Skip to main content

The top 10 things you need to know about malware

Malware – no computer wants it but researchers estimate that the majority of computers have it. But what is malware and what makes it so particularly bad for your PC? Short for "malicious software," malware refers to programmes designed to damage or do other unwanted actions on a computer system. Here are the top 10 things you might not know about malware but should:

1. A virus and malware are not the same thing - computer viruses are small programmes or scripts that can negatively affect the health of your computer. These programmes can create files, move files, erase files, consume your computer's memory, and cause your computer not to function correctly. Some viruses can duplicate themselves, attach themselves to programmes, and travel across networks.

2. New variants and mutations of malware are being released at at least double the speed that software is built to remove them.

3. Myth – you can't catch something merely by visiting a website. Reality - a "drive-by" is programme that is automatically installed in your computer by merely visiting a website, without having to explicitly click on a link on the page. Typically, they are deployed by exploiting flaws in the browser and operating system code. Combat drive-by malware by keeping your browser up to date.

4. As of May 2013, there were approximately 22,950,378 viruses and pieces of malware being detected each day - an increase of over five million since April 2012. It looks like the problem is getting worse, not better.

5. Beware of packages that come from strangers - one of the top social engineering tactics used by the bad guys in email is to send you a notice that you've received a package. If you don't recognise the sender, you may want to delete the email or copy down the reference number, if there is one, go to the site and then enter it. If you receive an email from a name you don't recognise, be wary of opening any attachments.

6. Beware clicking on links that offer to take you to videos of recent "disasters" - most recently, spammers took advantage of the attention garnered by the Boston Marathon bombing and the fertiliser plant explosion in Texas, and used two major botnets to inundate users with messages purporting to link to videos of the tragedies. People who followed the link had several pieces of malware installed on their laptops.

7. As of January 2013, there were over 350,000 pieces of malware targeting Google's Android mobile operating system and experts estimate they expect the figure to reach one million later by the end of the year.

8. Another particularly nasty piece of malware is known as 'ransomware'. One example of ransomware was the MoneyPak scam in the US, in which a fake FBI alert appeared on a user's computer screen saying that their system was being blocked due to a copyright law violation. The alert attempted to trick users into believing that they had illegally visited or distributed copyrighted content such as films, music, and software. The user's system was then completely locked down - services would only return to normal after a $200 (£130) 'fine' was paid. The fine is, of course, a ransom fee and is going to the cyber-criminal, not the FBI.

9. A renowned phishing page called Loyphish disguises itself as a legitimate banking webpage and attempts to trick users into filling in their confidential banking information into an online form. Unsuspecting victims thought they were submitting their information confidentially to the bank but they were actually submitting their information to a cyber criminal.

10. The amount of Mac-specific malware remains fairly small in comparison with other platforms. However, the figure is currently on the rise and it is only going to get worse. Hackers originally targeted Windows because of the huge number of users; however, as Mac OS X and now iOS enjoy improved market share, things are likely to change. In May 2013, researchers uncovered the Hangover malware, which was involved in high-profile attacks on governments. Researchers predicted the attack had been going on for over three years and that it was thought to be the act of a private-sector group.

As you can see, malware comes in all shapes and sizes and is often full of lots of nasty surprises. It is therefore recommended that if you feel suspicious about something online, the best option is to steer well clear of it. Installing a good antivirus is also advised but users should not solely rely on this for protection – it is up to you as well. After all, your first line of defence is always yourself.

Brian Laing is VP at AhnLab, a security research and product development company that creates agile, integrated Internet security solutions for consumers and businesses.