Insights
INSIGHTS
All Topics
Everything you need to know about malware
11 Apr 2022by Paul Rubens
We know clicking phishing links or downloading dodgy attachments is bad. But what exactly is malware?
Malware is a term that encompasses all forms of malicious software that alters the way computers, or the programs they run, work. Once installed, malware carries out tasks without the knowledge or consent of the users of infected computers.
Malware is used by cyber criminals for many different purposes including to gain access to computer systems and online accounts, to steal data and other confidential information, and to extort or steal money.
More than simply viruses
Computer viruses are the best known form of malware, and thirty years ago they accounted for the majority of malware that existed.
Today, there are many different types of malware in circulation, of which “old fashioned” viruses make up only a small proportion.
In 1993, Microsoft added a rudimentary antivirus program to its MS-DOS 6 operating system and, to combat the growing virus problem at the time, many security providers also began to offer their own antivirus programs.
While most early viruses were simply designed to cause damage by deleting data, modern malware now takes full advantage of the internet and is often used by cyber criminals to carry out illegal activities remotely.
Since viruses are only a small subset of malware, many vendors that used to sell antivirus software now refer to their products as “antimalware software” or, more commonly, “endpoint security software”.
A popular example of an endpoint security product is Avast Business Antivirus. This software scans and analyses suspicious information coming and going from devices and blocks malicious files, dangerous websites, unusual behavior, unauthorized connections, and other threats.
It is best suited to small and medium-sized charities and is available for a discounted price on the Charity Digital Exchange.
Different types of malware
Trojan
This is a type of malware that is hidden inside an apparently legitimate piece of software which a user downloads and runs. When the software is run, the malware is activated and carries out its malicious activities.
One of the most infamous trojans was called Emotet. Spread in phishing emails, it stole bank logins and passwords, enabling cybercriminals to plunder victims’ accounts.
In some cases the software containing the trojan appears to work normally, so that the user has no reason to suspect their computer has been infected. In other cases the software does nothing apart from allowing malware to launch.
Zombie malware
Cyber criminals known as “bot herders” create huge networks of computers (known as botnets), which are infected with zombie malware. This malware remains dormant until the bot herder activates it and issues it with commands to carry out.
A bot herder may activate the zombie malware on a single machine and instruct it to send out phishing emails. More commonly, they may activate their entire botnet at once and instruct all the infected computers to send data simultaneously to a selected server in order to overwhelm it.
This is known as a distributed denial of service (DDoS) attack, and cyber criminals may demand a payment in return for stopping the DDoS attack.
Ransomware
A much more straightforward way to extort money from a victim is through the use a type of malware known as ransomware. Often hidden in what appears to be a document or spreadsheet attached to a phishing email, ransomware encrypts the data on a victim’s computer before demanding a ransom for the decryption key.
There many different examples of ransomware, including WannaCry, Bad Rabbit, GoldenEye, GrandCrab, and Mado.
If your charity falls victim to a ransomware attack then it is not usually possible to decrypt the data without paying the ransom. For that reason it is important to backup your data regularly so that you can restore you data from a backup.
Related Articles
Keylogger
This is one of the most dangerous types of malware. A keylogger records every keystroke that a user makes on their keyboard, and periodically sends a file containing all these keystrokes back to the cybercriminal responsible for it. Keyloggers may also take screen shots and record which folders and files are opened.
As well as enabling the cyber criminal to read any emails or documents that the user has typed, they can also see any usernames and passwords the user has entered to access bank accounts, cloud applications, and any other services.
The use of two factor authentication (2FA) can help to mitigate the risk posed by keyloggers.
RAT
RAT stands for Remote Access Trojan and this type of malware provides a cyber criminal with a way of accessing and using a computer over the internet until the RAT is detected and removed.
That means that once a computer is infected with a RAT the cyber criminal has continuous, unfettered access to that computer and can take the time to explore its contents, install more malware such as a keylogger or ransomware, and attempt to connect to and infect other computers connected to the same network.
Rootkit
A rootkit is an extremely sophisticated type of malware which is designed to run in such a way that it cannot normally be detected by endpoint security software, and cannot easily be removed.
A rootkit provides cybercriminals with almost unconstrained access to an infected machine, enabling them to download files, install more malware, and even alter access log files to cover up any record of their activity.
How do you know if your computer is infected with malware?
Apart from ransomware, which announces its presence with a ransom note, it can be hard to know when your computer is infected with malware. But if you don’t know your computer is infected then you can’t prevent the damage that it can do.
The most direct way to detect malware is to use your endpoint security software to scan you computer for infections regularly. But security scans will not detect all malware, especially rootkits.
Signs that your computer may be infected include:
- The computer takes longer than normal to start up, or runs slower than normal
- A slow internet connection
- Unknown files appearing, or known files being modified or deleted
- Unknown processes visible in Task Manager
Steps you can take to prevent a malware infection:
- Ensure your firewall is switched on and endpoint security software is running
- Install updates to your operating system and other software as soon as possible
- Only download software from trusted sources
- Do not click on links in emails, or open files attached to emails from unknown sources
- Back your data up regularly
Discover more about Avast
Click above to see how Avast can help your charity defend against malware
More on this topic
Recommended Products
13 Nov 2024by Laura Stanley
How to stay cyber secure with volunteersSponsored Article
08 Nov 2024by Laura Stanley
Artificial intelligence: Responsible use for charitiesSponsored Article
31 Oct 2024by Laura Stanley
What cyber certification can do for charitiesSponsored Article
Our Events
Charity Digital Academy
Our courses aim, in just three hours, to enhance soft skills and hard skills, boost your knowledge of finance and artificial intelligence, and supercharge your digital capabilities. Check out some of the incredible options by clicking here.
© 2022 Charity Digital Trust. All rights reserved
