Malware
Malware History
Malware refers to any intrusive software developed by cybercriminals to steal data and damage or destroy computers and computer systems.
The first recognizable malware was a worm named Creeper. Written in 1971 as an experiment, it caused no harm to the user besides annoyance. Since then, the field of malware has seen a meteoric rise in both complexity and the threat it poses. From its innocent beginnings, malware has become a global arms race between people protecting networks and others trying to take advantage of them.
Goals of Malware
Cybercriminals are a lot like traditional criminals, they have similar motivations and goals. As traditional criminals use tools to get what they want, be it a gun to rob someone or a crowbar to gain access to somewhere, so do cybercriminals. They use malware to create disruption, steal information or resources and to extort money from innocent computer users.
How does Malware spread?
The most common way people are exposed to malware is through social engineering. Attackers send emails and messages that trick users into clicking on malicious attachments or links. Doing so malware onto the person’s computer.
Malware also spreads through removable media. Attackers create infected USB-drives and leave them in visible places, hoping that a person’s curiosity is greater than their sense of fear. When inserting an infected USB-drive into the computer, malware can install itself onto the computer without the user knowing it.
Websites may contain malicious ads. This attack vector is known as malvertising. Some online ads are embedded with malware that infects the computer when a user clicks on it. Attackers also make these ads tempting to click on. Good examples of such attacks are sites that display a big download button. Usually the button is a malicious ad that downloads malware when clicked.
Some malwares can spread through network connections by exploiting vulnerabilities in the systems that are connected to that network. This type of malware is called a worm. Most worms however are benign, meaning that their only goal is to replicate themselves. This does not mean that they are good as worms still cause harm to the network by consuming bandwidth and making the internet connection slower.
Compromised software or downloads are also a possible way to get infected with malware. Attackers upload free versions of otherwise paid applications, hoping that people will download them. The download however is rarely just the application itself and often times riddled with malware. It is important to remember that “free” variants of applications usually come at a “price”.
Types of Malware
Ransomware is a type of malware that encrypts the users’ files, rendering them inaccessible. Ransomware demands a ransom payment (generally in cryptocurrency) in exchange for a decryption key to restore the files. To help mitigate the damage done by ransomware, the user should make constant backups of their data. This way, the files can be restored in the case of a successful ransomware attack.
Spyware is a type of malicious software that is designed to secretly monitor and collect a user’s activity on the device without consent. The gathered data can vary from login credentials to exact keystrokes (keyloggers) the user makes. This data can later be sold on the dark web and used for identity theft, financial fraud or targeted advertising (adware).
Keyloggers are a type of spyware that record every stroke made on a computer or mobile device. They can capture sensitive data, such as usernames, passwords and credit card information. Keyloggers are also sometimes used in a corporate setting to monitor employee activity.
Adware is a type of malware that automatically displays or downloads unwanted advertisements on a user’s device, typically on a web browser. While it is usually considered less harmful than other types of malware, it can still be intrusive and negatively impact a user’s experience. Adware is considered spyware when it tracks and collects a user’s browsing habits to display targeted ads.
Cryptojacking malware is a type of malicious software that harnesses the computers’ processing power to mine cryptocurrency. It does so by running complex calculations that slow the computer down. It usually works in the background of the computer without the user knowing, only indicated by a slow-performing computer.
Rootkit is a type of malware designed to gain unauthorized access to a computer system and conceal its presence. It also aims to hide the presence of other malware by intercepting system calls and modifying how the system displays files or processes. They also allow attackers to control the system remotely.
Trojans are a type of malware that disguise themselves as legitimate programs or files to trick users into opening them. A trojan can be hidden in any type of file, from a simple word document to an executable file. A trojan itself may not be malicious, however it is mainly used to stealthily deliver and execute malware, like ransomware, spyware, adware and many others.
Virus is a more general term for a specific type of malware. A virus attaches itself to a host file or program and spreads to other programs or files when executed, thus infecting them. Much like a biological virus, it relies on a host and requires user action (opening the infected file) to become active and start spreading.
How to protect yourself against Malware?
The best way to protect against malware is by being attentive when browsing the internet. Avoid clicking on thing that seem too good to be true as they are probably created by someone who wants to take advantage of other people – a cyber criminal.
Avoiding random USB-drives is also a good thing to keep in mind. They might not be all malicious, but it is always better to be safe than sorry. In the case of finding a suspicious USB-drive, it is best to be delivered to the responsible help-desk or information station.
Constantly updating the computer’s operating system is also very important as these updates fix many of the latest vulnerabilities, making the computer more secure and harder for malicious software to successfully plant itself.
In general practise, Windows Defender is a perfectly capable anti-virus program, as long as the computer user possesses suitable cybersecurity awareness. Anti-virus software should not be the only thing that a computer user relies on. It should be a backup force in case the user has missed something. Windows Defender provides a solid baseline protection for users with good security habits.
To learn more about malware and ways to stay safe online, visit our Cyber Security Awareness Trainings page for professional engagements or MyCyberHygiene for an individual course.