Malware: The Name Says It All
The term “malware” joins two words that tell you exactly what malware is: MALICIOUS and SOFTWARE. Malware is malicious software—software that was created to cause damage to whatever IT system it manages to get established in. Just as there are many types of legitimate software, there are many types of malware. Knowing something about the types of malware can help you understand how malware might get into your IT system and help you realize just how much damage malware can do once it’s inside. Here are three major types of malware and what they can do to your IT system.
Just like a human spy who gathers information in secret on behalf of someone else, spyware is malicious software that gathers information about you or your organization without your knowledge and sends it to someone else. A human spy might meet a contact in a dark alley on a rainy night to hand over the stolen information. Spyware uses your Internet connection to send data back to whatever PC is controlling the spyware.
Spyware usually sneaks into your system as a hidden part of a free program downloaded from the Internet—freeware or shareware. Most often, the spyware gathers information on what Internet sites you visit, something useful to advertisers. Sometimes, though, spyware collects email addresses, passwords, or even credit card numbers. Spyware can damage your business by the information it passes on. It also reduces efficiency of your IT operation: spyware uses PC memory to run and network bandwidth when it reports to headquarters.
Once again, the name says it all. The Greeks gave the Trojans a nice big wooden horse, got them to bring it into their city—and then the Greek soldiers hiding inside the horse destroyed the Trojans. Trojan horse malware makes you think it will do good things for you if you install it—if you bring it inside your city gates!—but it’s really designed to destroy.
One common example of the tricky outside of Trojan horse malware is the window that pops open and tells you your computer is full of viruses and if you download this program everything will be fixed. When you click to install, or click a link, you find out what’s hiding INSIDE the Trojan horse—often, it’s viruses!
The damage caused by a Trojan horse depends on the nature of the malware it gets you to install on your PC. Some common consequences are: someone might get remote access to your PC, your operating system might be destroyed, or your security software might be disabled. Watch out for Greeks bearing gifts—for an offer of software that on the outside looks too good to be true.
No, not “fishing”—“PHISHING.” Different spelling, but the idea is the same: to fish, you throw out bait and hope a fish will bite it; to “phish,” you throw out an authentic-looking email—the bait—and hope the recipient will bite—give you the information you want.
Typically, phishing bait is an email that presents itself as being from a legitimate organization, asking for confidential information. Everything in the email looks authentic—the logo, the language, the request for your credit card number. If you don’t have a connection with that organization, you’ll ignore the email—you’re one of the fish who doesn’t take the bait! What the “phisherman” knows, though, is that SOME of the thousands of fish who get that email WILL have a connection with the company that seems to be asking for the information. They’ll bite, and the “phisherman” gets data to sell to identify thieves.
The amount of personal information available online today makes it very easy for phishing specialists to tailor an email just for you. They your nickname and home town on your Facebook page. They find one of your organization’s suppliers from the client list on the supplier’s website. They find your job title on your company web site or LinkedIn. Put that information together with an invoice you MUST open and pay TODAY, and your personal information is in the net, on its way to be used by thieves.
We could talk about other types of malware in addition to spyware, Trojan horses, and phishing, but I’ll leave worms, ransomware, and viruses for another time. I’m sure you’re depressed enough already and you just want to know, WHAT CAN I DO? A short answer: Get strong anti-malware protection; keep your application, operating system, and server patching current; and educate your system’s users about malware—MALICIOUS SOFTWARE. Giving them this article would be a good start!