What Do You Know About Malware?

Beware malware

Malware, also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or otherwise annoying or disrupting the victim. Malware has become the most significant external threat to most systems, causing widespread damage and disruption, and necessitating extensive recovery efforts within most organizations.

There are five types of malware:

  • Ransomware – Ransomware is a subcategory of malware which typically will block access to computers or data until a payment is made.
  • Trojan – A Trojan is a self-contained, non-replicating program that, while appearing harmless, actually has a hidden malicious purpose. Trojans either replace existing files with malicious versions or add new malicious files to hosts.
  • Spyware – Spyware is a type of malware used to covertly observe a user’s activity and gather information about a user without their knowledge or consent.
  • Virus – A virus self-replicates by inserting copies of itself into host programs, data files or propagating through network file sharing. Viruses are often triggered through user interaction, such as opening a file or running a program.
  • Worm – A worm is a self-replicating, self-contained program that usually executes itself without user intervention.

Signs to Look Out For:

  • Slow performance
  • Unexpected computer crashes
  • Pop-up ads (even when no browser is open)
  • Excessive hard drive activity
  • New browser homepage or toolbars
  • Unexpected Antivirus disabling
  • Lost functionality

Ways To Avoid An Attack: 

  • Do not open suspicious emails oremail attachments, click on hyperlinks, etc. from unknown or known senders, or visit websites that are likely to contain malicious content
  • Do not click on suspicious web browser popup windows
  • Do not open files with file extensions that are likely to be associated with malware (e.g., .bat, .com, .exe, .pif, .vbs)
  • Do not disable malware security control mechanisms (e.g., antivirus software, content filtering software, reputation software, personal firewall) and ensure that they are continuously updated
  • Do not use administrator-level accounts for regular host operation
  • Do not download or execute applications from untrusted sources

Cyber-Attacks: Don’t Be Fooled By Internet Foes

Trusting other online

One of today’s most effective cyber-attack methods is to take advantage of the human tendency to trust.

Social engineering, a form of psychological manipulation where an attacker cons users into divulging information or doing something they want the user to do, can occur through phone calls, email, text messaging, social media and online chats.

Indicators of social engineering attacks include:

  • A tremendous sense of urgency, or pressure to make a quick decision
  • Someone asking for information they should already know
  • Something too good to be true

To avoid social engineering attacks, never share your passwords and don’t share too much personal information on social media, which can give attackers information to mislead you. If someone asks for something personal, verify their contact information first.

6 Ways to Spot Spam

1. Requests for Personal Information
No professional organization will ask for your social security, bank, check, or PIN number in an e-mail.  Mark these emails as SPAM and delete them promptly without responding.

2. Spelling and Grammar Mistakes
The worse the spelling and grammar, the more likely it’s a SPAM email.  Delete and move on.

3. Click-able Links
Don’t trust links in e-mails. What might look like a legitimate link is often linked to a third-party site that looks official, but is actually run by the emailing scammers.  For example, if you get an email that looks like it’s from your bank telling you your account is closed, type your usualy banking URL into your browser to check it directly (instead of clicking the link in the email).  You may find that the email is SPAM.  Mark it as such and delete it.

4. Attachments in e-mails from anyone you don’t know
Never open an attachment from someone you don’t know. It’s likely a virus or spyware that will sit on your computer to steal your personal information.

5. Outdated Info
Some scammers like to pretend to be customer support from a company you trust, but slip up when it comes to accuracy. For example, in the picture, the  below, the spammers forgot Earthlink bought Mindspring in 2000.

6. Alarming Phrases
“Verify your account,” “you won!” or “if you don’t respond in __ hours, your account will be locked” are phrases that ONLY appear in SPAM.  Mark it and delete without clicking or replying.

Phishers and Scammers are Getting Smarter…Are You?

Most of us have heard of the term phishing and have probably been attacked by it more than once. Phishing is attempting to acquire information from users while posing as a trustworthy individual in an electronic communication.  “Phishing” generally refers to attacks in your email inbox, but there are three others to know of: vishing, smishing, and whaling.

“Vishing” is a phishing attack on your VoIP (voice over IP) phone.  If you don’t have a VoIP phone then you are not at risk, as land lines are not susceptible to this kind of attack. Like phising, a message sent to a thousand possible emails, vishing is sent to a thousand possible VoIP phones.  Vishing happens when victims receive voice messages asking to contact their bank about fraudulent bank account activity.  The attack is successful when users call the number and are then prompted by voice commands to enter personal information, or they are connected with someone appearing to be a bank representative. Providing information can then lead to stolen credit card numbers, or full-on identity theft.

“Smishing” is a phishing attack on your mobile phone via text messaging or Short Message Service (SMS) messaging.  Same concept as above, text messages are sent to your phone asking you to go to a website or call a number where you are met by someone attempting to steal your personal and critical information.

Finally, “whaling” is a specified attack on senior business leaders.  These attacks are more specific, as scammers are doing their homework and compiling business email addresses, job titles, direct telephone numbers, and reporting employee names of business executives and compiling direct attacks over email.  Executives are prone to fall to these attacks as the information in the emails leads them to believe the messages are legit.  The email message may contain and attachment or point executives to a website, where once clicked, a program is downloaded to the user’s PC and confidential information is then compromised.  This attack is a little different as the scammers are not only interested in obtaining personal information on the user, but are also after confidential and proprietary information of the company.

A lot of successful phishing attacks go unreported because the victims don’t want to appear gullible enough to be stooped by these attacks.  Sometimes we throw logic reason out the door and fall, even though we think we are too smart to do so.  Continue to delete the emails, but also remember to delete the voicemails and the text messages.  And remember, if you have a small suspicion that something isn’t right, it probably isn’t!

EarthLink IT Services offers numerous security services to protect against these attacks.  Check out our security service product suite HERE!