Never be the bait: Stay aware of malware

Working on a computer without sufficient anti-virus software is like going shark cage diving without the cage. It’s a digital suicide mission.  

With malware scams on almost every platform parading as innocent, useful things like extensions, news clips or a simple email, you can’t avoid malware threats. Therefore, the only action you can take is to make sure your computer is wearing the right armour and equip yourself with a little knowledge. Let’s dive into some of the threats that we’re facing more and more each day.  

What is malware? 

Malware is an abbreviated form of “malicious software.” It’s designed to gain access to your computer and either spy, damage ransom or infect it. It’s nasty pieces of code hellbent on causing trouble and ruining people’s lives.  

Used for vandalism and destruction, much of malware today is created to make a profit from:  

  • Forced advertising (adware) 
  • stealing sensitive information (Spyware) 
  • Spreading email spam or pornographic content (zombie computers) 
  • Or extorting money (ransomware) 

What makes your Computer Vulnerable to Malware? 

Various factors can make computers more vulnerable to malware attacks, including:  

  • defects in the operating system (OS) design,  
  • all of the computers on a network running the same OS,  
  • giving users too many permissions,  
  • a computer runs on a particular operating system, such as Windows, for example. 

How to Protect yourself from Malware 

The best protection from malware — whether ransomware, bots, browser hijackers, or other malicious software — continues to be the usual, preventive advice: be careful about what email attachments you open, be cautious when surfing by staying away from suspicious websites, and install and maintain an updated, quality antivirus program. 

Clickbait: Social Media Scams and Malware 

You’ve heard of the term “clickbait” but what you don’t know is that it’s a mild form of malware called grayware. It doesn’t really do any physical damage to your data as other malware can. Instead, it simply presents itself as very annoying matter, such as adware and spyware.  

Where Does Clickbait exist? 

You’ll find it all over social media or at least the news sites that social media directs you to. An enticing article will lead you to a website that asks that you fill out a quick survey before accessing the media. That information is then collected and sold to other cyber criminals and can be used in attempts to hack into your personal accounts.  

In addition to grayware running rampant on these platforms, there are also high risks of encountering dangerous malware across social networks. When the television show, “Breaking Bad”, was in its heyday, there was a popular Twitter scam making the rounds. Links were posted luring users to download a leaked copy of the next unaired episode. Following the link led the user to a page where a file is downloaded. The page directed users to another link to install a program that would allow them to play the video. The link sent users to an affiliate program, which was how the spammers made money. Granted, this scam seemed harmless to the user’s computer, however, there are other instances where what is downloaded can be a dangerous malware program.  

How to Protect yourself from Greyware 

Always use caution when clicking on unknown links and attempting to download unknown files. 

Malvertising and Exploit Kits 

Exploit kits are generally what they sound like – a malicious toolkit that searches your computer for software that has not been updated. These kits look for security holes in software with the goal of implanting malware on the user’s machines. This can happen by visiting websites that have malvertising on them. Malvertising can be found on any website, trusted or unknown, and it uses online advertising by embedding malicious code in legitimate advertisements.  

Recently, Yahoo was a target of this by hosting malicious ads that redirected users to websites hosting these kits. Exploit kits are not always found in malvertising, however. The popular men’s website Askmen.com was recently compromised to redirect users to a site hosting an exploit kit. This is why it is very important to make sure all of your software is up to date. 

Mobile Ransomware 

Ransomware on computers isn’t a new threat, but recently it has started to migrate to popular mobile platforms. Ransomware is a program that will target important files such as photos and documents and encrypts them, blocking the user from accessing them. The user is then sent a message demanding payment to unlock the files. Earlier this year, the first versions of mobile ransomware were spotted in the wild. The ransomware is contracted by visiting an infected site and then is automatically downloaded to the phone, or by downloading a malicious app.  

What to do if your mobile device is infected with ransomware? 

If your device becomes infected, do not pay the fee! Instead, make sure you get in the habit of regular backups and restore your phone from the most recent backup.  

Online Gaming Malware Attacks 

There have been a few instances of gaming malware in the media lately. One that may not cost you money, but it can cost you the many hours you’ve spent building up your characters.  

Twitch.tv, a website used to stream live gameplay was recently infiltrated by a bot in their chat rooms that lured users using raffles. Upon clicking the link to enter the raffle, a Java form displays a phony raffle form. After filling out the form, the malware installs itself on the user’s computer, targets the user’s Steam account and then wipes out the entire Steam wallet and inventory. In turn, the cyber criminals will sell the user’s items on the Steam community for money.  

Similarly, there was an issue with a malicious trojan in the popular World of Warcraft game, masquerading as a legitimate game add-on. Once installed, the trojan completely takes over the user’s account. It is highly recommended that users not disable their antivirus programs when playing online games. 

Browser Extension Adware and Malware 

Browser extensions are a very popular add-on used for a multitude of tasks while surfing the Internet. However, you may not be aware that some of them might be stealing your information!  

Some malicious extensions will either track every site you visit or inject adware into those sites. While this is not a huge concern as far as what this will do to the data on your computer, it is a large privacy concern.  

Attackers can use these extensions to perform click fraud by adding rogue ads to websites and redirecting you to those sites. Although this is lower on the threat level, this newer form of malware is evolving into something much more invasive. As a matter of fact, the European Union Agency for Network and Information Security (ENISA) has warned that there has been an increase in malicious browser extensions that are aimed at taking over social network accounts. Although they’re not at the top of the threat list, they are something to keep an eye on. 

This article is a general information sheet and should not be used or relied upon as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your financial adviser for specific and detailed advice. Errors and omissions excepted (E&OE)