Developments and Defenses of Malicious Code

The continuous evolution of information security threats, coupled with increasing sophistication of malicious codes and the greater flexibility in working practices demanded by organizations and individual users, have imposed further burdens on the development of effective anti-malware defenses. Despite the fact that the IT community is endeavoring to prevent and thwart security threats, the Internet is perceived as the medium that transmits not only legitimate information but also malicious codes. In this cat-and-mouse predicament, it is widely acknowledged that, as new security countermeasures arise, malware authors are always able to learn how to manipulate the loopholes or vulnerabilities of these technologies, and can thereby weaponize new streams of malicious attacks. From e-mail attachments embedded with Trojan horses to recent advanced malware attacks such as Gozi programs, which compromise and transmit users’ highly sensitive information in a clandestine way, malware continues to evolve to be increasingly surreptitious and deadly. This trend of malware development seems foreseeable, yet making it increasingly arduous for organizations and/or individuals to detect and remove malicious codes and to defend against profit-driven perpetrators in the cyber world. This article introduces new malware threats such as ransomware, spyware, and rootkits, discusses the trends of malware development, and provides analysis for malware defenses. Keywords: Ransomware, Spyware, Anti-Virus, Malware, Malicious Code, Background Various forms of malware have been a part of the computing environment since before the implementation of the public Internet. However, the Internet’s ubiquity has ushered in an explosion in the severity and complexity of various forms of malicious applications delivered via increasingly ingenious methods. The original malware attacks were perpetrated via e-mail attachments, but new vulnerabilities have been identified and exploited by a variety of perpetrators who range from merely curious hackers to sophisticated organized criminals and identify thieves. In an earlier manuscript (Luo & Warkentin, 2005), the authors established the basic taxonomy of malware that included various types of computer viruses (boot sector viruses, macro viruses, etc.), worms, and Trojan horses. Since that time, numerous new forms of malicious code have been found “in the wild.”