fbpx
Contact Us

What is the Threat of Malware Against Everyday Folk?

Go Back

Generally, people are aware of malware but aren’t fully aware of what it is programmed to do and the impact of it can have if you don’t catch it early enough. Malware is short for ‘malicious code’ and is the catch-all term for Trojan’s, viruses, spyware, adware and worm’s which are all designed to either steal personal information or gain unauthorised access to our devices.

Why Does Malware Exist?

The answer is simple - money. There is a lot of money to be made. Malware can automatically search for, find and secretly exfiltrate your personal information and then monetised it by selling it in places like the Dark Web. Or, malware can defraud you directly using your stolen credentials. What’s more, not only is it difficult to trace and catch malware developers but malware can be released to a high number of people, spreading quickly with a diminishing amount of effort involved for the perpetrators. It has a very scalable business model.

Your Personal Data Has a Financial Value!

You might be thinking, nobody’s going to want my personal information! Well, consider this…credit card data is so widely stolen and sold on the dark web that you can go shopping for it like you would your groceries. Shoppers can sort and filter by bank, card type, city, country and so on! In a report by McAfee called The Hidden Data Economy [1], they found cyber criminals actually paying for our social media account credentials for around $5 each, stolen bank cards for $5-$30 (US), $20-$35 (UK) and $25-$45 (Europe). Unsurprisingly, online banking login credentials are especially valuable averaging around $190 for access to a bank account with a $2,200 balance.

These prices for our sensitive data demonstrate malware is now big business. Vast networks of developers form complicated multi-national criminal enterprises. They have teams of developers writing some of the world’s most advanced malware. They use it themselves to steal directly from people like you and I, but also sell it wholesale (business-to-business) to other criminals. If you so desired, you can buy an off-the-shelf malware kit which is easy-to-use for between $175 and $6,000 (£130 to £4500). With this, you could generate around $90,000 (£67,000) monthly turnover [2]!

Types of Infection

  • Viruses: a virus acts much like a virus in the biological world. It latches onto another computer file, embeds itself into it and then replicates.
  • Trojan Horses: very similar to viruses, but do not replicate themselves. They hide ‘in plain sight’ of the user by masquerading as legit software, concealing their true intentions of theft and control. Trojan’s typically are designed to steal your information for financial gain or identity theft purposes. They often enable the remote control of your device by the attacker.
  • Grayware: grayware is generally more irritating than anything else, primarily causing performance issues. However, the more recent types of grayware have started to blur the line with viruses as they embody significant security risks and often carry malicious payloads like Trojan Horses.
  • Adware: software that’s primary purpose is to display adverts or redirect your web search requests to a particular site, whereby the attacker generates revenue from the internet traffic they are able to create. Often these types of software analyse your web browsing history and key strokes in order to deliver highly tailored and specific advertisements that you are much more likely to click on. By knowing your keystrokes, they also know your search history, what your wrote to your mistress in that email and all your internet banking passwords…
  • Spyware & Key Loggers: spyware is designed to be especially stealthy, installing itself in complete secrecy. They can have a whole plethora of applications but in short, can access everything and steal anything.
  • Scareware: scareware tries to panic us into making a false move. Typically, they fall into two categories;
    • You’ve got viruses on your computer! A pop-up window pretends to scan your machine with a fake progress bar and then shows you that there are a lot of issues on your device. The fix it proposes is to download some software that will allegedly solve these issues. Ironically, this software is the malware!
    • We’ve caught you red-handed! Typically displayed as a fake message from the police, telling you they have identified illegal activity (often watching porn is used as the reason) and that you must pay a fine to prevent legal action being taken. These kinds of messages will steal your payment details and your money along with it.
  • Remote Access Trojan (RAT): are the malicious use of legitimate (and quite useful) technology used in the corporate world for IT departments to access employees’ computers remotely to help fix issues. However, when used maliciously they are used to perform key logging, take secret screen shots and camera pictures, access sensitive files, execute malicious code (e.g. malware), steal passwords and eavesdrop on conversations using the microphone.
  • Worms: these are especially dangerous because unlike viruses, a worm doesn’t need an action from us to latch onto our computers (e.g. clicking on an advertising banner on a dodgy website). It has the ability to self-proliferate, burrowing its way from the internet into our computers completely autonomously.
  • Pharming: have you ever tried to navigate to a website and then all of a sudden, you’re taken to a random site you’ve never seen before? If so, you’ve experienced a practice called ‘pharming’. This is malicious code that has been loaded onto your computer and misdirects your web browsing to specific websites to try and scam you.
  • Malicious Apps and Software: on any device we can quite easily download malicious apps without even knowing it. Only install apps you know and can trust.

How Does Malware End up on our Devices?

The most common ways these nasty little things end up on our devices are;

  • User Error - you either accidentally downloaded something malicious that was purporting to be something authentic, or you downloaded a free piece of software that has malware bundled into it.
  • Software & Hardware Vulnerabilities – something exploited a vulnerability on one of our devices. All software and hardware has vulnerabilities in their construction and design. Remember, nothing can be 100% secure. Security patches and anti-virus software updates fix the most critical of these vulnerabilities so we must ensure our devices automatically download and install them.
  • Over-privilege – ‘privilege’ refers to the actions we allow software on our devices to perform without our explicit approval. Poorly designed operating systems and software can by default, provide too much privilege and malware exploits this.
  • Baiting - cyber criminals leave intentionally compromised devices (usually USB drives) lying around in public locations they know people will pick them up and out of pure curiosity plug them into their device to see what’s on there.
  • Your Device is Already Compromised - you may be already compromised from the hardware you bought straight from the shop. Clever cyber criminals infect hardware and software before it even leaves the factory, meaning they then automatically infect everyone who purchases the product – clever indeed!

How Do You Identify Malware on Your Device?

The ways these threats infect us are varied but their impacts are typically the same. You can identify the tell-tale signs easily which include;

• Slow performance, takes your device ages to open / close applications or boot-up / shut-down
• Crashing (blue screen of death)
• Missing or additional files / programs / toolbars
• Unusual error messages / pop-ups
• Unable to access anti-virus websites or redirected to strange websites
• Your anti-virus has been turned off and it won’t turn back on

Typically, once you or your antivirus software has detected malware it’s a fairly straight forward process for your anti-virus program to remove it.

Which anti-virus should we use?

Before I make my recommendations, let me say I do not get commission from any third party. I am wholly independent and recommend products on merit only.

Laptops and PCs;

a) Bitdefender Antivirus Plus – this is the one I have and it’s fantastic. It offers 30-day free trial of the full version so you can road test it first and it only costs £39.99 per year (1 device). It’s great for both Mac and PCs. During lab testing, this product blocked 100% of all viruses and malware that was thrown at it , all while having zero negative impact on system performance.

b) Avast – the free alternative is Avast but beware, in order to make it free they bundle in some unnecessary other software so be sure to remove it once installed! A small price to pay for a premium AV at zero cost though I’d say.

Mobile Devices;

Apple Products

We don’t need Anti-Virus for iPhones and iPads. Why? Apple iOS devices are more resilient to malware threats than Android phones, due to the sandboxing technology that Apple iOS devices use. You do need anti-virus for Mac PCs though, they use MacOS, not iOS!

For iPads and iPhones (iOS devices), all you need do is ensure you install the iOS system updates as soon as you’re prompted to as these contain important security fixes.

Android Products

If you have an Android device, I’d recommend Norton Security & Antivirus. It has a strong malware monitoring capability, if you opt for the paid version it’ll cover up to 10 devices (great for families), has an ‘App Advisor’ for Google Play app store to ensure you’re only downloading safe apps and has a well-designed user interface (Free).

 

That’s been a fairly in-depth look at malware, how to identify it and what to do to stay safe. Let me know if you found it interesting by commenting below!

 

Jonny

Founder of www.SimpleCyberLife.com. Cyber security expert, public speaker and entrepreneur.

www.jonnypelter.com

jonny@simplecyberlife.com

 

References;

[1] https://securingtomorrow.mcafee.com/mcafee-labs/hidden-data-economy-report-exposes-price-points-for-stolen-data/

[2] http://www.itpro.co.uk/security/innovation-at-work/29579/the-business-of-malware

Leave a Reply

Your email address will not be published. Required fields are marked *

Hacked Social Media Recovery Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips. You of course can unsubscribe at any time.

Free Protection Checklist!

Pop your email into the form below and we'll send you the link to your internet safety protection checklists!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.

Free Cyber Bullying Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips occasionally. You of course can unsubscribe at any time.

Free I've Been Hacked Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.

Top