Malware (malicious software)

Malware, or malicious software, is any program or file that is harmful to a computer user. Types
of malware can include computer viruses, worms, Trojan horses and spyware. These malicious
programs can perform a variety of different functions such as stealing, encrypting or deleting
sensitive data, altering or hijacking core computing functions and monitoring users' computer
activity without their permission.

Different types of malware contain unique traits and characteristics. Types of malware include:

 A virus is the most common type of malware which can execute itself and spread by
infecting other programs or files.
 A worm can self-replicate without a host program and typically spreads without any human
interaction or directives from the malware authors.
 A Trojan horse is designed to appear as a legitimate program in order to gain access to a
system. Once activated following installation, Trojans can execute their malicious functions.
 Spyware is made to collect information and data on the device user and observe their
activity without their knowledge.
 Ransomware is designed to infect a user's system and encrypt the data. Cybercriminals then
demand a ransom payment from the victim in exchange for decrypting the system's data.
 A rootkit is created to obtain administrator-level access to the victim's system. Once
installed, the program gives threat actors root or privileged access to the system.
 A backdoor virus or remote access Trojan (RAT) secretly creates a backdoor into an infected
system that allows threat actors to remotely access it without alerting the user or the system's
security programs.
 Adware is used to track a user’s browser and download history with the intent to display pop-
up or banner advertisements that lure the user into making a purchase. For example, an
advertiser might use cookies to track the web pages a user visits to better target advertising.
 Keyloggers, also called system monitors, are used to see nearly everything a user does on
their computer. This includes emails, opened web-pages, programs and keystrokes.
Phishing

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text
message by someone posing as a legitimate institution to lure individuals into providing sensitive
data such as personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and
financial loss.

1. DECEPTIVE PHISHING
The most common type of phishing scam, deceptive phishing refers to any attack by which
fraudsters impersonate a legitimate company and attempt to steal people’s personal information
or login credentials. Those emails frequently use threats and a sense of urgency to scare users
into doing the attackers’ bidding.

For example, PayPal scammers might send out an attack email that instructs them to click on a
link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake
PayPal login page that collects a user’s login credentials and delivers them to the attackers.

The success of a deceptive phish hinges on how closely the attack email resembles a legitimate
company’s official correspondence. As a result, users should inspect all URLs carefully to see if
they redirect to an unknown website. They should also look out for generic salutations, grammar
mistakes, and spelling errors scattered throughout the email.

2. SPEAR PHISHING
Not all phishing scams lack personalization – some use it quite heavily.

For instance, in spear phishing scams, fraudsters customize their attack emails with the target’s
name, position, company, work phone number and other information in an attempt to trick the
recipient into believing that they have a connection with the sender.

The goal is the same as deceptive phishing: lure the victim into clicking on a malicious URL or
email attachment, so that they will hand over their personal data.

Spear-phishing is especially commonplace on social media sites like LinkedIn, where attackers
can use multiple sources of information to craft a targeted attack email.

To protect against this type of scam, organizations should conduct ongoing employee security
awareness training that, among other things, discourages users from publishing sensitive
personal or corporate information on social media. Companies should also invest in solutions
that are capable of analyzing inbound emails for known malicious links/email attachments.
3. CEO FRAUD
Spear phishers can target anyone in an organization, even top executives. That’s the logic behind
a “whaling” attack, where fraudsters attempt to harpoon an executive and steal their login
credentials.

In the event their attack proves successful, fraudsters can choose to conduct CEO fraud, the
second phase of a business email compromise (BEC) scam where attackers impersonate an
executive and abuse that individual’s email to authorize fraudulent wire transfers to a financial
institution of their choice.

Whaling attacks work because executives often don’t participate in security awareness training
with their employees. To counter that threat, as well as the risk of CEO fraud, all company
personnel – including executives – should undergo ongoing security awareness training.
Organizations should also consider amending their financial policies, so that no one can
authorize a financial transaction via email.

4. PHARMING
As users become more savvy to traditional phishing scams, some fraudsters are abandoning the
idea of “baiting” their victims entirely. Instead, they are resorting to pharming – a method of
attack which stems from domain name system (DNS) cache poisoning.

The Internet’s naming system uses DNS servers to convert alphabetical website names, such as
“www.microsoft.com,” to numerical IP addresses used for locating computer services and
devices.

Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address
associated with an alphabetical website name. That means an attacker can redirect users to a
malicious website of their choice even if the victims entered in the correct website name.

To protect against pharming attacks, organizations should encourage employees to enter in login
credentials only on HTTPS-protected sites. Companies should also implement anti-virus
software on all corporate devices and implement virus database updates, along with security
upgrades issued by a trusted Internet Service Provider (ISP), on a regular basis.

5. DROPBOX PHISHING
While some phishers no longer bait their victims, others have specialized their attack emails
according to an individual company or service.
 Take Dropbox, for example. Millions of people use Dropbox every day to back up, access and
share their files. It’s no wonder, therefore, that attackers would try to capitalize on the platform’s
popularity by targeting users with phishing emails.

One attack campaign, for example, tried to lure users into entering their login credentials on a
fake Dropbox sign-in page hosted on Dropbox itself.

To protect against Dropbox phishing attacks, users should consider implementing two-step
verification (2SV) on their accounts. For a step-by-step guide on how to activate this additional
layer of security, please click here.

6. GOOGLE DOCS PHISHING

Fraudsters could choose to target Google Drive similar to the way they might prey upon
Dropbox users.

Specifically, as Google Drive supports documents, spreadsheets, presentations, photos and even
entire websites, phishers can abuse the service to create a web page that mimics the Google
account log-in screen and harvests user credentials.

A group of attackers did just that back in July of 2015. To add insult to injury, not only did
Google unknowingly host that fake login page, but a Google SSL certificate also protected the
page with a secure connection.

Spam
Spam refers to the use of electronic messaging systems to send out unrequested or unwanted
messages in bulk.
The difficulty with stopping spam is that the economics of it are so compelling. While most
would agree that spamming is unethical, the cost of delivering a message via spam is next to
nothing. If even a tiny percentage of targets respond, a spam campaign can be successful
economically.
1. PayPal Spam
Whether or not you use PayPal, you have likely received at least one PayPal spam message. In it,
a spammer impersonates PayPal and informs you that you have to log in to your account and
authorize some recent changes. If you click on the link included below the message, you will be
taken to a fake PayPal login page set up by the spammer to steal your password and withdraw
funds from your account.
2. Returned Mail Spam
When you send an email to a non-existent or inactive address, you will usually receive a delivery
fail receipt in your inbox. However, if you get a delivery fail receipt for a message you don’t
remember ever sending, it is very likely a fake message. Spammers may also attach a malicious
file and try to trick you into opening it by claiming that it contains your original message. If you
do, you may unknowingly install malware on your computer, thus giving your attacker access to
your browsing history and personal data.
3. Fake Response Spam
Fake response spam messages use the “Re:” prefix in the subject line to make you believe that
you’re receiving a response to an email you may have sent earlier. As soon as you open it,
however, you will see a message that has nothing to do with the subject line. Instead, it will
usually contain some poorly written promotional offer with calls to action and links that might
take you to malicious websites.
4. Social Media Spam
If you subscribe to email notifications from social media platforms, you may have been tricked
by social media spam in the past. Formatted just like the real thing, these emails inform you
about new messages, likes, and comments on your social media profile. As with PayPal spam,
these messages will also include a link that takes you to a fake login page designed to steal login
data from unsuspecting victims.
5. Rolex Spam
Rolex spam has been around for well over a decade and is perhaps the most common type of
junk mail. These emails typically link to malicious websites where – as stated in the messages –
the recipients can buy brand new Rolex watches at incredibly low prices. Spammers typically
launch these emails around the holiday season, especially around Thanksgiving and Black
Friday. That way, potential victims might not be able to tell them apart from genuine
promotional emails and may just end up clicking on the link.
MALWARE

The term malware is a contraction of malicious software. Put simply, malware is any
piece of software that was written with the intent of damaging devices, stealing data, and
generally causing a mess. Viruses, Trojans, spyware, and ransomware are among the different
kinds of malware. Malware is often created by teams of hackers: usually, they’re just looking to
make money, either by spreading the malware themselves or selling it to the highest bidder on
the Dark Web. However, there can be other reasons for creating malware too — it can be used as
a tool for protest, a way to test security, or even as weapons of war between governments.

1. Viruses

A computer virus is what most of the media and regular end-users call every malware
program reported in the news. Fortunately, most malware programs aren't viruses. A
computer virus modifies other legitimate host files (or pointers to them) in such a way that
when a victim's file is executed, the virus is also executed.

Pure computer viruses are uncommon today, comprising less than 10 percent of all malware.
That's a good thing: Viruses are the only type of malware that "infects" other files. That
makes them particularly hard to clean up because the malware must be executed from the
legitimate program. This has always been nontrivial, and today it's almost impossible. Th e
best antivirus programs struggle with doing it correctly and in many (if not most) cases will
simply quarantine or delete the infected file instead.

2. Worms

Worms have been around even longer than computer viruses, all the way back to mainframe
days. Email brought them into fashion in the late 1990s, and for nearly a decade, computer
security pros were besieged by malicious worms that arrived as message attachments. One
person would open a wormed email and the entire company would be infected in short or der.

The distinctive trait of the worm is that it's self-replicating. Take the notorious Iloveyou
worm: When it went off, it hit nearly every email user in the world, overloaded phone
systems (with fraudulently sent texts), brought down television networks, and even delayed
my daily afternoon paper for half a day. Several other worms, including SQL
Slammer and MS Blaster, ensured the worm's place in computer security history.

3. Trojans

Computer worms have been replaced by Trojan horse malware programs as the weapon of
choice for hackers. Trojans masquerade as legitimate programs, but they contain malicious
instructions. They've been around forever, even longer than computer viruses, but have taken
hold of current computers more than any other type of malware.

A Trojan must be executed by its victim to do its work. Trojans usually arrive via email or
are pushed on users when they visit infected websites. The most popular Trojan type is the
fake antivirus program, which pops up and claims you're infected, then instructs you to run a
program to clean your PC. Users swallow the bait and the Trojan takes root.

4. Hybrids and exotic forms

Today, most malware is a combination of traditional malicious programs, often including

parts of Trojans and worms and occasionally a virus. Usually the malware program appears
to the end-user as a Trojan, but once executed, it attacks other victims over the network like
a worm.

Many of today's malware programs are considered rootkits or stealth programs. Essentially,
malware programs attempt to modify the underlying operating system to take ultimate
control and hide from antimalware programs. To get rid of these types of programs, you must
remove the controlling component from memory, beginning with the antimalware scan.

5. Ransomware

Malware programs that encrypt your data and hold it as hostage waiting for a cryptocurrency
pay off has been a huge percentage of the malware for the last few years, and the percentage
is still growing. Ransomware has often crippled companies, hospitals, police departments,
and even entire cities.

Most ransomware programs are Trojans, which means they must be spread through social
engineering of some sort. Once executed, most look for and encrypt users’ files within a few
minutes, although a few are now taking a “wait-and-see” approach. By watching the user for
a few hours before setting off the encryption routine, the malware admin can figure out
exactly how much ransom the victim can afford and also be sure to delete or encrypt other
supposedly safe backups.

6. Fileless malware

Fileless malware isn’t really a different category of malware, but more of a description of
how they exploit and persevere. Traditional malware travels and infects new systems using
the file system. Fileless malware, which today comprises over 50 percent of all malware and
growing, is malware that doesn’t directly use files or the file system. Instead they exploit and
spread in memory only or using other “non-file” OS objects such as registry keys, APIs or
scheduled tasks.

7. Adware

If you're lucky, the only malware program you've come in contact with is adware, which
attempts to expose the compromised end-user to unwanted, potentially malicious advertising.
A common adware program might redirect a user's browser searches to look-alike web pages
that contain other product promotions.

8. Malvertising
Not to be confused with adware, malvertising is the use of legitimate ads or ad networks to
covertly deliver malware to unsuspecting users’ computers. For example, a cybercriminal
might pay to place an ad on a legitimate website. When a user clicks on the ad, code in the ad
either redirects them to a malicious website or installs malware on their computer. In some
cases, the malware embedded in an ad might execute automatically without any action fro m
the user, a technique referred to as a “drive-by download.”

9. Spyware

Spyware is most often used by people who want to check on the computer activities of loved
ones. Of course, in targeted attacks, criminals can use spyware to log the keystrokes of
victims and gain access to passwords or intellectual property.

Adware and spyware programs are usually the easiest to remove, often because they aren't
nearly as nefarious in their intentions as other types of malware. Find the malicious
executable and prevent it from being executed — you're done.

PHISHING

Phishing is a play on the word “fishing,” as it is a way of “throwing out bait” to see who bites.
Phishing is a method of sending a user (or many users) digital correspondence that appears
legitimate but is actually meant to lure a potential victim into providing some level of personal
information for nefarious purposes, including identity or monetary theft. The phishing scheme
could use email, text, or web page.
Phishing emails are the most notorious forms of phishing campaigns. The bad actor will send a
fake email that will contain links to false websites that appear to be associated with a legitimate
business, but is being used to gather anything from passwords, to social security or account
numbers. There are other forms of phishing campaigns and techniques that are used to track
potential victims, including vishing, SMiShing, spy-phishing, watering hole attacks, even spam.
SMS phishing (or smishing/SMiShing) is a phishing campaign that uses a bait text message to
lure potential victims. Spear-phishing uses an email that has more specific information than a
standard phishing email. The attacker will spend time researching the potential victims online
and social media presence to gather information that will allow them to create a false sense of
familiarity. Vishing uses telephone communications to social-engineer personal information. A
watering hole attack is focused on a particular group, eventually affecting members of that
group. Spam is a well-known email type, and spy-phishing is using a phishing method to install
spyware onto a potential victim’s computer.
Pharming is similar to phishing, with the same overall intent. Phishing is more of a social
engineering attack, whereas pharming uses sophisticated means to redirect traffic from one
website to another. Bad actors poison or corrupt DNS servers to compromise legitimate websites.
Both phishing and pharming are used to collect sensitive user information.
1. DECEPTIVE PHISHING
The most common type of phishing scam, deceptive phishing refers to any attack by which
fraudsters impersonate a legitimate company and attempt to steal people’s personal information
or login credentials. Those emails frequently use threats and a sense of urgency to scare users
into doing the attackers’ bidding.

For example, PayPal scammers might send out an attack email that instructs them to click on a
link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake
PayPal login page that collects a user’s login credentials and delivers them to the attackers.

The success of a deceptive phish hinges on how closely the attack email resembles a legitimate
company’s official correspondence. As a result, users should inspect all URLs carefully to see if
they redirect to an unknown website. They should also look out for generic salutations, grammar
mistakes, and spelling errors scattered throughout the email.

2. SPEAR PHISHING
Not all phishing scams lack personalization – some use it quite heavily.

For instance, in spear phishing scams, fraudsters customize their attack emails with the target’s
name, position, company, work phone number and other information in an attempt to trick the
recipient into believing that they have a connection with the sender.

The goal is the same as deceptive phishing: lure the victim into clicking on a malicious URL or
email attachment, so that they will hand over their personal data.

Spear-phishing is especially commonplace on social media sites like LinkedIn, where attackers
can use multiple sources of information to craft a targeted attack email.

To protect against this type of scam, organizations should conduct ongoing employee security
awareness training that, among other things, discourages users from publishing sensitive
personal or corporate information on social media. Companies should also invest in solutions
that are capable of analyzing inbound emails for known malicious links/email attachments.

3. CEO FRAUD
Spear phishers can target anyone in an organization, even top executives. That’s the logic behind
a “whaling” attack, where fraudsters attempt to harpoon an executive and steal their login
credentials.

In the event their attack proves successful, fraudsters can choose to conduct CEO fraud, the
second phase of a business email compromise (BEC) scam where attackers impersonate an
executive and abuse that individual’s email to authorize fraudulent wire transfers to a financial
institution of their choice.

Whaling attacks work because executives often don’t participate in security awareness training
with their employees. To counter that threat, as well as the risk of CEO fraud, all company
personnel – including executives – should undergo ongoing security awareness training.

Organizations should also consider amending their financial policies, so that no one can
authorize a financial transaction via email.

4. PHARMING
As users become more savvy to traditional phishing scams, some fraudsters are abandoning the
idea of “baiting” their victims entirely. Instead, they are resorting to pharming – a method of
attack which stems from domain name system (DNS) cache poisoning.

The Internet’s naming system uses DNS servers to convert alphabetical website names, such as
“www.microsoft.com,” to numerical IP addresses used for locating computer services and
devices.

Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address
associated with an alphabetical website name. That means an attacker can redirect users to a
malicious website of their choice even if the victims entered in the correct website name.

To protect against pharming attacks, organizations should encourage employees to enter in login
credentials only on HTTPS-protected sites. Companies should also implement anti-virus
software on all corporate devices and implement virus database updates, along with security
upgrades issued by a trusted Internet Service Provider (ISP), on a regular basis.

5. DROPBOX PHISHING
While some phishers no longer bait their victims, others have specialized their attack emails
according to an individual company or service.

Take Dropbox, for example. Millions of people use Dropbox every day to back up, access and
share their files. It’s no wonder, therefore, that attackers would try to capitalize on the platform’s
popularity by targeting users with phishing emails.

6. GOOGLE DOCS PHISHING

Fraudsters could choose to target Google Drive similar to the way they might prey upon
Dropbox users.
 Specifically, as Google Drive supports documents, spreadsheets, presentations, photos and even
entire websites, phishers can abuse the service to create a web page that mimics the Google
account log-in screen and harvests user credentials.

SPAM
The most common form of spam is email spam, but the term also applies to any message sent
electronically that is unsolicited and bulk. This includes: instant message spam, search engine
spam, blog spam, Usenet newsgroup spam, wiki spam, classified ads spam, Internet forum spam,
social media spam, junk fax spam, and so on.

2. PayPal Spam
Whether or not you use PayPal, you have likely received at least one PayPal spam message. In it,
a spammer impersonates PayPal and informs you that you have to log in to your account and
authorize some recent changes. If you click on the link included below the message, you will be
taken to a fake PayPal login page set up by the spammer to steal your password and withdraw
funds from your account.
3. Returned Mail Spam
When you send an email to a non-existent or inactive address, you will usually receive a delivery
fail receipt in your inbox. However, if you get a delivery fail receipt for a message you don’t
remember ever sending, it is very likely a fake message. Spammers may also attach a malicious
file and try to trick you into opening it by claiming that it contains your original message. If you
do, you may unknowingly install malware on your computer, thus giving your attacker access to
your browsing history and personal data.
4. Fake Response Spam
Fake response spam messages use the “Re:” prefix in the subject line to make you believe that
you’re receiving a response to an email you may have sent earlier. As soon as you open it,
however, you will see a message that has nothing to do with the subject line. Instead, it will
usually contain some poorly written promotional offer with calls to action and links that might
take you to malicious websites.
5. Social Media Spam
If you subscribe to email notifications from social media platforms, you may have been tricked
by social media spam in the past. Formatted just like the real thing, these emails inform you
about new messages, likes, and comments on your social media profile. As with PayPal spam,
these messages will also include a link that takes you to a fake login page designed to steal login
data from unsuspecting victims.
6. Rolex Spam
Rolex spam has been around for well over a decade and is perhaps the most common type of
junk mail. These emails typically link to malicious websites where – as stated in the messages –
the recipients can buy brand new Rolex watches at incredibly low prices. Spammers typically
launch these emails around the holiday season, especially around Thanksgiving and Black
Friday. That way, potential victims might not be able to tell them apart from genuine
promotional emails and may just end up clicking on the link.
Malware

The term malware is a contraction of malicious software. Put simply, malware is any piece of
software that was written with the intent of damaging devices, stealing data, and generally
causing a mess. Viruses, Trojans, spyware, and ransomware are among the different kinds of
malware.

Malware is often created by teams of hackers: usually, they’re just looking to make money,
either by spreading the malware themselves or selling it to the highest bidder on the Dark Web.
However, there can be other reasons for creating malware too — it can be used as a tool for
protest, a way to test security, or even as weapons of war between governments.

But no matter why or how malware comes to be, it’s always bad news when it winds up on your
PC. Fortunately, that’s what we’re here to prevent.

 Virus: Like their biological namesakes, viruses attach themselves to clean files and infect
other clean files. They can spread uncontrollably, damaging a system’s core functionality
and deleting or corrupting files. They usually appear as an executable file (.exe).
 Trojans: This kind of malware disguises itself as legitimate software, or is hidden in
legitimate software that has been tampered with. It tends to act discreetly and create
backdoors in your security to let other malware in.
 Spyware: No surprise here — spyware is malware designed to spy on you. It hides in the
background and takes notes on what you do online, including your passwords, credit card
numbers, surfing habits, and more.
 Worms: Worms infect entire networks of devices, either local or across the internet, by
using network interfaces. It uses each consecutively infected machine to infect others.
 Ransomware: This kind of malware typically locks down your computer and your files,
and threatens to erase everything unless you pay a ransom.
 Adware: Though not always malicious in nature, aggressive advertising software can
undermine your security just to serve you ads — which can give other malware an easy
way in. Plus, let’s face it: pop-ups are reallyannoying.
 Botnets: Botnets are networks of infected computers that are made to work together
under the control of an attacker.
Phishing

Phishing is the act of sending an email to a user falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into surrendering private information that will be used
for identity theft.

Phishing email will typically direct the user to visit a website where they are asked to update
personal information, such as a password, credit card, social security, or bank account numbers,
that the legitimate organization already has. The website, however, is bogus and will capture and
steal any information the user enters on the page (see "website spoofing").
Spam
Spam is an unsolicited email message that is automatically sent to a large number of addresses at
once. Commonly referred to as junk mail, spam is most often used for advertising purposes,
although some hackers may also use it to distribute malware. Read on to learn about the most
common types of spam and the ways to recognize spam emails.
Spamming (especially e-mail spam) is very common because of the economics. Spam
advertisers have little to no operating costs and so need only a minute response rate to make a
profit. Most spam are commercial advertising, but some contain viruses, adware, or scams.

Example of Spam
1.PayPal Spam
Whether or not you use PayPal, you have likely received at least one PayPal spam message. In it,
a spammer impersonates PayPal and informs you that you have to log in to your account and
authorize some recent changes. If you click on the link included below the message, you will be
taken to a fake PayPal login page set up by the spammer to steal your password and withdraw
funds from your account.
2.Returned Mail Spam
When you send an email to a non-existent or inactive address, you will usually receive a delivery
fail receipt in your inbox. However, if you get a delivery fail receipt for a message you don’t
remember ever sending, it is very likely a fake message. Spammers may also attach a malicious
file and try to trick you into opening it by claiming that it contains your original message. If you
do, you may unknowingly install malware on your computer, thus giving your attacker access to
your browsing history and personal data.
3.Fake Response Spam
Fake response spam messages use the “Re:” prefix in the subject line to make you believe that
you’re receiving a response to an email you may have sent earlier. As soon as you open it,
however, you will see a message that has nothing to do with the subject line. Instead, it will
usually contain some poorly written promotional offer with calls to action and links that might
take you to malicious websites.
4.Social Media Spam
If you subscribe to email notifications from social media platforms, you may have been tricked
by social media spam in the past. Formatted just like the real thing, these emails inform you
about new messages, likes, and comments on your social media profile. As with PayPal spam,
these messages will also include a link that takes you to a fake login page designed to steal login
data from unsuspecting victims.
5.Rolex Spam
Rolex spam has been around for well over a decade and is perhaps the most common type of
junk mail. These emails typically link to malicious websites where – as stated in the messages –
the recipients can buy brand new Rolex watches at incredibly low prices. Spammers typically
launch these emails around the holiday season, especially around Thanksgiving and Black
Friday.