Indicators of Malware

in #cybersecurity7 years ago (edited)

Signs of Malware

Introduction:

This article is intended to help you spot the indicators of malware to improve the chances of malware being identified.

What is Malware?

Malware means malicious software. It is an all-encompassing term for all different types of cyber threats ranging from viruses (self-replicating code which makes copies of itself) to rootkits (a collection of tools used to gain administrator access to a computer or computer network). Often these terms are used interchangeably.

Malware is malicious and cause massive amounts of harm such as:

• Collect login IDs and passwords to gain access to accounts (for example to a bank account).
• Encrypt files which will make the files inaccessible to the user unless they pay the cybercriminals for a decryption key (this is commonly known as ransomware). An example of a notable incident of this in 2017 was the NHS Wannacry attack which left many of NHS’s services immobilized

Article on Wannacry attack: http://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-everything-need-know-biggest-ransomware-offensive/

Ransomware scenario:

  1. User receives an email with a malicious attachment
  2. User unwittingly clicks the malicious attachment
  3. The attachment executes malicious code on the PC
  4. Files on the PC and network are encrypted as a result of the executed code
  5. A message pops up demanding money in return for the decryption key
  6. At this point it a decision is made whether to pay the ransom or restore from backups
  7. Lengthy downtime ensues to decrypt the files and restore the network

Indicators of Malware:

Malware is not designed to be caught but often there are indicators of its presence; this is due to the nature of how malware behaves and the PC resources it uses. For example, if a PC becomes suddenly slow this could be due to malware using PC resources in the background.

Indicators:

  1. Frequent popup advertisements
  2. Slow computer
  3. Changes to browser settings such as a new homepage, new toolbar, unwanted websites being accessed without your input
  4. PC crashing
  5. Unexpected rebooting
  6. Unfamiliar desktop icons
  7. Unfamiliar programs
  8. Files names changing
  9. Strange looking icons (for example smiley faces where you would expect a folder icon)
  10. Strange file names (for example: “!!!$%&23349494”)
  11. Programs or files disappearing for no apparent reason

Fundamentally any unexplained PC behaviour is a cause of concern. Having these indicators does not necessarily mean the PC has malware. For example, a PC which continually crashes often is the result of a hardware problem.

Conclusion:

The key take home message from this document is if you see any of these indicators of Malware make sure to investigate it!