CRIAZIWEB

• What is Malware? What you need to know to prevent!

What are Malwares? What you need to know to prevent yourself!

Many people do not know exactly what malware is. Some think they know, and a considerable portion of them say that malware is a virus. It is not entirely wrong to make such a statement, but it is also not entirely right. Do you want to end this kind of doubt? So go ahead and find out everything that is needed to answer the question correctly and how not to become the next victim.

Where does the name come from?

Like practically all terms used in computing, malware originates in English, from the words malicious (malicious) and software (program). That is, it is an abbreviation composed of the two words and designates any program that has malicious activity.

The word malicious, refers to the purpose of the program, since invariably the program's real intention is to gain some advantage in favor of the malware creator, usually in the form of information theft or causing some type of damage and / or damage to the person who has an affected device (notebook, tablet, smartphone, desktop, etc.) and for this reason receives the adjective malicious.

What is malware?

It consists of at least one program, but in some cases and depending on the class of malware, as well as its purposes, it can be a set of files, just like other legitimate programs that we install on our computers and use for the most diverse ends.

The role or function or purpose of a virtual plague - as malware is also called - is to perform actions according to something that its author intends. And the first possible malware that is known, although they were not intended to cause great harm, was at least uncomfortable. It was called Creeper.

The first manifestation of the Creeper was still in ARPANET, and it occurred through the 'infection' of one system after another, during which it displayed the message: 'I am the Creeper: Catch me if you are able!' and after that, it “jumped” to another machine on the network, deleting itself from the previous computer. Possibly its author just wanted to demonstrate that it was possible, in addition to having a certain sense of humor, given the annoyance he caused with his behavior.

At that time, the virus nomenclature had not yet been used and it was only some time later that software that appeared to behave like Creeper began to appear, as they spread among computers on a network, they did not erase, but they caused some type of damage, for example, render systems or other programs useless. Because of their behavior, these malware were the first to be called viruses.

Initially, malware spread by physical means, specifically removable media, such as floppy disks, or inside computer networks. With the rise of the web and the ability to connect multiple computers in different geographic regions, malware authors began to spread via any form in which a computer made any kind of access to the Internet.

What types of malware?

Viruses were the first manifestations of malware, but over time and with the expansion of available technologies, both of access by people, as well as devices capable of doing so, variations of virtual pests with specific characteristics and with different purposes and behaviors.

TROJAN

Known as Trojan horses, because like the Greek horse given to the Trojans, it disguises itself as something to insert itself into systems. Therefore, it passes itself off as another type of program that, when installed on a system, reveals its real malicious nature;

SPYWARE

It has the name derived from spy (spy in English), since they furtively monitor the actions that are performed on the device on which it is installed and provide such data to its author. Monitoring can include Internet browsing history, programs used by the user, e-mail messages sent, dates, times when the actions were performed, etc;

KEYLOGGER

It has behavior similar to spyware, in that it collects data and sends it to its author, but the data collected is exclusively related to which keys on the keyboard are used, that is, everything that is typed, is known by the malware author;

SCREENER

It is another specialized variation of spyware, but the goal is to make and send images of the computer screens (Print Screen) on which it is installed at regular intervals of time. In this way, the author has visual knowledge of everything that is done by the user;

WIPERWARE

Also known as a cleaner, it is the “virtual vandal”, in that it aims to destroy content, usually by erasing data on hard drives or rendering them unusable. There are 2 variations, the first of which copies the data on the part of the author and then the data is deleted from where they were stored.

In the second variation, only the data is deleted. This class of malware has some of the most harmful and most famous programs for the damage that has been done and the number of people affected;

WORN

Also known as worm, it is characterized by spreading from one system to another, without depending on the actions of the users of these systems. They often exploit vulnerabilities in operating systems or software installed on those systems; to self-spread and constitute one of the most successful classes of malware;

BANKER

It is a specialized class of malware that aims to steal bank details and passwords, and that can combine spyware, screener and keylogger behavior. It is one of the classes that most threatens, since it can cause severe financial losses;

ADWARE

Its name partly explains its purpose, which is to display advertising (advertise software). The problem is that ads are generally of undesirable content, such as pornography and often generate a large volume of pop-up windows that are displayed successively and if the device does not have enough memory and / or processing to support such behavior, you may even stop responding.

Sometimes, too, adware can be associated with other classes of malware and use the disruptive behavior of displaying advertising, as a cover for other, more harmful actions;

RANSOMWARE

It is a very popular malware today and usually causes infection through an attachment or a link in an email message. phishing. This class of malware encrypts the data (documents) of the infected system, blocking its access by the user unless an amount is paid as a ransom, usually in cryptocurrency;

MINERS

With the advance of cryptocurrencies, particularly desired by the times when there was a great appreciation, a class of programs emerged that aims to hijack the processing power of the machines on which they are installed, to mine cryptocurrencies. When this occurs, the infected machine usually presents performance problems, due to the use of its processing power for the mining process;

BOTNET

It is not exactly a class of malware, but malware aimed at gaining control of several computers or servers on different networks, with the aim of commanding all remotely from one point and from there all perform the same action simultaneously and on a large scale. It is the most used method for DDoS attacks.

How does malware infection occur?

Malware authors use various means to disseminate their creations, with the aim of reaching a range of electronic devices and networks. The most common ways of spreading these virtual pests are as follows:

Received by email - comes in the form of an email attachment or a link in the body of the message. Generally the text of the email is intended to generate interest or curiosity from the recipient. It could be a security update for your bank, compromising photos, news, etc. This type of action is known as phishing;

Downloads - when you download content without having verified the website or the source from which the content is being downloaded;

Piracy - installation of programs that are the result of piracy. The computer pirate is not an altruist who wants to provide you with paid programs for free. Usually your payment to him for the program purchased, comes from making your computer or device suitable for installing some malicious program that will give you something in return, such as making you a zombie in a botnet;

Sites - it is common for cyber crooks to invade websites to include their malware among them, among other things. When accessing these sites, users have malware downloaded and installed on the devices they have accessed;

Wi-Fi networks - public and unprotected wireless networks can be the target of malware spreading, as it is not difficult to break into devices using such networks;

Modems - there are brands and models of modems whose firmware has security flaws that allow them to be accessed remotely and so the network that uses such modems would stay and unauthorized access by attackers is reasonably simple;

Corporate networks - corporate networks, if they are not managed in order to control the flow of data and the actions of users, can be the focus of the spread of malware, especially when there is an intranet, virtual disks and collaborative content. A single malware on a user's device can compromise all points on the network.

How to prevent it?

The main measure to stop the spread of malware is information. Knowing which classes of malware, how they manifest themselves and their dissemination behavior, helps to avoid having a compromised device, as it reduces the chances of exposure.

Even malware authors rely on the lack of information on the part of the majority of users, to be successful in spreading virtual pests and some of the propagation mechanisms use this principle.

The following is a list of aspects that must be carefully observed in order to avoid compromising your devices by malware:

Keep your device's operating system (notebook, smartphone, tablet, desktop, etc.) always up to date. Some types of security breaches can be exploited by giving the attacker control over the system and thus being susceptible to various types of threats. Updates to programs and systems often correct flaws that are discovered;

Keep complete security systems installed, with firewall, antivirus (actually antimalware) and always update them or leave automatic updating enabled;

Avoid using removable media (pendrives, CDs, DVDs, etc.) whose origin is not known. If your access is necessary, first submit the evaluation of your content using the antivirus that you have installed on the device;

Remember that just as you are susceptible to having an infected device, so are your acquaintances. Therefore, a known person's content does not imply that it is free of malware;

Avoid exposing sensitive and important data to networks or environments where you are unsure about security. If you have to connect to insecure networks, try to use secondary users, without administrator privileges and who do not give access to all your data;

When you receive emails whose origin cannot be verified or if you have doubts as to their origin, before proceeding, check with the sender to send the message. When in doubt, never click on links or open attachments. In some cases, simply opening the message can be dangerous;

Do not rely 100% on your antimalware programs. No protection is fully effective, and like diseases that affect people, vaccines come only after the disease is discovered. Until then, some victims will be infected.

If the worst happens and you suspect that you have a system compromised by malware, avoid exchanging data with third parties and isolate the infected device from the network and the Internet, until you have done a thorough scan for malware. If you don't know exactly what to do, ask an expert for help.

There are online solutions that can be used as a complement to the solution you have installed on your computer and that does not compete with it in identifying malware. Use these scanners as a complement to the security solution you have installed on your machine, since as we said, no antimalware is 100% effective.

There are also classes of very specialized malware that also require specific programs for their detection and cleaning, which is the case for bankers.

Conclusion

There are different types of malware and regardless of the class, the consequences can be serious and represent significant losses. The main measure to protect yourself is to keep all users informed and to adopt a well-defined set of measures to reduce the chances of infection.