Malware

Malware attacks: What you need to know

Malicious software, more commonly known as malware, is a threat to your devices and your cybersecurity. It’s software that cyber attackers develop to gain access or cause damage to a computer or network, usually without the victim’s knowledge.

Although your computer may be infected through less complicated means — such as clicking on infected email attachments — it’s smart to know about the more elaborate types of attacks cybercriminals use to try to access your personal information.

What is a malware attack?

A malware attack is when cybercriminals create malicious software that’s installed on someone else’s device without their knowledge to gain access to personal information or to damage the device, usually for financial gain. Different types of malware include viruses, spyware, ransomware, and Trojan horses.

Malware attacks can occur on all sorts of devices and operating systems, including Microsoft Windows, macOS, Android, and iOS.

At least one type of malware attack is growing. Mobile ransomware attacks increased by a third in 2018 from the previous year. Most of those attacks occurred in the United States.

Types of malware attacks

Malware attacks seem to get more sophisticated every year. Because malware is often difficult to detect, and devices are typically infected without the user even noticing, it can be one of the primary threats to your personal information and identity that you must be on guard for.

Here are some of the most common types of malware attacks and the cybersecurity threats they present.

Exploit kit

Exploit kits are malicious toolkits that attackers use to search for software vulnerabilities on a target’s computer or mobile device. The kits come with prewritten code that will search for vulnerabilities. When a vulnerability is found, the kit can inject malware into the computer through that security hole. This is a highly effective malware attack variety, and one of the reasons why it is so important to run software updates as soon as they become available in order to patch security flaws.

Malicious websites and drive-by-downloads

A drive-by-download is a download that occurs when a user visits a malicious website that is hosting an exploit kit for malware attacks. There is no interaction needed on the user’s part other than visiting the infected webpage. The exploit kit will look for a vulnerability in the software of the browser, and inject malware via the security hole.

Malvertising

Malicious advertising — malvertising, for short — is a threat that’s popular among cybercriminals. The cybercriminal will purchase legitimate advertising space on legitimate websites, but malicious code will be embedded within the ad. Similar to a drive-by-download, there is no interaction needed on the user’s part to download the malware and be impacted by this kind of malware attack.

Malvertising is different from adware — another type of malware — that can display unwanted advertisements or content on your screen when you browse the web.

Man-in-the-middle (MitM) attack

A man-in-the-middle attack employs the use of an unsecured, or poorly secured, usually public Wi-Fi router. The hacker will then scan the router using special code looking for certain weaknesses such as default or poor password use.

Once the attacker has found the vulnerability, they will then insert themselves in between the user’s computer and the websites that user visits and intercept the messages or information being transmitted between the two, such as passwords or payment card data.

Man-in-the-browser (MitB) attack

This is similar to a man-in-the-middle attack attack. All an attacker needs to do is inject malware into the computer, which will then install itself into the browser without the user’s knowledge. The malware will then record the data that is being sent between the victim and specifically targeted websites.

Once the malware has collected the data it was programmed to collect, it transmits that data back to the attacker. While the two attacks have the same goal, this attack is simpler in nature, because the attacker does not need to be within physical proximity of a router as in the man-in-the-middle attacks.

Social engineering and malware attacks

Social engineering is a popular malware delivery method that involves the manipulation of human emotions. Social engineering uses spam phishing via email, instant messages, social media, and more. The goal is to trick the user into downloading malware or clicking a link to a compromised website that hosts the malware.

Often, the messages come in the form of a scare tactic, stating that there is something wrong with an account, and that the user should immediately click on the link to log into their account or download an attachment that conceals malware.

The link will lead the user to a copy of the legitimate website, in the hope that the user will enter their credentials for the site so they can be taken by the cybercriminal.

What should I do about malware attacks?

Malware is a fact of life on the internet and all connected devices. But there are actions you can take to avoid malware attacks. Here are some important ones.

Keep your software updated

Software updates are important because they repair security holes that have been discovered, and fix or remove computer bugs. It’s smart to run software updates as soon as they become available.

Back up your files regularly

Regularly copy your data to an external hard drive or a reputable cloud storage provider in case it’s ever compromised in a malware attack. Back up the data on all of your devices, including your tablets, computers, and smartphones.

Scan executable files before running them

“Executable” files, which end in “.exe.”, contain step-by-step instructions for a computer to carry out a function. Double-clicking the .exe file will trigger your computer to execute these instructions using a software program.

There are plenty of software options that contain antivirus software, but it’s a good idea to choose one that scans in real-time rather than manually.

Victim of a data breach? LifeLock monitors for identity theft and threats.

Norton joined forces with LifeLock, we offer a comprehensive digital safety solution that helps protect your devices, connections and identity.


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.