1.1 What is Malware?

The best place to begin is with a general definition of the term malware. This definition is taken from Wikipedia http://en.wikipedia.org/wiki/Malware

Malware, short for malicious software, is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. ‘Malware’ is a general term used to refer to a variety of forms of hostile or intrusive software.

Taking this one step further, malware is never something we want to have on our computers. It is placed there against our wishes, using methods designed to prevent our knowledge of its installation, and in most cases, also designed to prevent our knowledge of its operation. It is often bundled with other software which we do want. Sometimes its presence in this software is known, but sometimes the software vendor is victimized as well.

1.2 Why Does Malware Exist?

Over the course of time, the primary purposes of malware have evolved. Originally, malware’s primary purpose was to demonstrate a hacker’s prowess and ability to control computers beyond his own sphere of control. In today’s world, malware is used for much more structured purposes, most of which involve financial gain for the authors and/or distributors of the malware. Some examples of why malware exist are:

1.2.1 Access to Government/Corporate Secrets (Espionage)

In early 2013, Kaspersky Labs announced that a cyber-espionage campaign named Red October had been operating for more than five years, targeting several international governmental and scientific research organizations. The primary purpose was theft of corporate and/or government secrets to be used by perpetrators for their own purposes. Whether the goal is military/diplomatic strategy or financial gain, malware is the perfect spy.

1.2.2 Identity Theft

It is becoming an everyday occurrence to hear about large-scale identity theft, and malware is the method of choice. Even if a merchant is compliant with all industry data security standards, there is no guarantee that those standards can adequately protect against a well-crafted zero-day threat. Not all detected threats are made public. Some threats escape detection completely. Identity theft is big business, and malware is behind it.

1.2.3 Distribution of Contraband Information

Contraband information comes in many forms. It may be black market forums used for sale, distribution and discussion about malware. It may be child pornography. It may be distribution of information gleaned from identity theft operations. Those responsible are aware that the internet does not offer anonymity, so the answer is to build clandestine distribution networks using unprotected computers controlled by malware. The network may be detected at some point in time, but those responsible often remain anonymous. Malwarebytes Management Console Administrators Guide Page 2.

1.2.4 Unauthorized Control

Another high-value target of malware is associated with unauthorized control of facilities belonging to those who are considered enemies of the attacker. In a situation such as this, the motivation behind the attack is often based upon political ideology. In an attack of this type, the goal is not financial gain. Instead, it is to create financial turmoil within the society affected by the attack. Though it is based in the use of malware, the act itself is terrorism.

1.3 The Malwarebytes Solution

In 2008, Malwarebytes was founded on the belief that you and everyone have a fundamental right to a malware-free existence. Every product is built on that premise. Malwarebytes products are designed and coded by folks like you. Folks who have stayed up all night trying to rescue an infected machine. Folks who have dealt with the after effects of a hacked email account or a compromised network. They work around the world – Europe, Asia, and America – and around the clock. Tweaking their unique blend of heuristic, signature, and behaviour-based technologies to protect people like you and businesses like yours…because malware never sleeps.

Malwarebytes Anti-Malware began as a consumer-oriented product, and has evolved over time to incorporate several new features and enhancements which contribute to its recognition as the malware solution of choice by an overwhelming number of computer users. Malwarebytes Anti-Malware is available in free, premium and OEM versions for the consumer market. Over time, the consumer product has evolved into a business version (Malwarebytes Anti-Malware Corporate), enabling IT administrators to control installation and management of Malwarebytes software on endpoints using both GUI-based and command line methods. At the same time, Malwarebytes released Malwarebytes Techbench, which offers the features of Malwarebytes Anti-Malware free version on a USB stick, optimized for use by computer repair facilities. These facilities had already been using Malwarebytes products as part of their daily regimen, but Malwarebytes Techbench allowed them to also keep segregated log information of repairs which were performed, assisting them with accountability towards their customers. These products – combines with a deeper understanding of the business marketplace – have contributed to the creation of Malwarebytes Management Console.

1.3.1 Malwarebytes Management Console

Consumers are not alone in their desire to use Malwarebytes products to keep their computers safe. Business users also want that same level of protection, but they have special requirements based on:

  • Corporate security policies
  • Number of computers which require protection
  • Maintaining security while not disrupting work flow
  • Need to automate tasks whenever feasible
  • Need to incorporate Malwarebytes integration with existing IT processes

Beyond these general needs, many businesses have needs specific to their own business. Malwarebytes responded by producing a stand-alone version for business users (Malwarebytes Anti-Malware Corporate Edition, since retitled to Malwarebytes Anti-Malware for Business) and Malwarebytes Management Console, which provides Malwarebytes security via a centralized console.

1.3.2 Malwarebytes Anti-Malware

This is the flagship product of Malwarebytes. It has long been the favourite protection among technical computer users, and the company’s growth has been built primarily on the recommendations of its users. Malwarebytes Anti-Malware is driven by a signature database which is updated 8-15 times daily, and supplemented by heuristic analysis to detect patterns that do not yet exist in the signature database. The focus is on recent, current and emerging threats. Only a small number of threats affecting computer users today are based on older threat vectors, as most (if not all) anti-virus and anti-malware software products are well equipped to deal with the older threats.

Malware refers to all files with content that could be malicious for a computer system. This is not just limited to viruses, as there are many other types of files that can cause serious damage to computers or networks.

The term malware refers to a wide range of threats:

  • Viruses: They destroy information and replicate automatically.
  • Worms: They make copies of themselves and send themselves massively from infected computers to all contacts in the address book, for example.
  • Trojans: They can open ports to a hacker who can take remote control of an infected computer.
  • Spyware: They steal personal information stored on a computer.
  • Phishing: This involves sending email messages that appear to come from reliable sources (such as banks) and that try to get users to reveal confidential banking information. To do this, the messages usually include a link to spoofed web pages. In this way, the user, thinking that they are in a trusted site, enters the requested information, which is really falling into the hands of the fraudster.
  • Blended threats: The latest epidemics have involved attacks using a combination of threats (blended threats).
  • Dialers: They change dial-up connections to premium-rate numbers without the user’s permission.
  • Jokes: These are time-wasting tricks or jokes.
  • Other risks. Certain software is not classified as malware, but can pose a risk to the security of corporate networks if it is used.
  • Hacking tools: all tools that can be used to steal confidential information or gain unauthorized access, etc.
  • Security risks: applications that pose a risk to security and which are not classified as viruses. For example, a program for creating viruses or Trojans.

Anti-malware protection in operation

  • Scanning and disinfection: After installation, it immediately scans all inbound and outbound traffic, applying the actions defined by the administrator.
  • Incremental Signature Updates: Every hour, it downloads only new malware signatures patch, automatic and transparently.
  • Local Updates: It connects to a local server to check and download the new updates, instead of connecting to the Internet, for restricted security networks.

Action on malware. The administrator decides what action to take on any malware detected:

  • Disinfect: The file with the malware will be disinfected
  • Delete: The infected file will be deleted.
  • If the malware is contained in an attachment in an SMTP email, the options include:
  • Deleting the entire message.
  • Deleting just the attachment.

Benefits

  • Complete proactive real-time protection: It prevents all types of malware from entering the network by scanning the seven most widely used communication protocols.
  • Optimized bandwidth and resources: Reduces the workload on company servers by eliminating non-business related and potentially dangerous traffic and by optimizing bandwidth usage.
  • Prevents damage to corporate image: Stops malware from being sent out from the company and prevents installation of programs that can do this.