What Is Malware and how does malware work? – Frequently Asked Questions

What is Malware and How Does Malware Work?

Short for ‘malicious software’, malware constitutes any program or file that is harmful to a computer user. Malware is a blanket term for disruptive and damaging software, and covers many different types of threats to your computer safety; such as viruses, spyware, ransomware, adware, worms, Trojans and rootkits.

Every day, the independent IT security institute, AV-TEST registers over 350,000 new malicious programs (malware) and potentially unwanted applications (PUA) highlighting how easily your computer could be infected with disruptive software.

How does malware work?

Depending on the intent of the author, malware can work in a number of different ways, performing a variety of functions such as hijacking the computer, encrypting, deleting data or simply monitoring computer activity without permission.

The goals of most malware authors is to make money from their program, either by extracting payment from their target in exchange for the return of access to their computer (ransomware), or by selling their software to the highest bidder on the dark web.

One of the most high profile examples of a malware attack in recent years was the WannaCry ransomware attack, which affected users worldwide by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

More than 200,000 computers were infected via phishing email, which exploited a vulnerability within Microsoft – with the NHS the most prominent victim of the attack with hospitals across the UK affected.

How does malware work its way into your computer?

There are numerous ways that malware can find its way on to your computer, with the common causes including;

• Online Downloads – a frequent cause of malware entering your computer, malware authors hide damaging programs within download files, commonly in the form of Trojan horses that are activated after installation.
• Drive-by Downloads – unlike the above, drive-by downloads do not require consent to enter your computer, with triggers such as visiting a webpage enough for authors to commence a download.
• Removable Drives – infected removable drives, such as USBs and external hard drives, can be used to spread malware from one device to another without any online interaction taking place.
• Phishing – emails that are designed to have come from official sources, containing sensitive information such as delivery details, tax refunds, or invoices to encourage users to open and interact with them.

How does malware affect your computer?

The installation of malware can have a significant impact on your computer’s performance, as well as the privacy of your sensitive data, which can be potentially accessed by hackers.

With attacks where your computer is effectively ‘held hostage’ by hackers, it can be impossible to use your computer before an adequate ransom has been paid. New research from SentinelOne has revealed that ransomware attacks are costing individual businesses an average of £637,813.99 per annum, with another organisation calculating that ransomware costs businesses more than £64billion per year.

The average cost in time of a malware attack is 50 days – highlighting the seriousness that an infiltration can have on your business, significantly limiting productivity, performance and time and potential damage to brand reputation.

How can malware be prevented?

Fortunately, there are steps that you can take to protect yourself, and your business from the detrimental effects of a malware attack.

Installing anti-virus software will provide reactive protection for your computer but will fail to protect your network in the event of an attack – this is especially prevalent if your anti-virus software is not regularly updated to protect against the latest security threats.

Regular patching and updating your anti-virus software is important as well as updating your operating system, browsers, and plugins. As Windows users found out in 2017’s WannaCry ransomware attack, even small vulnerabilities can be exploited with devastating effect. Ensuring you have the latest security upgrades and patches will help provide some added protection for your devices.

It is also important to stay vigilant. If a website looks suspicious, don’t visit it. If an email looks too good to be true, it probably is. Especially with phishing emails, hackers will use similarly sounding email addresses to trick users, so always read who the email is coming from before clicking on it.

As cyber threats become more sophisticated, we advocate a layered security approach to provide better protection of your organisations IT assets and network. This approach will enable you to monitor, detect and remediate the different attack vectors and entry points ensuring that you have all bases covered.

With our proactive managed IT security service, we install, configure, monitor and manage upgrades to your organisation’s IT security, ensuring it’s providing the maximum defence for you and your business.

To learn more about how does malware work, how to protect your computer from malware, and how we can help keep your business’ IT secure and operational, speak to one of our expert consultants today.