Malware commonly pops up in the news, often with big organisations falling victim. Recently (only this year!) we have had a few high profile cases, from Forbes inadvertently serving malvertising, to trojans being found in more than 100 apps on the Google Play Store, and the continued rise of high-profile ransomware attacks.
Viruses, and generally malware, are often talked about outside of cyber security circles, but does everyone know exactly what it is, how to avoid it, and what to do in the event of an infection?
Malware (a contraction of malicious software) is a term often used to describe any kind of software that does unwanted things on your computer or device. These nasties can range from simply hogging CPU power to perform tasks of their own, to locking your computer down and demanding a big ransom. Some are also capable of tracking your activities and stealing your sensitive data, such as passwords and files.
The different types of malware
Some variations of malware are:
A virus, like its namesake, is able to self replicate and infect multiple devices on its own. They do this through a variety of means, such as attaching themselves to files and applications. Viruses are also capable of damaging computers by committing certain actions, and can be used to steal information, create botnets (see below), display ads, and more.
Ransomware has seen a lot of exposure recently. This type of malware can literally hold a device and its contents hostage while demanding a ransom for the release of your data. It does this by encrypting the hard drive and displaying a message demanding the user pay a set ransom to the owner of the malware to unlock the device. Ransomware often spreads just like worms (See below), usually arriving in the form of a network vulnerability or downloaded file.
As the name suggests, this form of malware is designed to display unwanted advertisements, this includes pop-up ads and ads shown in software. Many free versions or compromised versions of software come bundled with adware, as it is used to generate revenue for advertisers. Often, adware is backed up by spyware (see below) or other malware to track your activities and steal your data, so this one is more dangerous that it first seems.
This is malware that secretly monitors your activities, recording them and sending them back to a server or malicious attacker. The types of information typically gathered by spyware include websites visited, system information, location, login credentials (keyloggers). Spyware also often has the capability to modify network, system and application security settings.
This type of malware is related to adware. It modifies your browser, ads toolbars, changes search engines and pages, and can add desktop shortcuts. This malware can also redirect you to malicious sites, adware and spyware, because it takes control of your browser.
A rootkit is designed to remotely control or access a computer without the user’s knowledge. This means that once a rootkit is installed, it’s malicious owner can execute software, steal data, modify the system, change software (including any software that might have been able to detect the malware). Basically they have complete control- and you may not even realise! This level of secrecy means you may not be able to find or remove a rootkit using typical security software, so detection and removal relies on manual methods such as monitoring for irregular behaviour.
Trojan is short for Trojan horse, and this malware gets its name from the Greek tale of the Trojan War. This is because Trojans are programs that are disguised as legitimate files or software in an attempt to trick users into downloading malware. Once a Trojan is installed, it enables a malicious party to remotely control the device. Now the attacker has access to an infected computer, they are able to monitor user activity, change files and settings, steal data or install more malware.
Worms are a particularly common, spreading via vulnerabilities in operating systems. The most common way that a worm does its damage is by overloading web servers and using up bandwidth. They are also capable of including ‘payloads’, which are bits of code included to commit certain actions, such as create botnets, steal data or delete files.
Worms are quite similar to viruses, however there are a number of differences that differentiate them. The main distinguishing factor is that while viruses require a user action to spread (running a program, opening a file, using a USB stick), worms often spread by mass mailing themselves to contacts or similar.
Bots are generally created to perform non-malicious tasks automatically, such as for games, contests and everyday actions, however they are becoming increasingly more common in more harmful capacities. Bots can be used in botnets, as spambots, as web spiders scraping server data, and distributing malware on download sites.
Bots are the reason CAPTCHA tests exist, as they cannot usually pass this test without human input.
How do I know if I have malware on my machine?
The first big indicator should be running an up-to-date antivirus scanner on a regular basis and finding malware that way. However, malware can appear between these scans, or may even manage to evade them, so you should be aware of the following symptoms:
- Files changing, moving, or being deleted
- Slow computer or network speeds
- Increased system resource usage
- Programs running, turning off or reconfiguring themselves (malware particularly likes to reconfigure antivirus software and firewalls)
- Strange files or programs appearing
- Messages or emails being sent automatically without you sending them
- Any other strange behaviour you do not expect to see from your device.
How do I deal with malware?
Again, the simplest way to deal with malware is usually through your up-to-date antivirus software. Ensure you have a comprehensive tool that can detect, quarantine and remove many types of malware, and is able to deal with Viruses, adware, spyware, trojans and worms.
In addition to antivirus software you should also ensure a firewall is running, this will ensure that all incoming data is checked and either blocked or can be dealt with accordingly.
DON’T FORGET! You need to make sure that all of this software is kept up to date as any patches are usually security and definition updates, patching vulnerabilities that could be exploited and adding better detection for new malware.
How do I protect myself from malware in the first place?
You can’t always ensure you avoid malware, but there are a few things you should do to stay safe!
Here are some of Bob’s Top Tips:
- Delete emails from unknown sources
- Be careful with physical media- don’t plug in flash drives or discs from unknown sources
- Only download software and open attachments from trustworthy and reputable sources
- Don’t open attachments from personal emails on work computers as you are creating a potential security threat for your organisation
- Don’t just ignore emails you suspect to contain viruses, always contact your IT department as they can then inform the rest of your organisation
- Keep your operating system, antivirus software and browser up to date
- If a link or email looks dodgy, don’t click it!
For more info on viruses and to see what Bob teaches in the Virus Vigilance module, get in touch or try our demo for free here: