Damage caused by malware

The damage caused by a virus which infected a home computer or a corporate network can be different – from insignificant increase in outgoing traffic (if a computer is infected by a Trojan sending out spam) to the complete network breakdown or the loss of critical data. The scale of the damage depends on the targets of the virus and sometimes the results of its activity are imperceptible for the users of a compromised machine.

Operability of computers and computer networks

The catastrophic failure or dramatic slowdown of an individual computer or network can be premeditated or accidental. A virus or a Trojan may delete critical system elements, thus disabling the OS, overload the network with a DDoS attack, or otherwise negatively affect the system’s operability.

Fatal problems are often caused by a bug in the virus’ code or principle of operation. Bugs can be found in any software product, including viruses. In addition, it’s most unlikely that viruses are thoroughly tested before they are launched, a practice that is mirrored by some commercial products too. Sometimes malware is incompatible with the software and hardware of the system upon which it is run, resulting in server failure or drastic increases in spam traffic, thereby paralyzing a company’s network.

From time to time more disastrous events occur. For example, in 1988 in the USA, the Morris Worm caused an epidemic in Arpanet, ancestor of the modern-day Internet. Over 6000 machines, or about 10% of all the computers on the network, were infected. A bug in the virus code caused it to replicate and distribute itself across the network, resulting in complete system paralysis.

In January 2003 the Slammer worm caused a geographically-rotating Internet blackout across the USA, South Korea, Australia and New Zealand. As a result of the uncontrolled prevalence of the worm, network traffic increased by 25%, leading to serious problems with banking operations for the Bank of America. Lovesan (Blaster, MSBlast), Mydoom, Sasser and other network worm epidemics also caused terrific damage to airlines which had to cancel the flights, and to banks which had to temporarily cease their operations.

Hardware failure

A virus seldom causes hardware failure as modern computers are relatively well protected from software faults. However in 1999 the CIH virus, also known as Chernobyl, disrupted the operation of any infected system by deleting the data in the Flash BIOS, making it impossible to even boot the computer. Home users had to visit a service center to get the Flash BIOS rewritten in order to restore the machine to working condition. On many laptops the Flash BIOS was soldered directly to the motherboard, along with the drive, the video card and other hardware. This meant that in most cases the cost of the repair exceeded the cost of a new laptop, resulting in damaged computers being simply thrown away. Several hundred thousand computers fell victim to the CIH ‘bomb’.

Sometimes a Trojan can open and close the CD/DVD tray. Though modern hardware is pretty reliable these days, this could theoretically cause drive failure on computers that are continuously on.

Data loss or data theft

The damage caused by a successful attack that erases a user’s data can be measured in terms of the value of the erased information to the user. If the attack targeted a home computer used for entertainment, the damage is probably minimal. The theft of important information can result in the loss of many years work, a valued photo archive or some other type of coveted correspondence. The oft-neglected way to prevent data loss is by taking regular backups.

If data is stolen as the result of a targeted attack on a specific individual, the damage can be tremendous, particularly if the data belonged to a company or even the state – client databases, financial and technical documentation or even banking details can end up in the wrong hands – the possibilities are endlessly. We live in the information age and its loss or leakage can sometimes have disastrous consequences.

Even if there is no visible damage

Many Trojans and viruses do not advertise their presence in the system. Viruses can surreptitiously infiltrate the system, and both the files and the system will remain operable. Trojans can hide themselves in the system and secretly do their Trojan thing – and on the face of it everything seems fine, however it is only a front.

A virus on a corporate network can be considered a force majeure and the damage caused by it as being equal to the losses associated with the network downtime necessary for disinfection. A Trojan’s presence is also a highly undesirable thing, even if it does not constitute any threat to the network. The Trojan may only be a zombie server sending out spam, but it consumes network and Internet resources and the compromised computers can distribute a great deal of spam which is likely to be directed towards the company’s own corporate mail server.

Unfortunately, a considerable number of home users do not realize the problem and do not protect their computers. Our survey from December 2005 showed that 13% of the Russians that took part had no antivirus program installed on their machines.

Most of these users were completely unaware that their computers could become a base for spam distribution and attacks on other network elements. Let’s leave it to their conscience.


Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantis’. Read Full Article


DDoS attacks in Q4 2017

Q4 2017 represented something of a lull: both the number and duration of DDoS attacks were down against the previous quarter. At the same time, the increase in the number of attacks on honeypot traps in the runup to holiday sales indicates that cybercriminals are keen to expand their botnets at the most opportune moment by pressuring owners of online resources and preventing them from making a profit. Read Full Article


IT threat evolution Q3 2017

Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article


DDoS attacks in Q3 2017

In the third quarter of 2017, we registered a considerable increase in the number of both DDoS attacks and their targets. Traditionally, China is the country with the largest number of attack sources and targets. It was followed by the United States and South Korea. The popularity of Windows OS as a basis for creating a botnet has fallen noticeably, while the share of Linux-based botnets increased proportionally. Read Full Article