Monday, October 13, 2014

What is Malware?

fake-antivirus-scam


Malware, is a portmanteau of the words malicious and software. Often times Malware is associated with spyware and viruses, but can also be used as a means of transporting spyware or viruses onto a computer. Malware is usually installed onto a computer unknowingly to the “end user”, or person using the computer, through security vulnerabilities in a web browser. Other times the malicious software is designed to look and feel like regular software (a Trojan horse), like Antivirus, but then attacks the computer when ready. Here are a few ways that attackers use malware to their advantage.

Keyloggers: Malware can be used to hide a program that records all the keys pressed on your keyboard and then transmit the data to the attacker unknowingly to the end user. Attackers use this to get credit card information, usernames, passwords, and anything else that you can imagine that you type on a computer.

Botnets: A botnet is an infected computer that can be utilized by an attacker how and when they choose. Attackers use botnets to use computer resources, CPU power, memory or bandwidth, for attacking other computers. With a chain of computer resources at their power, attackers can shut down a website by flooding it with requests, called denial of service attack, or to use CPU power for cracking passwords or other malicious intent. The end user in these scenarios are usually not aware that their computer is infected or being used for malicious purposes, but they may notice a slowdown of internet speed or processing power.

Scareware: Some attackers use malware as annoyances to force an end user to pay the attacker to stop the annoyance, or to steal the end users information. This is probably the most commonly seen type of malware, because it is most notably found by having pop ups or system sluggishness all the time. Attackers like to disguise this type of malware as antivirus programs (antivirus 2009, crytolocker, etc…) or spyware programs to deceive the end user into believing that their computer is infected with a virus so that they will purchase the program to remove it. Once purchased, the malware then silently sits and either collects data or waits until the key expires to pop up again. The attackers then gain the credit card information that they can sell or use, plus your money for the purchase.

The two most common ways to get malware is by security vulnerabilities on the computer or by accidental acceptance by the end user. Microsoft, and most third party vendors, send out security patches to fix security holes regularly. Not installing these patches in a timely manner may allow an attacker to bypass security permissions and install applications without the consent of the user. The accidental acceptance usually comes in the form of a browser pop up that deceives the end user (i.e. Your computer is infected, click here to scan now) by mimicking common antivirus software, windows explorer, or that looks like a legitimate program.

Preventive measures for not acquiring malware is to be sure to keep your operating system and browsers up to date with automatic updates and by understanding ways that attackers use to deceive the end user. Be sure to have up to date antivirus software that is not expired.

Most antivirus software will not detect malware until it has already infected the system and does a poor job of removing it. In my IT experience, I have found a program that does a really good job at detecting and removing malware programs, and that is Malware Bytes. The program is free for detection and removal, and they offer a paid version (Subscription based, used to be a one-time lifetime license that you may still be able to get off Amazon) for doing real time detection and updating so that it is hands free for the end user. I recommend installing it on any computer running Microsoft Windows and doing regular scans as malware today has infected over one in four U.S. computers. (Statistic according to the Organization for Economic Co-operation and Development)

 

Information derived from multiple sources:

No comments:

Post a Comment