Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section


Column
width25%


Panelbox
id6

Table of Contents



Column

What is Malware?

Section
Column

Image Removed

Column

Overview

Malware is an umbrella term for various types of malicious software. This term encompasses : Viruses

: programs which attach themselves to other (often legitimate) programs or files

,

but which cannot affect your computer or spread to others unless you open or run the infected program or file.
  • Worms: similar to viruses except that they can further infect your computer or travel to others without any action on your part.
  • Trojans: programs which disguise themselves as legitimate, useful software but actually do damage once installed.
  • Adware: legitimate programs that incorporate advertising in order to allow the developer to distribute it for "free".
  • Spyware: gathers user information through the user's browsing habits, internet connection and sometimes keystrokes without their knowledge, usually for advertising purposes. Adware which incorporates this approach to its advertising content is typically re-categorized as Spyware.
  • Worms, Trojans, Adware, and more. Common symptoms of a malware infection include slow computer performance; difficulty registering or accessing the network; the inability to run software updates or anti-virus software such as McAfee; , and unexplained pop-up warnings, errors, or ads. This article will review some basic information about various types of malware, how to recognize it, and what to do about it.

    Student-owned computers suspected of having any kind of malware infection can be dropped off free of charge at the ITS Helpdesk from 8 am–5 pm Monday–Friday.




    ...

    Types of Malware

    Virus

    Section


    Column
    width200px

    Image Added


    Column

    What is it?

    • Malicious program that attaches itself to a legitimate file or program (the Host).
    • Infects machine when host file is run or opened.
    • Typically cannot run itself, needs human intervention.

    What does it do?

    • Harmless as presenting “I’m here!”
    • Dangerous as deleting files.
    • Trigger immediately or wait for instructions or wait for a specific date.

    How does it spread?

    • Via any files that move between computers (e.g. email).
    • Once on machine, looks for files to infect.
    • Relies on user transmission of those files.


    Trojan

    Section


    Column
    width200px

    Image Added


    Column

    What is it?

    • Disguises itself as useful software or legitimate files.
    • Typically cannot run itself, needs human intervention.

    What does it do?

    • Harmless as changing icons on your desktop.
    • Dangerous as opening “back doors” to the machine.

    How does it spread?

    • Purely human intervention; “invited” onto system.
    • Cannot replicate itself.
    • Opening files or images…


    Worm

    Section


    Column
    width200px

    Image Added


    Column

    What is it?

    • Malicious program that spreads itself without a Host.
    • Designed to duplicate and spread via network.

    What does it do?

    • Can cause network problems (heavy traffic).
    • Acts of vandalism are rare but possible.
    • Will often open “back doors” to the machine.

    How does it spread?

    • Replicates itself on the same machine.
    • Capable of spreading itself often via email.
    • Via network, often through their own back doors.


    Adware

    Section


    Column
    width200px

    Image Added


    Column

    What is it?

    • Normally legitimately installed software.
    • Free software paid for by the advertisements (to recoup development costs).

    What does it do?

    • Downloads and/or displays ads on your machine.
    • Provides a free version of software.

    How does it spread?

    • Downloaded and installed deliberately by user.
    • May note sites you visit and display corresponding advertisements (SpyWare).


    Spyware

    Section


    Column
    width200px

    Image Added


    Column

    What is it?

    • Any program that monitors your behavior: e.g. surfing habits, sites visited.

    How it spreads?

    • Piggy-backs on other software; not as a virus as it’s often intentional.
    • Can operate like a Trojan e.g. fake security software.
    • Tricks users into bypassing security.

    What it does?

    • Record and deliver info you enter online.
    • Can install software, redirect browser.


    Rootkit

    Section


    Column
    width200px

    Image Added


    Column

    What is it?

    • Program(s) which hide deep on your system.
    • Replaces system files which then hide processes.

    How it spreads?

    • Spread as Viruses or Trojans (not Worms).
    • Rarely spreads itself any further once infected.

    What does it do?

    • Allows unauthorized access to your machine.
    • Sniffers, keyloggers, zombie computer.


    BotNet

    Section


    Column
    width200px

    Image Added


    Column

    What is it?

    • Spyware that records personal data.
    • Refers to a collection of machines.

    How it spreads?

    • Spread via Trojans or like Worms
    • Scan local environment to find vulnerable machines

    What does it do?

    • Very low-key – it wants to remain hidden.
    • Gathers information and relays it (e.g. banking).
    • Used for identity theft, compromise online accts.


    Phishing

    Section


    Column
    width200px

    Image Added


    Column

    What is it?

    • Attempt to gain personal information such as passwords or account information fraudulently e.g. Email masquerading as bank representative.

    How?

    • Majority of attempts happen via email.
    • Also Instant Messaging, Social Networking.
    • Refer to websites that look like the original.

    What does it do?

    • Gain access to account, or identity theft




    ...

    Vectors to Infection

    The following are just some examples of the most common methods by which machines or accounts can be compromised.

    Email

    Panelbox
    id1

    Bad or suspicious links, especially in HTML email, what a link says might not be where it’s actually going.

    Dangerous attachments: Attachments can contain the malware itself, which might or might not be caught by antivirus tools. As a rule of thumb, don’t open one unless you know exactly who sent it and what it contains.

    Phishing:  Tricking a user into giving away personal or financial information

    Software Vulnerabilities

    Panelbox
    id1

    Out of date software: may have vulnerabilities which can be exploited. Be sure to apply all patches and updates.

    Browser plugins: are popular targets because they are easy to install and often don’t get updated.

    Operating system: are the primary line of attach for malware developers. Run security patches and updates regularly.

    Malicious or Compromised Websites

    Panelbox
    id1

    Legitimate websites can contain dangerous links or harmful code:

    • Facebook (stolen passwords)
    • Forums, blogs, etc.
    • Security holes in webservers
    • Bad advertisements / popups

    Search engines: can be tricked or "seeded" with malicious sites

    Some attacks can happen without any interaction from you:

    • Sometimes called drive-by downloads
    • Usually associated with a browser or plugin vulnerability


    ...

    Tips to Help Avoid Infections

    ...

    Have active and up-to-date anti-malware softwareAnti-malware software is important in keeping your personal machine safe and usable. We believe that the default anti-virus programs on personal machines, Windows Defender and macOS built in defenses, are sufficient at keeping your laptop clean. A helpful addition would be to download a free scanning software, such as Malwarebytes, to run a full scan of your machine every week. We believe those two things in tandem should keep your computer virus free.

    There are more extensive, all-in-one tools which you can purchase, often on a subscription model. If you choose such a tool, you must ensure that you keep the subscription up-to-date. If you don't, the software will stop updating itself and will be unable to detect the most recent malware releases and variations.

    Pause and consider links and downloads before clicking and installing: Even trusted sources sometimes get hacked and can provide infected content. Take a moment and think about how likely it is that the action you're about to take will be safe—were you expecting that attachment? Do you really need that software to do what you're doing?

    ...