Understanding, recognizing and preventing malware
The term "malware" refers to harmful software that disrupts or manipulates an electronic device's normal operation.1 Malware can infect personal computers, smartphones, tablets, servers and even equipment ā basically any device with computing capabilities.
The first form of malware ever developed was the computer virus.2 As technology, computing and software have advanced during the past two decades, so have the sophistication and prevalence of malicious software. Read on to learn more about how malware and ransomware work and what you can do to protect yourself.
How does malware work?
Malware typically infects a machine by tricking users into clicking and/or installing a program that they shouldn't from the internet. When the click or installation occurs, the malicious code executes actions that the user doesn't anticipate or intend, which could include:
- Self-replication in different parts of the file system
- Installing applications that capture keystrokes or commandeer system resources, often running without the user being aware, while slowing the system considerably
- Blocking access to files, programs or even the system itself, sometimes forcing the user to make a payment to regain access
- Bombarding a browser or desktop with ads
- Breaking essential system components and rendering a device inoperable
Execution can be triggered by a number of user actions, but the most common trigger is a click, typically on a link or pop-up. The descriptions might say something provocative such as, "Claim your prize" or "Your account has been compromised. Please log in and verify recent charges." Often immediately after clicking the link, a pop-up will be displayed, such as "Your system is infected! Click here to run a scan." The next click often triggers the download of a malicious payload, even if the user doesn't select one of the options and instead tries to close the program using the corner X.
Malware can also be disguised as a program or app that claims to convert PDFs, unzip files, find product discounts or provide caller ID functionality on a smartphone. But once the program is downloaded, it begins making unauthorized changes on the system: monitoring user behavior, displaying pop-ups, changing search engine results, adding icons to a desktop or redirecting popular sites.
Malware types
Malware can be delivered in several different forms, depending on the intention of the person who developed it.
- A computer virus is designed to reproduce itself and spread from one file or program to another, and, less frequently, to other computers on a network.
- Trojan horses masquerade as harmless programs, but when activated, they damage their host computer. Unlike a virus, a Trojan horse does not replicate itself; instead, this malware usually attempts to steal files or passwords.
- Computer worms replicate themselves to spread through a network. A computer worm will spread across computer networks, as opposed to viruses that usually spread from file to file on a single computer.
- Spyware infects and operates on a userās computer to monitor user activity and extract information. For instance, while spyware runs on a machine, the hacker can monitor the programs used and sites visited while tracking keystrokes to determine login and password information.3
- Logic bombs are concealed in programs and can either be triggered by a userās action or released at a predetermined time. They can crash a system or wipe a hard drive.
Ransomware
Ransomware is a form of malware that locks a user's computer and then demands a ransom payment to restore access. Ransomware can be delivered to a computer if a user clicks on a link that contains malware.4 It often resembles a phishing attack, which is an attempt to gather personal information such as passwords, banking details, credit card numbers or even Social Security numbers. Phishing involves a scammer sending emails that can appear harmless and typically ask the recipient to click a link or download a file.
These messages look as if they're from a legitimate, trustworthy source, but once the recipient clicks or downloads, the hacker gains access to the user's computer. Ransomware often begins as a phishing attack, but it goes a step further in inciting panic that may urge users to quickly take the hacker's desired action. Once a user has clicked a link or file for download, the ransomware freezes their computer. It then attempts to blackmail the user into paying money for the scammer to return the user's stolen personal information.
This form of malware relies on fear ā that is, the fear that a user has engaged in illegal activity online. By posing as a law enforcement agency, a ransomware purveyor can intimidate and coerce a user while seeming legitimate. In other instances, ransomware will simply lock down a user's entire machine, including important files and programs, and demand a payment. Ransomware may not only withhold access to a machine but also threaten to delete files unless payment is made.
Signs of malware
Not all malware is as obvious as ransomware. In fact, some malware runs almost silently in the background of your device. Here are several signs that you may have fallen victim to malware:
- Ads that pop up seconds after a page loads
- Ads that pop up when youāre not using your internet browser
- Redirect chains, or when a website URL keeps changing and sending you to other pages
- Your email or social media contacts receive strange messages from you that you didnāt send
- Your system slows down
- You can't access the Control Panel on a Windows system
If you suspect malware is active on your device, disconnect it from the internet and take steps to remove the malicious software. Find instructions from a trusted source, such as a well-known technology service provider.
Protecting your devices from malware
Given the prevalence of malware (especially among apps) in recent years, anti-malware software has become common, and most new computers and mobile devices are bundled with device security and/or anti-malware software at the time of purchase. As malware and viruses most commonly infect Windows PCs, you should be sure that your Windows machine has the following:
- Antivirus software
- An active firewall
- A strong password
- A BIOS/UEFI password
You may want to seek help from a trusted source, such as a well-known technology service provider, to ensure that your system has the above recommended defenses. Beyond these measures, be sure that you avoid downloading apps or programs from suspicious or unknown websites. Likewise, donāt click suspicious ads or pop-up ads. Finally, treat emails that request sensitive information with caution, even if they appear to be from a familiar source.
[1] Miller, Keith W. "Malware." Ethics, Science, Technology, and Engineering: A Global Resource. Ed. J. Britt Holbrook. 2nd ed. Vol. 3. Farmington Hills, MI: Macmillan Reference USA, 2015. 48-52. Gale Virtual Reference Library. Web. 15 Dec. 2015.
[2] Ćric Filial, Computer viruses: from theory to applications, Volume 1, Burkhouse, 2005, pp. 19ā38
[3] "Computer Security." Encyclopedia of Management. Ed. Sonya D. Hill. 7th ed. Detroit: Gale, 2012. 157-161. Gale Virtual Reference Library. Web. 6 Jan. 2016
[4] https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise