Skip to content
Skip to main content

About this free course

Share this free course

Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

2.1 What is malware for?

This section is part of the amber and green pathways.

The image shows a city at night, with curved lines connecting different parts of the city.
Figure 9

There are many reasons why malware is created including intellectual curiosity, financial gain or corporate espionage.

Many programmers thrive on the challenge of seeing what is possible, and set out to create a malware program even if they do not intend to do harm. Perhaps the most famous of these experiments was the 1988 Morris Worm – the first worm to spread over the internet. The supposed intent of this worm was to gauge the number of machines connected to the network. However, the result was to slow down the operation of infected machines to the point of being unusable.

Worms continue to represent a major threat, as shown by the case of the Conficker Worm of 2008.

Case study: Conficker

In 2008, Microsoft Windows computers began being infected by an advanced worm called Conficker (also known as Downup, Downadup, and Kido), which spread when users shared files, either over networks or via USB flash memory drives. The malware disabled important security features, such as antivirus software and automated update systems and blocked users from downloading fixes. At the same time, Conficker would exploit a weakness in Microsoft’s server software to infect computers on the same network.

Conficker became the fastest-spreading malware known then, eventually being found in almost every country. It had infected up to ten million computers. Conficker outbreaks were reported from (among others) the armed forces of the UK, France and Germany, as well as the British House of Commons and UK police forces. In the US, Conficker’s impact was sufficiently serious that the Department of Homeland Security set up a Conficker Working Group of security experts tasked with creating strategies that could be used against similar outbreaks in the future.

Conficker’s authors were clearly not amateurs. They released new variants of Conficker on a regular basis to overcome weaknesses in the original malware and took steps (including using digital signatures) to ensure that no one else could hijack their program.

Although Conficker caused a great deal of nuisance, it did not appear to do any actual harm to data, however, the program could have delivered other malware that would have attacked users. In many ways, Conficker was a harbinger of the advanced criminal malware – such as Cryptolocker – that is a major threat to today’s users.

A detailed analysis of the development of Conficker and how the source was identified was published by Mark Bowden in the New York Times in June 2019: https://www.nytimes.com/ 2019/ 06/ 29/ opinion/ sunday/ conficker-worm-ukraine.html [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)]