Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 33 Next »

Table of Contents

Overview

Malware is an umbrella term for various types of malicious software. This term encompasses Viruses, Worms, Trojans, Adware, and more. Common symptoms of a malware infection include slow computer performance; difficulty registering or accessing the network; the inability to run software updates or anti-virus software, and unexplained pop-up warnings, errors, or ads. This article will review some basic information about various types of malware, how to recognize it, and what to do about it.

Student-owned computers suspected of having any kind of malware infection can be dropped off free of charge at the ITS Helpdesk from 8 am–5 pm Monday–Friday.



Types of Malware

Virus

What is it?

  • Malicious program that attaches itself to a legitimate file or program (the Host).
  • Infects machine when host file is run or opened.
  • Typically cannot run itself, needs human intervention.

What does it do?

  • Harmless as presenting “I’m here!”
  • Dangerous as deleting files.
  • Trigger immediately or wait for instructions or wait for a specific date.

How does it spread?

  • Via any files that move between computers (e.g. email).
  • Once on machine, looks for files to infect.
  • Relies on user transmission of those files.

Trojan

What is it?

  • Disguises itself as useful software or legitimate files.
  • Typically cannot run itself, needs human intervention.

What does it do?

  • Harmless as changing icons on your desktop.
  • Dangerous as opening “back doors” to the machine.

How does it spread?

  • Purely human intervention; “invited” onto system.
  • Cannot replicate itself.
  • Opening files or images…

Worm

What is it?

  • Malicious program that spreads itself without a Host.
  • Designed to duplicate and spread via network.

What does it do?

  • Can cause network problems (heavy traffic).
  • Acts of vandalism are rare but possible.
  • Will often open “back doors” to the machine.

How does it spread?

  • Replicates itself on the same machine.
  • Capable of spreading itself often via email.
  • Via network, often through their own back doors.

Adware

What is it?

  • Normally legitimately installed software.
  • Free software paid for by the advertisements (to recoup development costs).

What does it do?

  • Downloads and/or displays ads on your machine.
  • Provides a free version of software.

How does it spread?

  • Downloaded and installed deliberately by user.
  • May note sites you visit and display corresponding advertisements (SpyWare).

Spyware

What is it?

  • Any program that monitors your behavior: e.g. surfing habits, sites visited.

How it spreads?

  • Piggy-backs on other software; not as a virus as it’s often intentional.
  • Can operate like a Trojan e.g. fake security software.
  • Tricks users into bypassing security.

What it does?

  • Record and deliver info you enter online.
  • Can install software, redirect browser.

Rootkit

What is it?

  • Program(s) which hide deep on your system.
  • Replaces system files which then hide processes.

How it spreads?

  • Spread as Viruses or Trojans (not Worms).
  • Rarely spreads itself any further once infected.

What does it do?

  • Allows unauthorized access to your machine.
  • Sniffers, keyloggers, zombie computer.

BotNet

What is it?

  • Spyware that records personal data.
  • Refers to a collection of machines.

How it spreads?

  • Spread via Trojans or like Worms
  • Scan local environment to find vulnerable machines

What does it do?

  • Very low-key – it wants to remain hidden.
  • Gathers information and relays it (e.g. banking).
  • Used for identity theft, compromise online accts.

Phishing

What is it?

  • Attempt to gain personal information such as passwords or account information fraudulently e.g. Email masquerading as bank representative.

How?

  • Majority of attempts happen via email.
  • Also Instant Messaging, Social Networking.
  • Refer to websites that look like the original.

What does it do?

  • Gain access to account, or identity theft




Vectors to Infection

The following are just some examples of the most common methods by which machines or accounts can be compromised.

Email

Bad or suspicious links, especially in HTML email, what a link says might not be where it’s actually going.

Dangerous attachments: Attachments can contain the malware itself, which might or might not be caught by antivirus tools. As a rule of thumb, don’t open one unless you know exactly who sent it and what it contains.

Phishing:  Tricking a user into giving away personal or financial information

Software Vulnerabilities

Out of date software: may have vulnerabilities which can be exploited. Be sure to apply all patches and updates.

Browser plugins: are popular targets because they are easy to install and often don’t get updated.

Operating system: are the primary line of attach for malware developers. Run security patches and updates regularly.

Malicious or Compromised Websites

Legitimate websites can contain dangerous links or harmful code:

  • Facebook (stolen passwords)
  • Forums, blogs, etc.
  • Security holes in webservers
  • Bad advertisements / popups

Search engines: can be tricked or "seeded" with malicious sites

Some attacks can happen without any interaction from you:

  • Sometimes called drive-by downloads
  • Usually associated with a browser or plugin vulnerability



Tips to Help Avoid Infections

Mac users:

While it is true that there are far fewer infections for Mac computers, Macs are not invulnerable and can be infected. In addition, infected files may be transferred via Mac as, for example, email attachments. Don't assume you don't need to be protected or be careful just because you're on a Mac!

It's nearly impossible to guarantee a way to avoid infections, but here are some good things to keep in mind:

Have active and up-to-date anti-malware softwareAnti-malware software is important in keeping your personal machine safe and usable. We believe that the default anti-virus programs on personal machines, Windows Defender and macOS built in defenses, are sufficient at keeping your laptop clean. A helpful addition would be to download a free scanning software, such as Malwarebytes, to run a full scan of your machine every week. We believe those two things in tandem should keep your computer virus free.

There are more extensive, all-in-one tools which you can purchase, often on a subscription model. If you choose such a tool, you must ensure that you keep the subscription up-to-date. If you don't, the software will stop updating itself and will be unable to detect the most recent malware releases and variations.

Pause and consider links and downloads before clicking and installing: Even trusted sources sometimes get hacked and can provide infected content. Take a moment and think about how likely it is that the action you're about to take will be safe—were you expecting that attachment? Do you really need that software to do what you're doing?

Be suspicious of very scary warning messages: They're almost always malware themselves, especially if you have to click or install something to further scan your computer.

Ask questions: If you're not sure about something, and don't know how to proceed, stop by the ITS Helpdesk or give us a call at 507-222-5999, and we will help you out.



For Help

If your computer is infected and you're not able to remove the malware, you can:

  • For a Carleton-owned or student-owned computer, bring it to the ITS Helpdesk (x5999).
  • For all other devices, contact a local computer repair service.

If all else fails, users may have to wipe the hard drive and do a clean install of the operating system.




  • No labels