Malware! What is it and what to do about it.

Today we are talking about Malware and due to this topic being so varied, it is a little longer than previous posts, but hopefully we'll be giving you a few things to look out for.

Remember. If you think you have been infect by Malware, please immediately disconnect your computer from the Network or Internet and run your antivirus software. If you have any concerns, please contact your local trust IT Support to ensure your device is safe.

What is Malware?
Malware is a common cyber-attack and an overarching term used to describe various malicious programmes delivered and installed on end-user systems and servers. These attacks are designed to cause harm to a computer, server, or computer network, and are used by cybercriminals to obtain data for financial gain.

What is the intent of Malware?
Cyber-attackers use malware for a variety of malicious intentions. In most cases, its purpose is to steal critical information or resources for monetary gain. For instance, hackers and use malware as a tool to compromise computer networks or specific devices to steal or compromise sensitive data, like credit card information or confidential login credentials, such as banking information. But in some scenarios, malware is merely intended to cause havoc and sabotage its victims’ computer systems to disrupt a system’s operability.

What types of Malware are there?
Types of malware programmes fall into commonly referred to categories such as:

• Ransomware: Encrypts files that cannot be recovered unless the victim pays a ransom. Ransomware attacks have become increasingly common for business and individuals.
• Adware: Display ads (sometimes malicious ads) to users as they work on their computers or browse the web. A common example of this is your computer will display a message advising a user to contact Microsoft due to a computer issue which then expands into a common Tech Support Scam and gives false contact information to a scam phone number or website. From there once a customer makes contact additional software may be installed allowing cyber-criminals to access data, identities and financial information.

• Fileless malware: Instead of using an executable file to infect computer systems, fileless malware uses Microsoft Office macros, WMI (Windows Management Instrumentation) scripts, PowerShell scripts, and other management tools.
• Viruses: A virus infects a computer and performs a variety of payloads. It may corrupt files, destroy operating systems, delete or move files, or deliver a payload at a specific date.
• Worms: A worm is a self-replicating virus, but instead of affecting local files, a worm spreads to other systems and exhausts resources.
• Trojans: A Trojan is named after the Greek war strategy of using a Trojan horse to enter the city of Troy. The malware masquerades as a harmless programme, but it runs in the background stealing data, allowing remote control of the system, or waiting for a command from an attacker to deliver a payload.
• Bots: Infected computers can become a part of a botnet used to launch a distributed denial-of-service by sending extensive traffic to a specific host.
• Spyware: Malware that installs, collects data silently, and sends it to an attacker that continuously “spies” on users and their activities. Spyware aims to gather as much important data as possible before detection.
• Backdoors: Remote users can access a system and possibly move laterally. Trojans deliver backdoor payloads during installation.
• Banking Trojans: View or steal banking credentials to access accounts. Typically, they manipulate web browsers to trick users into entering their personal banking information.
• Keyloggers: Capture keystrokes as users type in URLs, credentials, and personal information and send it to an attacker.
• RAT: “Remote access tools” enable attackers to access and control the targeted device remotely.
• Downloaders: Download other malware to install locally. The type of malware depends on the attacker’s motives.
• POS: Compromise a point-of-sale (PoS) device to steal credit card numbers, debit card and PINs, transaction history, and contact information.

 

How Do You Get Malware?

A good antivirus solution stops malware from infecting a computer, so malware authors develop several strategies to bypass cybersecurity installed on the network. A user can become a victim of malware from numerous attack vectors which can take various forms, including software vulnerabilities, misconfigured systems, social engineering tactics, or physical access to devices.

How to become a victim of malware:

• You download an installer that installs a legitimate programme, but the installer also contains malware.
• You browse a website with a vulnerable browser (e.g., Internet Explorer 6), and the website contains a malicious installer.
• You open a phishing email and open a malicious script used to download and install malware.
• You download an installer from an unofficial vendor and install malware instead of a legitimate application.
• You click a web page ad that convinces you to download malware.

How Can I Tell If I Have Malware?
Even though malware runs silently in the background, the resources it uses, and its payload display are telltale signs your computer is infected. While some infection detection may require an experienced user, you can still recognise specific signs to investigate further.

Here are a few signs that you might have malware:

• Slow computer: Some malware, like cryptojackers, require extensive CPU and memory to execute. Your computer will run unusually slowly even after a reboot.
• Constant pop-ups: Adware embeds into the operating system, so your browser constantly displays ads. After you close an ad, another one pops up.
• Blue screen of death (BSOD): Windows crashes to a blue screen and displays an error, but this issue should rarely happen. Constant BSOD issues could mean the computer has malware.
• Excess disk storage or loss: Malware might delete data, releasing large amounts of storage space or adding several gigabytes of data onto storage.
• Unknown internet activity: Your router shows excessive activity even when you’re not using your internet connection.
• Change in browser settings: Malware will change browser home pages or search engine settings to redirect you to spam websites or sites containing malicious programmes.
• Antivirus is disabled: To deliver its payload, some malware disables antivirus that remains disabled even after being enabled.

 

How to Remove Malware

If you think your computer has malware, you must take steps to remove it. For enterprise workstations, malware removal can be done remotely with business antivirus tools. More sophisticated forms of removal might be necessary for malware that evades antivirus.

The first step in removal is updating the machine’s antivirus software and running a scan on the entire system. Ensure your antivirus is enabled before beginning a scan because some malware disables antivirus. Scanning a computer can take several minutes, so it’s best to leave it running overnight if you need it for work.

After the antivirus completes the scan, it produces a report on its findings. Most antivirus software quarantines suspicious files and asks you what to do with quarantined files. After the scan, reboot the computer. The antivirus software should have a setting that tells it to scan the computer periodically every week. Scanning your computer at a set schedule ensures that malware is not installed unknowingly again.

At worst, you might be forced to re-image or reset a computer to factory settings. If you have a complete backup of your operating system and files, you can re-image it. Re-imaging installs everything, including files, so that you can recover from your last storage point. If you don’t have this type of backup, you can reset the PC to factory settings. Remember that you lose all files and software this way, and the computer is returned to the state when you first purchased it.

It’s important to ensure that malware is completely removed. If you do not completely remove malware from an environment, it could be coded to re-infect a newly scanned and cleaned computer. To stop malware from re-infecting a computer, always have monitoring and data protection running across all network resources. Intrusion detection systems actively monitor the network for suspicious traffic patterns and alert administrators of potential threats to prevent cybersecurity incidents from becoming data breaches.

Foundation Computers offers a number of monitoring plans that include Enterprise Grade Anti-virus, Anti-Malware and Anti-phishing features as well as included Tech Support and Remote Monitoring for both Residential and Business customers.