Malware is a common term in information security, but what exactly is it? In this article, we’ll explore where it comes from, what it is intended to do, and how to best protect you and your company from attacks.
Malware: A Definition
The word “malware” is a shortened version of the term “malicious software,” i.e., any type of program designed to do harm to a computer, server or network. Malware includes viruses (programs that “infect” other programs or documents and spread from computer to computer), worms (a more specific type of virus that duplicates itself) and Trojans (programs or documents that appear to be something legitimate but infect computers once they are opened).
Other types of malware include spyware, which can collect keystrokes or take control of a computer’s camera; adware, which displays unwanted ads and can download further malware; ransomware, which holds a computer or network hostage until a fee is paid; and rootkits, which can secretly take admin controls over a computer, server or network.
These programs are often created as an executable file, also known by its extension .exe, a type used by PCs running Windows software. Other malware programs are embedded in macros, such as those used by Word or Excel with extensions .doc and .xls and can infect other operating systems including OSX.
They often take advantage of a vulnerability in a program or operating system which hasn’t been updated to the latest version.
How Do I Catch Malware?
As varied as the types of malware are the delivery methods in which thieves attempt to get you to open it or visit a website. The most basic and still by far the most common is through good old-fashioned email communication. This tactic is known as phishing, where a hacker may send tens of thousands of emails with a malware attachment. Phishing/malware is a numbers game: All they need is just one click to unleash the virus and spread havoc.
Another way malware spreads is through infected websites. These can be obviously marginal destinations, such as file-sharing or pornography sites, but can also be hidden in more “legitimate” sites that have been compromised. Many times the malware will be secretly downloaded in the background without your knowledge, a process known as a drive-by download. Other times, a phony alert message will pop up telling you to update your software (like Flash); when you click, you are actually installing malware.
Malware can also be placed on a USB, included in a text message or embedded in pirated software (and sometimes even bundled with legitimate applications). If someone at your work downloaded malware and it infected the network you are attached to, you and everyone else are likely infected as well.
The most common denominator between all these scenarios is that people often don’t use their best judgment before they click.
What Happens When I Get Malware?
It depends on the type of malware you have, but generally speaking, your computer becomes corrupted or compromised. You may notice that it slows down considerably or that files are missing. You may also be barraged with pop-up windows that you can’t close. It may also behave strangely, crashing and restarting without any prompting from you.
Other malware (like spyware) can be sneaky, secretly recording keystrokes or taking over your camera. Ransomware is perhaps the most obvious, as it will often display an alert telling you that you have been locked out and give you instructions on how to get access back (usually by sending bitcoin).
Examples of Malware
Malware has been around almost as long as computers themselves, first being spread by floppy disks and then graduating to macros. One of the first widespread infections was called the “ILOVEYOU” virus, created in 2000. It was a simple email that purported to have a love letter attached; once opened, it overwrote all personal files and sent itself to people in the user’s address book. It became one of the most damaging viruses of all time.
A more recent, infamous attack was the Locky ransomware virus in 2016. This virus was first spread through a Microsoft Word macro document attached to an email. In its first day, it infected half a million computers and went on to attack millions more, including hospitals and police stations. Those systems with the Locky virus were greeted with an alert screen instructing them to download a TOR browser and deliver a certain amount of bitcoin.
But these are only the tip of the iceberg when it comes to malware, as new variants are popping up every day.
How Do I Get Rid of Malware?
If your computer starts acting strangely or you think you may be infected with malware, there are some things you should do right away. If you are on a PC, the first thing you’ll want to do is go into safe mode and then delete any temporary files.
Next, you’ll want to scan for infections using software such as Malwarebytes (which is free to scan and clean, but charges for advanced features). You will need to download it to your computer or put it on a USB drive. After you’ve found the malware and cleaned it, PC World also recommends you check your browser settings to make sure they haven’t been changed to a rogue website homepage, which could start the infection process all over again.
If you find yourself locked out of your computer due to a ransomware attack, the FBI strongly advises against paying the ransom. Not only does it embolden the criminals, but there is also no guarantee the malware is completely gone or that it won’t happen again.
How to Prevent Malware Infections
Preventing malware infection requires a multi-pronged approach. Of course you’ll want an antivirus program that can spot malware and block it. You’ll also want a smart email filter that can flag and isolate potential spam messages with dangerous links or attachments; there are more advanced programs that specifically look out for ransomware as well as “sandbox” (isolate) potentially dangerous applications.
Additionally, all computers on the network should be running the latest operating system and browser software updates, which will patch known vulnerabilities. Web browser settings should disable autoplay of Java and Flash (often used for malvertising). Networks should all be secure https connections and have strong passwords and two-factor authentication for access. There should also be clear policies about smartphone use on the network as well as what to do or who to turn to in case of cyber-emergency.
But even if you have all the best software, hardware and protocols in place, there is still a chance of a malware breach. Why? The human error factor, which sophisticated hackers try to exploit. That’s why it’s also important to include awareness training in every prevention program. This should be a set of mandatory lessons that should be engaging and interactive, not just a video that can run in the background.
Awareness courses should be able to be administered automatically and monitored for completion remotely. No one should be exempt from taking them, including C-Level executives who are often targeted in malware attacks.
Metrics of course completion can tell you a lot about your company’s preparedness; however, it’s also imperative that you surreptitiously test the organization’s overall resilience. This can be done by using a phishing simulation program that will allow you to send phony spam emails to your workforce; if someone in the company clicks on a link or attachment, you can be alerted, and they can be required to take additional training.
Malware is a very real, constant threat that can cripple any organization. Protecting yourself involves a continuous effort to keep your employees vigilant and the hackers at bay.
- Defining Malware: FAQ, Microsoft
- Everything you need to know about macro viruses, Norton
- Locky Virus, The High Tech Society
- How did the WannaCry ransomworm spread?, Malwarebytes Labs
- Incidents of Ransomware on the Rise: Protect Yourself and Your Organization, FBI
- How to remove malware from your Windows PC, PCWorld
- 10 easy ways to prevent malware infection, Malwarebytes Labs