Our businesses (and our lives) are connected to the Internet in more ways than ever before, and it shows no signs of slowing down. We depend on having online access every day for even the most basic functions of doing business. This increased dependency on the web has brought increases in efficiencies, productivity, and malware. Malware is malicious software programs designed to harm systems, steal data, or spy on browsing behavior. The threat to your business is serious and could result in significant loss of sensitive information and money. It is good to have a basic knowledge of the common types and how they can harm your company’s network.
There are several different types of malware, each with different purposes, characteristics, and capabilities. Here are the basic types:
Viruses and Worms
A virus is designed to copy itself and spread from computer to computer through documents, programs and code, script files, and vulnerabilities in web apps. They can be used to steal information, harm computer systems and networks, and steal money, among other things.
Similar to a virus and sometimes considered a subset of viruses, worms are among the most widespread types of malware. They spread themselves by exploiting vulnerabilities in operating systems and usually consume bandwidth and overload internet servers. They can also be designed to steal data, delete data, or create botnets (a network of private computers controlled as a group without the owners’ permission, through malware). A worm can spread itself without human activity, unlike a virus. You may have experienced an email sent out from your address to everyone in your address book that you didn’t send. This was likely the work of a worm.
Spyware and Adware
As the name suggests, spyware is designed to spy on your activity without you knowing it. It often comes bundled with either a legitimate program or with a Trojan. It can be used to monitor your activity, collect keystrokes, and harvest data like logins, passwords, account information, and financial data. Spyware can also interfere with network connections and modify security settings.
Adware, as its name implies, is designed to interrupt you with advertisements automatically. It is often bundled with seemingly free versions of programs and created by advertisers to generate revenue. By itself, adware is annoying, but harmless such as pop-up ads. However, it is often also bundled with spyware, creating a much more dangerous combination.
Trojans and Ransomware
A Trojan appears to be a regular, legitimate program or file so you feel comfortable downloading it. In reality, it gives a third party remote access to your computer, enabling them to take control with malicious intent. They can steal logins, financial data, and electronic money. They can install further malware, monitor your activity, modify files, and control botnets while remaining hidden.
Ransomware in effect “kidnaps” your computer and demands a ransom to release your system from captivity. A common kidnapping method is encrypting your files until you send the malware author the ransom money. Ransomware normally spreads in the same manner as a worm. It can be downloaded with another file or through exploiting a vulnerability in your network.
Rootkits and Bots
Rootkits continually hide and are virtually undetectable by common security products. They are used to remotely access and control your computer without detection. It can be used to execute files, install hidden malware, control your computer (as part of a botnet), make modifications to software, and even access sensitive information. The only way you can protect your business from this threat is to always keep all your software, browsers, operating systems, and security products up to date.
Bots are created to automatically execute certain operations and are often used for harmless activities such as gaming. They can, however, also be used in botnets, attacks on servers, spamming advertisements, and spreading malware. Bots are the reason many websites utilize tests with random characters to make sure you are human.
Detection and Prevention
One critical component of both detecting and preventing malware attacks is educating your employees. They need to be aware of some of the common ways malware is spread such as phishing email scams, fake websites, and bundled downloads. It is also advisable to keep everything up to date and current with web browsers, software, security products, and operating systems. Many types of malware are designed to exploit bugs and weaknesses that are patched with the latest updates. Make sure you have a good firewall and quality antivirus and anti-spyware software in use across your network. A data breach could cost your company, and potentially your employees, the loss of sensitive and valuable information, time, and significant money. For further information on the threat of malware for businesses and how you can protect your company from future threats, Contact Us.