What is malware? How to recognize, remove and protect yourself
Today, more than ever, we hear about malware. But what is it? The term refers to any software designed with malicious intent, usually an executable file that aims to damage, destroy or steal data, take control of computers and aid in criminal activity. There are many types of malware, each created for a specific purpose. This type of threat has a long history on the PC, with the earliest known example dating back to 1971 when a virus called Creeper was created. Historically, Windows computers have been considered the most at risk from malware, not because Macs and Linux are significantly more secure but because the vast majority of computers run Windows, and therefore, hackers and criminals tend to target those systems for purely numerical reasons.
The different types of malware
Given the variety of malware types and the vast number of variants released daily, a complete timeline would include too long a list. That said, taking a look at malware trends over the past decades is undoubtedly possible. If malware is an umbrella term, we can list the most common types of threats by which you are most likely to be infected. Viruses: many people mistakenly refer to all malware as viruses. But in fact, a virus is only one type of malware, albeit a very common one. A virus is a malware with the ability to replicate itself.
Ransomware has become one of the most powerful and common forms of malware in the last decade. It encrypts all files on a computer and demands a ransom to unlock them. Worm: similar to a virus, a computer worm replicates itself but does so automatically, without any need for human interaction. Spyware: This type of malware steals sensitive information from the PC and sends it to third parties without the victim’s knowledge. Adware is an interesting case: not all adware technically qualifies as malware, even if technically unwanted.
There are legitimate uses for adware, which promotes advertisements on the computer, although some are malicious and potentially dangerous. Trojan is an example of the fact that many types of malware can have the characteristics of more than one type of malware at the same time. Trojan software is designed to appear harmless, often masquerading as legitimate software until installed and activated when the malicious payload goes into action. Virtually any other type of malware, including viruses, ransomware, and spyware, can be a trojan. Scareware is another example of malware that often accompanies other malware payloads. Ironically, viruses and worms often masquerade as antivirus software and display pop-ups that tell you your computer has been infected with malware. The pop-ups recommend downloading a specific program to inoculate the PC. But this is additional malware, which will further damage the system.
How you can get infected
In the past, before the pervasive spread of the Web, malware and viruses had to be delivered manually, physically, via floppy disc or CD ROM. In many cases, malware is still distributed using an external device, although nowadays, it is more likely to be distributed from a flash drive or USB stick. There are cases where USB flash drives are left in parking lots outside targeted organizations, hoping someone will pick one up out of curiosity and insert it into a computer connected to the network.
However, more common is malware that is delivered in a phishing e-mail with payloads distributed as an e-mail attachment. The quality of spam e-mail attempts varies widely. Some efforts to deliver malware will involve attackers putting in minimal effort, perhaps even sending an e-mail containing nothing more than a randomly named attachment. In this case, the attackers hope to run into someone naive enough to go ahead and click on attachments or e-mail links without thinking about it and without having installed any kind of protection.
A slightly more sophisticated form of sending malware via a phishing e-mail is when attackers send large amounts of messages. They are claiming that a user has won a contest, needs to check their bank account online, has missed a delivery, needs to pay taxes, or is even required to be present at some police office. These days, there are a lot of court summonses running these days, inviting you to open an e-mail attachment or link to get more information.
This activates malware, especially ransomware and Trojans. If the attackers have a specific target in mind, the phishing e-mail can be specifically tailored to lure people within an organization or even an individual. It is this means of delivering malware that is often associated with the most sophisticated malware campaigns. However, there are many other ways of spreading malware that do not require end-user intervention through networks and other software vulnerabilities.
Macs are not safe anymore
Mac systems are subject to the same vulnerabilities (and resulting infection symptoms) as Windows machines and cannot be considered immune. For example, macOS’s built-in protection against malware does not block all adware and spyware associated with fraudulent application downloads. Trojans and key-loggers are also threats. The first ransomware detection for Mac occurred in March 2016, when a trojan-provided attack affected more than 7000 users. Various vendors detected more Mac malware in 2017 than in any previous year. At the end of 2017, the number of new unique threats was more than 270% higher than the number detected in 2016.
In terms of devices, while there is now little difference between Windows and macOS machines, it is clear that the boom in mobile devices has also increased the threats targeting those devices. Not only that, if something is connected to the Internet, it is a potential avenue for cyber attacks. Thus, the IoT scenario also becomes interesting from the point of view of attackers, who have found new entry points into networks and infrastructure. Devices such as routers, smart lighting systems, video recorders, and surveillance cameras can be easily infected, and the ultimate damage can be severe, as demonstrated by the case of the Mirai botnet, which has been fed periodically for years now. Malware criminals love the mobile phone market.
After all, smartphones are sophisticated and complex mobile computers and offer a treasure trove of personal information, financial details and all sorts of valuable data for those seeking to profit from cybercrime. This landscape has generated exponentially increasing malicious attempts to exploit smartphone vulnerabilities. From adware, Trojans, spyware, worms and ransomware, malware can penetrate the phone in various ways. Clicking on a suspicious link or downloading an unreliable app are some causes. But you can also be infected through e-mail, messages, and even from a file transferred via Bluetooth. In addition, malware, such as worms, can spread from one infected phone to another without user interaction.
How to tell if you’ve caught malware
Malware takes many forms, but the signs and symptoms of an infection are often the same. If your computer suddenly starts running much slower or your hard drive spins up much more frequently, you may have an infection. Similarly, more frequent, unanticipated crashes are a side effect of poorly designed malware. The appearance of many pop-up windows may also indicate the presence of malware. The most common reasons for pop-ups are adware, scareware, and ransomware. There is a good chance of an infection if you discover new processes running on your PC that might even insert themselves into the Windows startup process. Malware is often designed to hijack e-mails to send unsolicited e-mails to contacts. Each e-mail will likely contain a link or attachment with a copy of the malware itself.
Another symptom of infection is when you realize you have lost access to files or your entire computer. This is symptomatic of a ransomware infection. Hackers announce themselves by leaving a ransom note on the desktop or changing the desktop background in a ransom note. In the letter, the perpetrators typically inform that the data has been encrypted and demand a ransom payment to decrypt the files. Even if everything seems to be working fine on the system, that’s not to say there isn’t malware, which can hide deep inside the computer, evading detection and going about its dirty business without raising any concerns.
A red flag is when there is a strange increase in Internet activity on the system. Let’s take the Trojans as an example. Once a Trojan arrives on a target computer, it next reaches the attacker’s command-and-control (C&C) server to download a secondary infection, often ransomware. This may explain the spike in Internet activity. The same applies to botnets, spyware, and any other threat that requires back-and-forth communications with C&C servers.
How to eliminate malware
Malware is much easier to eradicate today than it was 10 or 20 years ago because the systems are much more secure and the tools to combat it better. There are three basic steps to follow to remove malware from your device. Download and install a good computer security program that allows, with the same license, both Windows and Mac, Android and iPhone. Run a scan using the program. Many free versions allow you to detect malware but not remove it. This is already a good step to see if you are infected. With the threat removed, you must change all your most frequently used passwords.
This involves reviewing the security settings not only of your PC or mobile device but also of e-mail, social media accounts, favourite shopping sites, and online banking. This may sound paranoid, but with spyware, banking Trojans and the like, you are never sure what data has been captured before stopping the infection. As always, using some form of multi-factor authentication (at least two-factor) and a password manager is better.