What Counts as Malware?

 Tricky perhaps, maybe just what should not be there.  

What counts as ‘malware’? AWS clarifies its  Definition           By Kyle Alspach

 Amazon Web Services had strong words this week about research published on a new strain of malware, which was discovered in its serverless computing service, AWS Lambda.

In a statement (screengrab shared below), the public cloud giant went to some lengths to dispute the findings — and in the process, made an unusual assertion.

Not all Data is Created Equal Personalization in the time of a global privacy movement

Specifically, the AWS statement circulated this week to multiple media outlets including VentureBeat mischaracterized what constitutes “malware,” a number of security experts confirmed.

The statement came in response to research about the “Denonia” cryptocurrency mining software, discovered by Cado Security researchers in a Lambda serverless environment.

From the AWS statement: “Since the software relies entirely on fraudulently obtained account credentials, it is a distortion of facts to even refer to it as malware because it lacks the ability to gain unauthorized access to any system by itself.”

It’s the second line in the above statement — “it is a distortion of facts to even refer to it as malware” — that is not correct, according to security experts.

“Software does not have to gain unauthorized access to a system by itself in order to be considered malware,” said Allan Liska, intelligence analyst at Recorded Future. “In fact, most of the software that we classify as malware does not gain unauthorized access and is instead deployed in a later stage of the attack.”

Malicious intent

Defining the nature of a piece of software is all about the intention of the person using it, according to Ken Westin, director of security strategy at Cybereason.

Simply put: “If their goal is to compromise an asset or information with it, then it’s considered malware,” Westin said.

Some malware variants do have the capability to autonomously gain unauthorized access to systems, said Alexis Dorais-Joncas, security intelligence team lead at ESET. One of the most well-known cases is NotPetya, which massively spread by itself, via the internet, by exploiting a software vulnerability in Windows, Dorais-Joncas noted.

However, “the vast majority of all programs ESET considers malware do not have that capability,” he said.

Thus, in the case of Denonia, the only factor that really matters is that the code was intended to run without authorization, said Stel Valavanis, founder and CEO of OnShore Security.

“That’s malware by intent,” Valavanis said.  .....  '