Malware Articles

Just what is malware?

It's a contraction of the two words "malicious' and "software"  And that describes it perfectly.  It is software written by hackers and other "bad guys" to steal your identity, to vandalize your computer or to sell you something.  Lets look at some of the forms of malware in the table below.

What are some of the malware types?

Item

Definition

Virus

A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce.  These bad guys are vandals.  They don't know who you are, only that they want to create havoc on anyone's computer.

Adware

This type of malware causes you to be confronted with ads from companies that want you to know about their services or products.  These bad guys are just annoying in that they provide content at websites that you haven't requested.

Spyware

On the Internet (where it is sometimes called a spybot or tracking software), spyware is a type of malware whereby programming is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.  These bad guys are thieves.  They want to get into your accounts.

Ransomware

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker). Other ransomware use TOR to hide C&C communications (called CTB Locker).  These bad guys are extortionists.  They want you to send them money.

Ransomware

Ransomware hackers use the following vectors to infect a machine:  phishing emails, unpatched programs, compromised websites, online advertising and free software downloads.  Once the files are encrypted, the hackers will deploy some sort of screen or webpage explaining how to pay to unlock the files.  Also typical ransomware has a 48-72 hour deadline which, once passed, causes the ransom to increase.  Most ransoms start in the $100 - $500 range, and once the deadline has passed it will likely increase to over $1000.  Paying the ransom invariably involves paying a form of e-currency (cryptocurrency) like Bitcoin.  Once the hackers verify payment, they unlock the encryption and the computer begins the arduous process for decrypting your files.

Typical ransomware software uses RSA 2048 encryption to encrypt files.  Just to give you an idea how strong this is, an average desktop computer is estimated to take around 6.4 quadrillion years to crack an RSA 2048 key.

Prevention for this attack on networks involves software restriction policies on certain directories that ransomware infections typically start in.Another option for reducing the chance of ransomware infections (on top of your existing antivirus solution) is to use a specialized software for scanning for these types of infections.  Microsoft has developed a Cryptowall active alerter/scanner which will actively scan for ransomware-type activity and alert users. It is more advanced in use and not intended for home users.  The single most important remedy for recovering from a ransomware attack is having a previous (and current) backup.