the bootkit in the boot sector manages to hide its presence before the operating system can load up. This is a clear advantage for the malware, which is loaded before the system and the anti-malware solution. Since it loads before the security solution, it can even disable it and make it useless against it. This type of infection is usually difficult to clean.
dd2b598166