Malware

Malware, an abbreviation of "malicious software," is a type of computer program whose purpose is to infect a user's PC.

Malware is usually installed by accident, often by, for example, inadvertently downloading software (such as browser toolbars, download assistants, or bogus antivirus software) that come bundled with an otherwise innocent looking program.

It's vital that all users know how to recognize and protect themselves from all of its forms. Some malware can get on your computer by taking advantage of security vulnerabilities in your operating system and software programs.

• Virus: Computer viruses attach themselves to clean files and then infect other clean files. They can spread quickly, and often damage a system’s core functionality by deleting or corrupting files.
• Trojans: This kind of malware disguises itself as legitimate software, or is included in legitimate software that has been altered. Trojans often stay under the radar, and exist to create backdoors in your computer security to allow for further infection.
• Spyware: Spyware is malware built to spy on you. It hides in the background and takes notes on what you do online, and uses this to gather sensitive information about you.
• Worms: Worms take over entire networks, both local or across the internet, by using network interfaces. The worm uses the network to travel from device to device, infecting as it goes.
• Ransomware: otherwise known as scareware, ransomware can (or sometimes, only appear to) lock down your computer and threaten to destroy your data unless a ransom is paid.
• Adware: While not always malicious, aggressive advertising software can diminish PC security in order to serve ads. Also, even if not directly dangerous, pop-ups destroy the quality of a user experience.
• Botnets: These are networks of computers already infected, made to work together by a remote attacker, often without users being aware of the hijacking.

New types of malware are constantly updated to include new evasion and backdoor techniques designed to fool users and security services as well.

Some of these evasion techniques rely on simple tactics, such as using web proxies to hide malicious traffic or source IP addresses. More sophisticated evasion techniques include polymorphic malware, which constantly changes its code to side-step detection from most anti-malware tools. Anti-sandboxing means the malware can detect when it's being analyzed, allowing it to hold off on executing until out of sight; and “fileless malware” resides only in the system's RAM in order to avoid being discovered.

• Software downloads that at first seem to be something safe like a simple image, video, or audio file, but in reality are harmful executable files that install malicious programs. So-called “drive-by downloads” automatically download malicious programs to users' systems without their approval or knowledge.
• Local storage devices, such as USB drives or other external storage, are plugged into a computer and spread infection.
• Phishing attacks, where emails disguised as legitimate messages contain malicious links or attachments.

While it is possible to remove malware from a system, and return to an uninfected state, it will always be more beneficial to prevent contamination in the first place. The most effective methods for avoiding infection are:

• Install antivirus / anti-malware programs: These programs should be configured to automatically look for signs of activity in both downloads and active files. Many programs can also monitor suspicious websites or harmful email messages.
• Adjust behavior: Start by avoiding untrustworthy emails and attachments from suspicious accounts. Malware sometimes spreads by sending copies of itself to everyone found in a contact list.
• Regularly update software: Not only anti-virus software, but also key programs on your computer, especially your web browser and local email client. This way, your computer is more likely to recognize newer threats.
• Practice safe browsing: Consider the websites you visit, and avoid clicking on links or downloading files that seem suspicious or disingenuous.
• Use strong passwords and a password manager: An effective password is complex, non personal, changed often, and unique to each website. This will greatly increase the security of your various web accounts.
• Check the strength of your secure connection: Look for the padlock icon to the left of the URL and check that the URL reads ‘https’ instead of ‘http’. If it’s there, then that means the information passed is secure.
• Set up a reliable firewall: This is extremely important. A firewall protects computers from a huge number of exploits and vulnerabilities. On its own, a software-based firewall isn't enough to protect systems from the constant automated attacks prevalent across all Internet-connected systems. Because of this, it is important that all high value PCs connected to the Internet should be protected by a hardware-based firewall.

Malware today is almost entirely designed by criminals as a means of personal gain. Cyber criminals use a plethora of ever evolving tactics to evade detection while acquiring stolen digital property.

The main risk that cyber criminals pose to PC users and companies is securing banking and credit card accounts and passwords, sensitive information related to business practices, or the personal information of users stored by a company. The people who acquire this information illegally often use it to empty bank accounts or max out credit cards. Often they’ll even sell the information to other criminals. These can be underground criminal organizations who want access to tools such as money or false personal information. Even some governments use these techniques in order to gather intelligence.