The internet is undoubtedly one of the greatest things humanity has ever invented, but it’s also one of the scummiest, grossest places ever to be conceived. Home to trolls, drug dealers, human traffickers, and pedophiles, sometimes it’s surprising that you don’t get all grimy just by connecting to your wifi.
But of the many creeps and criminals that stalk the world wide web there is a particular variety that enjoys playing god by creating plagues and releasing them on the digital masses.
The perps that I’m talking about are hackers, real hackers in this case (many of the supposed hackers out there are just hacks that use tools created by others) who could have used their skills to become software developers and create products that improved the lives of everyday people – but instead decided to create malware, short for malicious software.
Responsibility is overrated right?
Well these hackers seem to think so, because instead of creating software that helps people they create malware that is designed to:
- Steal your secrets (usernames, passwords, credit card details, etc)
- Steal your personal information (name, DOB, address, government ID numbers) which they can use to steal your identity
- Encrypt all of your data to try and force you to pay a ransom to get it back
- Steal sensitive information (nude pics, private messages or emails, videos they record with your webcam) that they can use to blackmail you
- Use your computer to mine cryptocurrency
- Use your computer to launch attacks against other systems
- Display messages that trick you into clicking on malicious links
- Etc
As you can see there are many different applications for malware depending on what the creep in question is trying to achieve, but what actually is malware? Well just like there are many applications for malware there are also many types of malware that are used to accomplish these goals.
Malware generally falls into one of the categories below:
- Viruses – this software attaches itself to other existing applications and self-replicates or performs some other malicious action when that application is executed.
- Worms – this software is also self-replicating but does not require a host application. They generally spread through networks by exploiting security vulnerabilities.
- Fileless – true fileless malware does not write anything to the hard drive of the system it infects and instead lives in the working memory (RAM). This can make it difficult to detect as there is nothing for anti-virus programs to scan, however this also means it can be cleared from the system with a reboot.
- Rootkits – software that enables remote control of a computer allowing the attacker to spy on the user and deploy other types of malware.
- Trojans – like the mythical wooden horse of legend a trojan is malware that is disguised as legitimate or desirable software tricking you into letting it inside your defenses.
- Spyware – software that collects a user’s information without their consent. An example of this are keyloggers which is a type of spyware that records keystrokes in order to steal sensitive information (passwords, credit card details, etc)
- Ransomware – this malware will encrypt a user’s data so that the attackers can ask for a ransom from the victim in exchange for getting that data back.
Is malware still a problem?
If you are lucky (or unlucky) enough to remember a time before facebook and youtube, when the world was a simpler place and the dial up noise was still a thing. You may also remember that during this age of adventure you had to regularly clean out your PC because a bunch of random viruses, toolbars, and popups would inevitably spread through your entire system and slow your mighty 650MHz CPU down to a crawl.
The internet used to be a literal cesspool of bugs, viruses, worms, and trojans – but this doesn’t seem to be the case anymore…
You still hear about someone catching something nasty from time to time or maybe you lend your laptop to your 13 year old nephew and somehow it comes back more diseased than a 12th century leper – but for the most part unless you’re doing something really stupid viruses don’t seem to be much of a problem anymore.
But why?
Outside of the infinite graciousness of our benevolent tech overlords, there have been a number of key advancements in the computing space that have rendered malware, seemingly, less common:
- The Windows operating system has become significantly more secure (improving the codebase, firewalls, and implementing a sandbox architecture) and also comes with in-built antivirus (Defender)
- Browsers have become more secure by detecting and blocking insecure sites
- The majority of internet traffic is now split across just 20 or 30 websites that are incentivised to provide their users a safe browsing experience.
- All major email providers now scan for viruses before the email ever lands in your inbox.
- Insecure plugins like Adobe Flash have been discontinued.
- Security has become more embedded into software / hardware development
- Governments have been cracking down on malware and those who create and use it
- And probably some more reasons that I’m not aware of
Does that mean that malware is no longer a problem?
Not at all, just like in any other arms race as the defenders in this cyber war get more advanced, so do the attackers. In the early days malware was like carpet bombing, it would indiscriminately destroy anything that was unlucky enough to get in its way – but nowadays malware works much more like a guided missile or special operations task force and is much more targeted and often very difficult to detect until it’s too late.
And regardless of that at the end of the day the biggest security risk to any computer system is the person that uses it – if you have bad habits and insecure behaviors then it’s only a matter of time before you get infected.
So with that being said…
How do you “catch” malware?
“Two things are infinite, the universe and human stupidity, and I’m not sure about the universe”
-Albert Einstein
Old Berty was a really cheerful chap wasn’t he! But he does make a good point, as humans we all do dumb things that can sometimes have bad consequences, and so it goes with catching malware – bad habits and hygiene will inevitably lead to getting some nasty infections.
Thankfully good cyber hygiene doesn’t require a physics degree or a working understanding of general relativity, just do the following and you should be right:
- Update your operating system or browser (or any software for that matter) as soon as you can.
- Never download or use illegal or pirated software.
- Never open unsolicited texts / emails / messages / attachments / documents – if you don’t know who the sender is, don’t open or download it.
- Avoid torrenting files – unless you really know what you are doing (will cover this in a future post).
- Don’t click on random Google Ads, these are notorious for redirecting you to dodgy sites (even better, use an adblocker so you don’t have to worry).
- Stay away from dodgy websites (how do you know if a website is dodgy? – it has a weird or slightly incorrect URL / domain name, no padlock symbol, your browser displays a warning, lots of misspellings, overly generous deals, lots of popups, etc).
- Don’t click on random browser notifications.
- Never plug in random USBs.
Follow the above and you should avoid most of the nasties that are being spread through the interwebs.
However with that being said none of us are perfect and Albert thinks we are all stupid so you always be prepared for the worst – which is why you should raise your cyber defenses, be aware of the signs of malware, and know what to do if you get infected.
All of which will be covered in next week’s blog post. In the meantime if you would like to keep your online life safe and secure sign up to my email list below to receive my free guide “Hard to Hack: three simple steps to staying safe online”
Over and out.