InfoSec Blog - Malware Explained!
September 14, 2018
Malicious software (aka malware) is one of the biggest threats to your computing devices and your data. Malware can take many forms, but at it's core it is software meant to inflict harm on your system with the intent of gaining access to your system and information.
Types of Malware
There are many different types of malware and lots of terms you may have heard to describe it. Here is a breakdown of the most common forms:
- Virus: the term 'virus' is commonly used to describe all malware; however it has a very specific meaning for IT professionals. A true computer virus "infects" other files by modifying them to include it's own code. A virus modifies legitimate files so that when they are executed, the virus is executed as well.
- Worms: self-replicating pieces of malware that have the ability to spread between systems without any end-user action necessary.
- Trojans: programs that are disguised to appear legitimate but actually contains malicious code. Trojans typically spread via email, peer-to-peer file sharing, or via compromised websites.
- Ransomware: a strain of malware that encrypts your files and demands a fee to unlock them.
- Macro virus: found in an infected document file which automatically runs malicious code when opened. These are commonly spread via email in malicious Microsoft Office documents.
- Adware: this type of malware will spawn pop-up messages with advertisements or hijack your web browser. A common adware program might redirect your internet searches to a look-alike web page that contains product promotions.
- Spyware: the most common type of spyware is software that logs keystrokes on a system to gain access to passwords. Other types include software that silently enables your computer's video camera or microphone and records you.
- Rootkit: these are nasty infections that are designed to provide continued administrator-level access to a computer system while actively hiding it's presence. These are typically deeply embedded in the system and are extremely difficult to detect and remove.
- Scareware: this type of malware preys on your emotions and tries to trick you into giving a malicious actor your money or access to your computer. The most common variant is known as 'Fake AV' where your system pops up a message claiming that your system is infected with a virus and that you need to call tech support immediately. If you do call, they will try to convince you to buy additional software or support, or ask for access to your system which allows them to install additional malware.
How to Protect Yourself
- Run anti-malware software on all your devices (including Macs!). Running anti-malware software and keeping it up to date is the most effective defense against malware. You should use anti-malware software on all devices, including Macs. McAfee VirusScan is available to all registered students, staff and faculty at no cost. Get a copy of McAfee VirusScan from the CCS Software Distribution site or contact the CCS Help Centre to receive help downloading and installing it (contact info below).
- Only install software from legitimate and trusted sources. Trojans are very common in software downloaded from peer to peer networks or other download sites. Always purchase software from known and reputable sources to protect your devices and data.
- Practice safe browsing habits. Keep your browser patched, don't click on pop-ups, use a pop-up blocker, avoid clicking on unknown links, and only visit known and trustworthy sites.
- Ask for help if you notice odd behaviour on your system. If you start seeing random pop-up messages or you see a noticeable drop in performance on your device, those could be signs of malware.
How to Get IT Help
CCS provides central computing support to all members of the University community. You can reach them through one of the following methods of contact:
- Hours are Monday to Friday from 8:30 AM to 4:45 PM. (4:30 PM during University summer hours) Closed weekends and holidays.
- Phone: 519-824-4120 Extension 58888
- Email: send your questions to firstname.lastname@example.org and we will usually reply within one to two business days.
- In Person: the CCS IT Help Desk is located on the main floor of the McLaughlin Library.
Written by: Stephen Willem (Manager, Information Security)