What is Malware? Protect Yourself From Malware Attacks
What is malware? Learn common signs of malware on a device and how protect yourself from malware attacks. Read on malware definition types of malware such as virus, spyware, worm, ransomware. Learn how to avoid malware attacks?
Software applications play a vital role in running computer systems or mobile devices. Take an example, you can view this article because you have a browser application installed on your device. Many applications exist to help increase our productivity when using technology devices such as document processors, and browsers. The OS (operating system) itself is a software application. Other applications aim to compromise a mobile device, computer system, or computer network. These software applications, also known as scripts, are installed on a device to interfere with the efficiency, security, performance, and even privacy of a device (mobile, PC, network devices, and more). These harm-bringing applications are known as malware.
What is Malware? Malware Definition
Malware is better known as malicious software, whose intent or effect is malicious. Malware can exist in many forms including viruses, trojan horses, back doors, worms, spyware, adware, ransomware, and more. The different categories of malware are derived from the purpose of each application. Not every malware is designed to execute the same tasks. For instance, a malware application can be designed to grab documents of a computer system, another to simply track keyboard and mouse events (clicks, scroll, keys tapped, and more), and others can simply be used to launch attacks at other computers or networks.
Categories of Malware
There are two main and broad categories that helps classify malware. These categories are also added to malware characteristics.
A. Self-replicating Malware
Every malware is installed once on a device. However, some malware types are designed to actively create unique copies or instances of themselves, each one executing its purpose. Passive malware replication refers to an instance where a user accidentally infects his or her device with the same malware more than once. To understand passive replication, consider clicking a malware link on an email.
B. Parasitic Malware
To understand parasitic malware, let's understand how a device can be infected by malware. A user can download a pirated copy of a word processing application or even a PC game. If the pirated application had malware attached to it, the malware will be installed during the application's installation process. In another instance, a user can carry a USB flash drive to a public cafe, download a document on the cafe PC infected with self-replicating malware, and copy it onto his or her USB Flash drive. On reaching home the user inserts the same USB flash drive in the home PC and copies the document onto his or her computer. These are examples of parasitic malware; they rely on other programs and documents to exist.
Now consider your home network. Once a single device is infected with malware, the malware can start finding vulnerabilities in other devices in the network, exploiting those vulnerabilities, and infecting other devices on the network. This is an example of a self-contained malware that acts on its own without depending on other files or programs to exist.
Types of Malware on Computers
1. Viruses
These are the common types of malware and we can bet you have heard the term before. Partly why they are common is because they are easily created and spread between devices. Another reason why viruses are common is that, and we say this painfully, associated with other types of malware. Most people refer to all malware applications as viruses, which should not be the case.
What is a Virus?
A virus is a replicating malware that relies on files to move from one device to another. Viruses are spread through executable applications (files with .exe, .bat, .scr file extensions) or non-executable files such as music files and word documents (.doc, .docx). A virus can attach itself to a document on computer A. When the document is copied to computer B and opened, the virus will infect computer B. Viruses replicate on an infected device by attaching to files, overwriting files, or even replacing entire files.
A plain virus does nothing else except cause harm to a computer system. Once a computer is infected, the virus corrupts and destroys files in hard disks and other storage devices such as USB flash disk drives damaging the data contained in them. They can also delete files and format hard drives, which can cause computer hardware damage.
2. Worms
Worms are a type of malware that share some characteristics with viruses in that, like viruses, they are also self-replicating. That means that worms create instances or copies of themselves, enabling them to spread from one device to another. Unlike viruses, worms are not parasitic, which means that a worm is a stand-alone application (script) and does not need files to move between devices. While viruses are common in individual devices attacking files, worms exist in computer networks.
Worms do not go after computer files, by default, as is the case with viruses, but rather stealthily move across network devices infecting multiple devices. However, worms can carry payloads that are executed once a device is infected. Payloads are similar to a bunch of instructions that are executed once a device is infected. For instance, a worm might start scanning a device for files that meet certain criteria such as the name financial, confidential, and so on. The worm can also start using a network's computational power to run programs as part of a botnet, or scan for vulnerabilities to open remote access into the computer network.
3. Malicious Spyware
Just as the name suggests, spyware peeks at the data and other activities in your devices such as a PC and sends it to someone. Malicious spyware is a malware application that collects information on a computer system and transmits it to another person through a C&C (command and control) computer system illegally and without your consent.
Unlike viruses, spyware cannot self-replicate and require human assistance to infect a device, which can be through installing infected applications, copying infected files, or even visiting infected websites.
But spyware can also be a legitimate application. Applications such as antivirus require data to constantly update their virus databases. Other applications, including OS, collect data on usage and other metrics such as location and type of devices to tailor features for you. These are helpful spyware that increases efficiency and productivity. Applications such as Upwork use screen grabs and keyloggers to capture the productivity of a freelancer and store this data for assessment by clients before payment is made. In this case, Upwork uses a spyware to ensure productivity, which is in no way malicious.
Note that legitimate spyware (applications and C&C - command, and control) might contain vulnerabilities that can be exploited and the systems and data compromised. Whereas your system is secure, insecure but legitimate spyware and C&C can be breached thus exposing your information to attackers. Whereas the data siphoned by the attackers in this scenario is limited to only what the legitimate spyware collects, it is still your data nonetheless and to the attackers it still has value.
However, for this article, we are focussing on malicious spyware. Malicious spyware will infiltrate your PC or mobile device and begin capturing data. All the collected data is then sent to an attacker who then uses your data to blackmail, commit identity theft, corporate espionage, or even simply sell it.
The exact information gathered by malicious spyware can vary but here are the most common:
-
Username and passwords - Login Details
Through a keylogger script, spyware can record keystrokes and send the records to attackers. When you type your usernames and passwords, keyloggers capture the input key sequences and send this information to attackers who can then use this data to illegally gain access to your accounts. -
Bank Account Numbers, Credit Card Numbers, and PINs
Just like login details, these critical numbers can be captured through keylogger scripts and sent to attackers. This information can be used to commit bank fraud or e-commerce fraud. -
Track Browser Activities
Malicious software can illegally track your activities on your browser and the sites that you frequent. This information can be used to send targeted adverts, blackmail, or simply commit fraud. This data can also be matched with the keyloggers to understand which login details are used on various websites. -
Documents
Spyware can scan for documents that meet certain criteria and upload them to remote servers. For instance, malicious spyware can scan for images whose filenames match those taken from a mobile phone's camera. In another instance, malicious spyware can scan for files with the terms SSN, ID, CV, personal, confidential, tax, statements, and so on, and collect and upload them to remote computers and servers. -
Screen grabs and screenshots
Some malicious spyware can stealthily capture screenshots of your device such as a PC or mobile. -
Harvest Email Address and other contact information
Malicious spyware can collect email addresses and other contact information on the infected devices and send them to attackers. The information collected is used to run email scams.
4. Trojan Horse
Do you remember the story where an innocent-looking, wooden horse turned out to be filled with armed soldiers? Some applications are described and distributed as legitimate programs. However, their tasks are completely different from what it usually seems or is described.
For instance, consider an antivirus program described to keep your devices protected from malicious applications. Once a user installs the program, it does exactly what it was installed to prevent. It becomes a malicious application. The illegitimate antivirus can alter files, spy on a system, scan for remote access vulnerabilities, add the computer to a botnet, and many more malicious activities.
A trojan horse can not self-replicate or self-execute as a virus or worm. A trojan horse requires human assistance to replicate and infect a device such as a PC.
5. Ransomware
While all other malware works with stealth, ransomware is designed to be detected. A device infected with malware shows a persistent message on the screen notifying you that your files have been encrypted and you need a special decryption key to access them. That means that your computer files and documents are rendered useless unless you run the decryption key. For the key, you will have to pay a certain amount of money, often through cryptocurrency (such as bitcoin) to their cryptocurrency wallet (such as bitcoin wallet).
Ransomware attacks leverage your data forcing you to pay a ransom for it to get your data back; hence the term, ransomware.
Effects of Malware
Malware types come in different forms, each designed and executed with a purpose. Here are some effects of successful malware attacks.
A. Identity Theft and Data Fraud
Malware such as malicious spyware collects information on users from their infected devices. This information can contain SSNs, IDs, Addresses, and other PII (Personal Identifiable Information). Further, access to one's emailing list and other contacts can lay the foundation for further phishing emails and messages, which can be the start of other more advanced and malicious attacks.
B. Banking and E-Commerce Fraud
Malicious spyware with keyloggers and screen grabbers can siphon your banking account information and authentication details which can be used to commit banking fraud and other financial-related malicious activities. Attackers can also choose to sell this information to third parties who can then use it to commit fraud.
C. Computer Damages
Whereas each malware is designed with a different purpose, it only exists as a software application and requires resources such as CPU and RAM to run and execute as intended by an attacker. The demand for these resources, more so for poorly designed malware, can compromise the performance of a device such as mobile or PC. A compromised device may start freezing, lagging, crashing often, and even overheating which can permanently damage the device.
As discussed in the article, some malware types are designed to be destructive - simply delete files, format storage drives (HDD, SDD, and USB flash disk drives), permanently alter files, and ultimately modify your device's operating system, making it unusable.
This is the reason why you are advised to consider the possibility of your device being infected if it starts running suspiciously slow, crashing often, and even overheating abnormally. You might also notice changes to various settings. Further, you might notice frequent, weird, and invasive pop-ups start appearing as ads or red alerts of failed applications and services. For laptops and mobile devices, device batteries will begin draining faster than usual, which signifies abnormal power consumption.
D. Disruption of Normal Computer Usage
To start things off, no one intentionally installs malware. Second, no malware is designed to just install and be dormant for eternity as each malware in existence has a purpose. While you are working on your device, the malware is busy executing its designed tasks. This interferes with your normal operating experience.
As earlier stated, malware applications consume resources that would otherwise be reserved for legitimate applications. Malware such as spyware occupies internet bandwidth to upload information slowing your browsing speeds. Worms within networks occupy bandwidth slowing down communication between devices which interferes with normal operations.
Upon verification of infection, time is spent cleaning mobile and computer systems, time which would otherwise be used productively working on the devices. In the case of companies and large networks, operations are halted until a complete disinfection and damages assessment is finalized.
Adware brings up weird and annoying pop-ups of advertisements from time to time, and frequently, which disrupt work.
In the case of a ransomware attack, a device is unusable until proper disinfection is made. At other times, ransom-infected devices are destroyed and backups restored, which takes time until normal operations are restored.
E. Give room for more, complex attacks
Worms are designed to exploit vulnerabilities in a network or a specific device in a network. Once a vulnerability is found, it is exploited, which allows attackers to advance to other cyber attacks such as remote accessing computer systems. With such access, attacks don't need keyloggers as they have remote access to computer systems as normal users working from home. They can look for files or any other information that they are interested in.
Once data is received by attackers using tools such as spyware and keyloggers, they can use the data to launch more attacks on your devices or use information such as email addresses to target other users.
Signs a Device is Infected With Malware
Except for ransomware, it might take extra effort to be sure that your devices are infected with malware. Here are some of the things you can look out for:
1. Device freezes and crashes often
Malware consumes resources that reduce the number of resources that would have been used by an OS. When an OS is unable to run as expected, it results in freezing in an attempt to resolve faults and finally crashes if those faults are not corrected. Microsoft Windows users see the Blue Screen of Death more frequently.
2. Slowed Performance
Legitimate applications are forced to share CPU and RAM resources which lead to slow performance and lagging. You might also notice slowed internet speeds. Further, you might notice abnormal lagging and freezing during the device's startup operation.
3. Device Overheating
The increased consumption of power as a result of a malware infection leads to an immense generation of heat which easily causes overheating issues. Persistent overheating often causes device crashes.
4. Battery draining faster
For laptops and mobile devices, you might notice that the device's battery is draining faster than usual. Malware applications increase a device's power consumption which puts more load on your battery draining it faster than when under normal usage.
5. A sudden change of device settings
Malware tends to adjust some settings to carry out tasks successfully. Some of the settings you can easily spot are changes to default opening apps, and changes in internet settings. Consider that you use application A to open word document files. All of sudden you realize that the document files are being opened with an application B. If you have never installed application B on your device, there is a higher probability that your device is infected.
6. Weird and Invasive PopUps
Some malware types, such as adware, are designed to pop up ads on a device screen in a specific schedule or randomly from time to time. For instance, you might be working on a document and suddenly a gambling ad pops up on the screen, and not on a website in the browser. There is a likelihood that your device has been infected with adware. Clicking such a link loads a website on your browser.
Device Infected with Malware? Take These Steps!
-
If you suspect that your system or network is infected with malware such as a virus or worm, it is important to shut off your internet. Powering off the router is the best route; however, you can disconnect the LAN cable from your device. If you are using mobile data, turn it off.
-
Don't copy files you consider important to an external storage device such as a hard drive or USB flash disk drive yet. You can transfer malware using these devices and re-infect your devices.
-
Run a recently-updated antivirus scanner on your device. Ensure that your antivirus is legitimate as we saw that fake antivirus applications can also be trojan horse malware. Take note of any suspicious files flagged by the antivirus scanner more so executable files (files with .exe, .bat, .scr file extensions)
-
Use the anti-virus's quarantine feature to store infected files that you consider important. Delete all other files to remove malicious code files.
-
Run the antivirus scanner a few more times ensuring that no threat is found. Once the antivirus shows no more infection, connect your internet and update your antivirus databases and thereafter run another scan. Monitor how your device performs for a few hours.
-
If you suspect that the malware is not disinfected, it is recommended that you restore a device to factory settings. However, you will lose your data if you have not made backups.
How to Protect Yourself From Malware
Here are the steps you can take to protect your devices and systems from being infected with malware:
A. Use a good antivirus
A good antivirus will protect your devices from infection. Antivirus applications often update their databases with the latest malware definitions making them ready even for the latest malware applications. Contrary to the name, an antivirus can protect against all kinds of malware including worms, trojan horses, spyware, adware, and more.
And one more critical information about antivirus applications: If your antivirus throws an issue, heed it. Don't just ignore these warnings or move applications into quarantine. Delete all suspicious files.
B. Avoid clicking suspicious links and downloading email attachments and files
Malware can be spread through websites or as email attachments. Avoid clicking links until you are sure the link is safe. Visiting an infected website will download malware to your browsers using the drive-by download technique. Remember that malware such as viruses rely on human assistance to spread and execute, therefore take precautions when copying files from other devices, downloading attachments and files, and installing applications.
C. Be cautious of P2P (Peer-to-peer) connections
P2P connections have enabled us to share files between local devices on simple networks using connection tools such as Bluetooth. Ensure that the device you are copying files from or to is secure and not infected with malware. P2P file sharing is one method malware infects computers and other devices easily.
D. Avoid HTTP insecure websites
Avoid visiting websites without the HTTPS in their URLs. HTTP-only URLs show that a site is insecure and unsafe to browse. Google gives information on spotting a secure and insecure website.
E. Download applications from official pages and app stores
Avoid downloading applications from illegal websites and unofficial app stores. Illegal applications are infected with malware and distributed through unofficial app stores. If application A is from company A, then visit company A's website to download the application. There is no guarantee that a downloaded application A from website D is safe and secure.
F. Avoid bundled software applications
Installing individual applications such as device drivers is time-consuming and tiring. At that point, you might consider downloading and installing a single application that bundles up all drivers and installs them for you. There is no guarantee that the single software has not bundled up a trojan horse and other malware types. Using this software to install other applications will permit it to install any bundled applications.
G. Backup files in the cloud and other storage devices
Data loss is our worst fear. It is important to frequently back up your data in physical drives or the cloud such as Google Drive and Microsoft's OneDrive. In case your files are compromised by a malware attack, you can easily restore them and resume operations faster.
H. Update software programs and Operating Systems
Always update your software applications to the latest versions and from the official stores. Software updates not only update features but are used to fix bugs and vulnerabilities that have been discovered in earlier versions of the application. Visit an application's official page to see the latest updates and versions available.
I. Enable multi-factor authentication (MFA)
Although this will not prevent malware execution, it will make it difficult for attackers to use login information captured via malicious spyware. MFA through text message or as an email notification is recommended.
Common Questions Asked Regarding Malware
Should I pay for a decryption program in a ransomware attack?
A ransom is designed to encrypt your files and make them useless until you pay for a decryption key. Paying for a description key does not guarantee that your files will be decrypted. In the chance that the description key works, what stops the attackers from coming after your systems again? CISA notes that ransomware attackers are following a successful attack with extortion demands to keep the data private.
Will installing a new operating system (OS) remove viruses from my PC?
Installing a new OS or resetting the existing one will disinfect any malicious code in your system. However, if you have hard disk partitions, it is safe to assume that the virus exists in those partitions as well. Therefore, if you install an OS on Disk C and Disk D, an already existing partition, contains data, there is a likelihood that the virus will infect the new OS as soon as you start up the PC. You need to do a clean installation to get rid of any malicious code. However, note that a clean installation will delete all data on the PC. Backing up data before installation is not recommended as any files may contain the virus, which will re-infect the new OS when the data is restored.