You’re probably aware that you should not open attachments in phishing emails, or download apps from unknown sources, in case they contain malware. But what exactly is malware?
Malware is a term that encompasses all forms of malicious software that alters the way computers or the programs that they run work and that carry out tasks without the knowledge or consent of the users of infected computers.
Malware is used by cyber criminals for many different purposes including to gain access to computer systems and online accounts, to steal data and other confidential information, and to extort or steal money.
Computer viruses are the best known form of malware, and thirty years ago they accounted for the majority of malware that existed.
Microsoft added a rudimentary antivirus program to its MS-DOS 6 operating system in 1993, and to combat the growing virus problem at the time many security vendors also began to offer their own antivirus programs.
Fast forward to today and there are many different types of malware in circulation, of which “old fashioned” viruses make up only a small proportion.
While most early viruses were simply designed to cause damage by deleting data, modern malware now takes full advantage of the internet and is often used by cyber criminals to carry out illegal activities remotely.
Since viruses are only a small subset of malware, many vendors that used to sell antivirus software now refer to their products as “antimalware software” or, more commonly, “endpoint security software”.
Good examples of endpoint security products include:
This is a type of malware that is hidden inside an apparently legitimate piece of software which a user downloads and runs. When the software is run, the malware is activated and carries out its malicious activities.
One of the most infamous trojans was called Emotet. Spread in phishing emails, it stole bank logins and passwords, enabling cybercriminals to plunder victims’ accounts.
In some cases the software containing the trojan appears to work normally, so that the user has no reason to suspect their computer has been infected. In other cases the software does nothing apart from allowing malware to launch.
Cyber criminals known as “bot herders” create huge networks of computers (known as botnets), which are infected with zombie malware. This malware remains dormant until the bot herder activates it and issues it with commands to carry out.
A bot herder may activate the zombie malware on a single machine and instruct it to send out phishing emails. More commonly, they may activate their entire botnet at once and instruct all the infected computers to send data simultaneously to a selected server in order to overwhelm it.
This is known as a distributed denial of service (DDoS) attack, and cyber criminals may demand a payment in return for stopping the DDoS attack.
A much more straightforward way to extort money from a victim is through the use a type of malware known as ransomware. Often hidden in what appears to be a document or spreadsheet attached to a phishing email, ransomware encrypts the data on a victim’s computer before demanding a ransom for the decryption key.
There many different examples of ransomware, including WannaCry, Bad Rabbit, GoldenEye, GrandCrab, and Mado.
If your charity falls victim to a ransomware attack then it is not usually possible to decrypt the data without paying the ransom. For that reason it is important to backup your data regularly so that you can restore you data from a backup.
This is one of the most dangerous types of malware. A keylogger records every keystroke that a user makes on their keyboard, and periodically sends a file containing all these keystrokes back to the cybercriminal responsible for it. Keyloggers may also take screen shots and record which folders and files are opened.
As well as enabling the cyber criminal to read any emails or documents that the user has typed, they can also see any usernames and passwords the user has entered to access bank accounts, cloud applications, and any other services.
The use of two factor authentication (2FA) can help to mitigate the risk posed by keyloggers.
RAT stands for Remote Access Trojan and this type of malware provides a cyber criminal with a way of accessing and using a computer over the internet until the RAT is detected and removed.
That means that once a computer is infected with a RAT the cyber criminal has continuous, unfettered access to that computer and can take the time to explore its contents, install more malware such as a keylogger or ransomware, and attempt to connect to and infect other computers connected to the same network.
A rootkit is an extremely sophisticated type of malware which is designed to run in such a way that it cannot normally be detected by endpoint security software, and cannot easily be removed.
A rootkit provides cybercriminals with almost unconstrained access to an infected machine, enabling them to download files, install more malware, and even alter access log files to cover up any record of their activity.
Apart from ransomware, which announces its presence with a ransom note, it can be hard to know when your computer is infected with malware. But if you don’t know your computer is infected then you can’t prevent the damage that it can do.
The most direct way to detect malware is to use your endpoint security software to scan you computer for infections regularly. But security scans will not detect all malware, especially rootkits.