IT Disasters in Focus: Malware

IT Disasters in Focus: Malware

March 17

In each edition of IT Disaster in Focus, we explore some of the biggest, most annoying, and costly IT disasters you can encounter.

IT disasters take many forms. In a previous post, Casey examined how user error and how it can lead to downtime and general chaos behind the scenes. One example he gave was an administrator failing to take the measures needed to ward off malware. We’ve set up the perfect segue into our next IT disaster in the spotlight, so let’s get to it!

What is malware?

Malware is one of those terms that I often heard a lot about, but didn’t fully understand. An abbreviated form of the terms of “malicious software”, malware is software designed with the sole purpose of invading a computer system without the user’s knowledge or consent. While people often refer to any malicious software as a virus, malware is far more complex. In fact, viruses, worms, Trojans, and spyware are all members of the malware family.

Malware supposedly began as a gag. Aspiring programmers wrote viruses to annoy users and see how far they could spread. Harmless pranks became serious security threats with the rise of the Internet, e-commerce, and online banking. As such, certain types of malware are scripted with specific intentions in mind. For instance, a keylogger, a form of spyware, may be designed to capture key strokes as a user enters data on an infected computer. In this scenario, usernames, passwords, and other confidential information can be stolen without the user suspecting a thing.

How often does malware occur?

While it’s difficult to identify occurrence rates in metrics such as hours, days, etc., malware statistics are mind boggling no matter how you measure them. A recent report by security expert AV-Test revealed that year-over-year malware detections increased by an alarming 72 percent from 2013 to 2014. On the firm’s website, where it tracks malware statistics, trends, and news, AV-Test notes that it registers more than 390,000 new strains of malicious software each day.

Designed with different functions and goals in mind, some types of malware are more popular than others. According to a report by security software firm PandaLabs, Trojans are the most common, accounting for 78 percent of samples discovered in the third quarter of 2014. Similar to the mythical wooden horse the Greek Army presented as a gift to fool and infiltrate the city of Troy, Trojans often masquerade as harmless and desirable items. Unfortunately, what appears to be a useful program is actually an infectious intruder that can open the gates for other threats to invade your systems.

Who (or what) causes malware most?

Malware infections have a number of root causes. However, most of them can be traced back to good ol’ user error. I’ll explain in breaking down the most common of those causes:

Infected websites. I contracted my first of too many malware infections by visiting a shady wrestling news site. After clicking a friendly looking banner, my desktop was suddenly bombarded with ads popping up faster than I could click away. Some websites unknowingly harbor malware from unscrupulous third-party ad partners. Others are straight rogue and designed to infect all visitors.

Email attachments. Viruses propagate quickly by manipulating the email system we use on a daily basis. Once you open a malicious attachment, you can trigger a payload that not only compromises your system, but forwards itself to everyone on your contact list. Support for a variety of file formats and features that automatically download attachments make email a haven for virus authors.

Outdated software. Old, outdated software leaves users and networks vulnerable to security threats. In recent times, malware writers have put emphasis on targeting outdated operating systems and applications in hopes of exploiting holes left uncovered. As we learned in a previous post, the cost of unpatched software can be severe when industry compliance comes into play.

File sharing. Despite being incredibly convenient, file sharing is associated with major security issues. The peer-to-peer concept it leverages is built on granting unchained access to all systems in the network, which makes it fairly easy for havoc to spread. Indulging in file sharing can lead to fraud, identify theft, and a host of other problems that make a sluggish network the least of your worries.

What else do we need to know about malware?  

Lock your systems down with software that not only protects against viruses, but other malicious programs as well. New malware is introduced all the time so keep it fresh with regular updates.

Never open email attachments from people you don’t know, and be cautious of those from people you do. I receive spam sent in the name of people I know all the time.

Surf the web with caution and be careful about what you click and download on your system.

Keep your software updated with the latest security features and fixes. Vendors update their software for a reason, so don’t get caught running something malware makers have already rendered vulnerable.

Malware is one of the biggest threats to individual PC users and companies alike. But unlike user error, which is heavily tied to the human nature we just can’t shake, this is something you can prevent.

Photo Credit: EFF Photos via Flickr