“Malware, short for “malicious software,” includes any software (such as a virus, Trojan, or spyware) that is installed on your computer or mobile device. The software is then used, usually covertly, to compromise the integrity of your device. Most commonly, malware is designed to give attackers access to your infected computer. That access may allow others to monitor and control your online activity or steal your personal information or other sensitive data.”
Most cybercrime starts with malware. Malware, short for “malicious software,” includes any software (such as a virus, Trojan, or spyware) that is installed on your computer or mobile device. The software is then used, usually covertly, to compromise the integrity of your device.
Most commonly, malware is designed to give attackers access to your infected computer. That access may allow others to monitor and control your online activity or steal your personal and sensitive information like your Social Security number, passwords, credit card information, or bank account information, to commit fraud.
Once cybercriminals have your personal information, they can use it for identity theft, credit card fraud, spamming, and spreading malware to other machines.
There are many unique types of malware that can infect your computer. Below is more information about a few of the more common types:
Adware: a type of software that downloads or displays unwanted ads when a user is online or redirects search requests to certain advertising websites.
Botnets: networks of computers infected by malware and controlled remotely by cybercriminals, usually for financial gain or to launch attacks on websites or networks. Many botnets are designed to harvest data, such as passwords, Social Security numbers, credit card numbers, and other personal information.
Ransomware: a type of malware that infects a computer and restricts access to it until a ransom is paid by the user to unlock it. Even when a victim pays the ransom amount, the stolen files could remain locked or be deleted by the cybercriminal.
Rootkit: a type of malware that opens a permanent “back door” into a computer system. Once installed, a rootkit will allow additional viruses to infect a computer as various hackers find the vulnerable computer exposed and compromise it.
Spyware: a type of malware that quietly gathers a user’s sensitive information (including browsing and computing habits) and reports it to unauthorized third parties.
Trojan: a type of malware that disguises itself as a normal file to trick a user into downloading it in order to gain unauthorized access to a computer.
Virus: a program that spreads by first infecting files or the system areas of a computer or network router’s hard drive and then making copies of itself. Some viruses are harmless, others may damage data files, and some may destroy files entirely.
Worm: a type of malware that replicates itself over and over within a computer.
How do you get malware?
Search engine poisoning is listed as the predominant way of malware delivery with fake sites manipulating searches so they show up at the top of your results list, followed by email which can provide malicious links, then social networking that provides links and downloads that can be shared.
Clicking on links to harmful websites, infected downloads of bundled free software that may include toolbar add-ons and other apps, file sharing, and removable media are all ways to get malware. And if you have multiple computers or other devices on your home network, just one infected computer can spread to all other devices.
How do you avoid it?
There are simple steps you can take to avoid malware, like having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. And keeping the software on your device up-to-date will prevent attackers from being able to take advantage of known vulnerabilities that could affect the software.
Being wary of any communications that implore you to act immediately, offers something that sounds too good to be true, scaring you into clicking on links, or asks you for personal information.
Using strong passwords that you change regularly and opting to enable multi-factor authentication on your accounts with sensitive information, including your email will also help protect you. It helps verify a user has authorized access to your online accounts.
Additionally, regularly backing up your important files which can minimize the risk of losing all your data, or of a complete systems failure that malware can cause.
IF YOU’VE BEEN COMPROMISED
Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist. If your computer has been compromised by malware, you can either consult with a reputable security expert to assist in removing the malware or use a legitimate program to help eliminate the infection. Some legitimate programs are:
- F-Secure: http://www.f-secure.com/en/web/home_global/ online-scanner
- McAfee: http://www.mcafee.com/stinger
- Microsoft: http://www.microsoft.com/security/scanner/en-us/ default.aspx
- Sophos: http://www.sophos.com/VirusRemoval
- Trend Micro: http://www.trendmicro.com/threatdetector1
These programs are only examples and do not constitute an exhaustive list.
The list below outlines the government organizations that you can file a complaint with if you are a victim of cybercrime.
US-CERT.gov Report computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or www.us-cert.gov.
IC3.gov File a complaint with the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), at www.IC3.gov.
FTC.gov If you think your computer or mobile device has been infected with malware, report it to the Federal Trade Commission at www.ftc.gov/complaint.
SSA.gov If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271. For additional resources, visit the SSA at http://oig.ssa.gov/report-fraud-waste-or-abuse.