7 Types of Malware and How They Attack Your Computer

Did you know that the first malware dates back to the 1970s, long before the internet even existed? Harmful computer codes and software were considered a prank in the early days of programming, but as our dependence on computers has grown, criminal attacks have become sophisticated and lucrative.

The term malware, short for ‘malicious software’, was first used by an early security researcher, Yisrael Radai, in the 1990s. It refers to any harmful program capable of controlling a computer, usually for the purpose of stealing sensitive information or destroying functionality. Destructive code can be hidden in any program, but today’s malware are most commonly delivered via the internet where criminals can conceal their identity more easily. Once hackers gain access to sensitive data, they use it for financial gain, or to destroy personal and professional reputation. At ReputationDefender, we help our clients safeguard their personal information with ongoing surveillance and privacy reporting. We also assist with removal and reputation rebuilding if you’ve already become a victim.

Antivirus and other software will protect against many types of malware, but hackers are constantly developing new programs and delivery techniques that will pass under the radar. Malware concealed in a harmless looking link can infect your computer almost immediately and be very difficult to get rid of.

Defining Malware

Today, there are so many different types of malware it’s hard to keep up with all the terms. These are seven of the most common malware and how they affect your computer.

  1. Viruses – just like a cold virus, a computer virus infects by reproducing, copying its source code until it can control the entire computer. This type of malware is delivered in a file attachment and it can also spread to other computers via corrupted files that you send. Today, viruses are frequently detected by antivirus software, so they are less common than they used to be.
  2. Worms – this is a ‘standalone malware’. Like a virus, a worm is self-propagating and can spread to other computers, but it infects networks rather than computer files.
  3. Trojans – like the famous story of the Trojan horse, this type of malware masquerades as a legitimate download, often an email attachment such as a routine form. Trojans don’t replicate themselves, but they do open a backdoor that will allow hackers to steal data from your computer.
  4. Ransomware – this type of malware will encrypt computer files so they are unreadable. Once the files are scrambled, the hackers will demand a ransom price in return for the key that can decrypt the data. This new type of malware has been on the rise over the past few years, with large scale attacks aimed at organisations that store a lot of valuable information, like hospitals and police networks.
  5. Spyware – this is a form of malware that will monitor your browsing activity and sometimes try to steal passwords. Spyware works similarly to adware, which is responsible for the annoying, but harmless, advertising that pops up on some websites or apps.
  6. Browser Hijackers – malware that will take over a browser, usually creating a new homepage and redirecting searches to pages you don’t want to visit.
  7. Rootkit – this is a term you’ve probably heard in relation to malware. A rootkit won’t actually harm your computer, but it will hide a virus or other malware from detection. Most major antivirus software now include rootkit removal.

Phishing Scams Target Some of the Biggest Online Brands

Amazon and PayPal are the best ways to make financial transactions online. WhatsApp is the secure messaging service with end to end encryption. Everyone uses Facebook and Gmail. What could go wrong?

If you think the best-known names on the internet are safe, it’s time to think again. Online criminals are getting smarter and sometimes the bigger the brand, the more worthwhile it is to invest in a scam that will actually fool people.

In the past, phishing emails were easy to spot, with bad grammar and spelling mistakes a native speaker wouldn’t make. Today, scammers not only use perfect English, they’ve often expertly matched the logo, style and URL, so it takes a careful comparison to see the difference. Meanwhile, legitimate sales platforms, such Facebook Marketplace, are full of people trying to convince you to hand over money for nothing in return.

Don’t assume anyone online is telling the truth unless you have verification from an independent source. It takes only a few seconds for hackers to steal financial details or infect your computer with malware that will allow them to access personal information. Help protect your privacy and safeguard the entire family’s reputation with ReputationDefender’s online privacy services. We’ll tell you about system vulnerabilities before they become a problem and help you deal with leaks after the fact. We’ll also keep you up-to-date on some of the most recent scams.

Companies to Double Check

Here are 6 well-known companies that have recently been targeted by scammers.

  • Amazon – Hackers have been sending convincing receipts for products that were never purchased complete with a link to follow if you want a refund. Don’t fall for it. Open a new browser window and sign into your real Amazon account to check your orders.
  • Apple – A group of scammers have been caught trying to convince people to pay off tax debt with iTunes gift cards. The message may come as a phone call, text or email claiming to be from the HMRC, but fraudsters ask for iTunes vouchers, which can be sold or traded anonymously, to pay off the overdue tax. The HMRC would never communicate in this manner and Apple doesn’t use iTunes as payment ‘outside of official stores’.
  • Facebook – Facebook Marketplace isn’t even a year old and it’s already full of scammers. Since there is no official payment method, it’s up to buyers and sellers to make an agreement. A number of fraudulent users have been insisting on payment via bank transfer, but once the money is turned over the product is never delivered and messages are blocked. Never agree to a bank transfer with someone you don’t know well; there are too many ways this can go wrong.
  • Google –A new Gmail scam has been scarily effective, even with tech savvy people who don’t usually fall for phishing. The trap appears to be an attached file from a contact, but instead it’s an embedded image which will take you to a Google sign-in window when you click on it. The window also appears legitimate, complete with ‘One Account, All of Google’ at the top of the page. However, once you enter your login details hackers have complete access to your account and start to target your contact list almost immediately. The only way to spot this scam is by noticing a subtle difference in the URL which begins with ‘data:text’ rather than ‘https’.
  • PayPal – Look for a warning that claims there’s been ‘unusual activity on your PayPal account’. The scammers have cleverly copied enough identifying marks to make the email look legitimate, but the clicking on the link will give them access to your account.
  • WhatsApp – WhatsApp users have reported messages claiming to offer free Sainsburys gift cards in celebration of new stores opening. Unfortunately the message has nothing to do with Sainsburys and clicking on the link will install malware that allows hackers to steal information from your phone.

New phishing scams appear all the time. Learning to recognise the signs will help protect your reputation and keep your information secure. For further questions or concerns about phishing scams, contact our experts at ReputationDefender.

Vulnerability Discovered – Why You Shouldn’t Use WhatsApp and Telegram on the Web

According to the Israeli security firm Check Point, even encrypted messenger apps like WhatsApp and Telegram can be penetrated by malware. Just this month, spokesperson Doros Hadjizenonos announced the firm had discovered a weakness in the web versions of these apps. The vulnerability allowed hackers to send a contaminated photo capable of infecting the entire account upon opening. Both companies have reacted immediately to patch the problem and users who have downloaded the latest version should be protected. However, security experts are still advising that high-risk individuals stick to the mobile version of WhatsApp and Telegram.

Encrypted Apps are the Secure Choice

Privacy and reputation go hand in hand. ReputationDefender clients include individuals and businesses working to build a positive web profile. A few personal details or a private message made public can quickly undo months of effort. With over 1 billion users, WhatsApp is the go-to messenger app and the announcement of ‘end-to-end encryption’ last year made it one of the more secure choices as well. A unique encryption key means no one but the intended receiver can unlock and read the message, not even WhatsApp itself. Meanwhile, the lesser known Telegram has been offering ‘Secret Chats’ that rely on a similar encryption key for several years.

What Went Wrong?

Unfortunately, in this case encryption created its own unique problem. Since the sender’s content was scrambled before upload, the app wasn’t always able to identify contaminated files. Hackers could conceal HTML code in a harmless-looking image and send it to an unsuspecting user. Opening the message in a web application would allow the malware to run immediately on the user’s browser, giving hackers access to the entire account: personal contacts, messages, images… everything.

Hadjizenonos has assured users that WhatsApp and Telegram both responded quickly and responsibly to Check Point’s warning. The input validation process has been improved to identify and block files containing malware on both web and mobile versions. As always, it’s important to download the latest updates immediately, since these often contain fixes for weaknesses and vulnerabilities that have just been discovered.

What’s Different with Web Apps?

The larger lesson is that the mobile versions of WhatsApp and Telegram are more secure than the web-based versions. Web apps use JavaScript which will input new code and overwrite functionality immediately. Mobile apps don’t support this ‘just-in-time’ compiling; changes much be downloaded and configured before installation. This means users are better protected from the type of vulnerability spotted by Check Point.

Although this particular risk has been eliminated, it won’t prevent hackers from discovering a new access point in the future. If your WhatsApp account contains data that could hurt you if it were made public, it’s best to avoid messaging on the web. Stick to mobile, where there’s an extra layer of security.

Combat Online Crime – Five Ways to Improve Your Company’s Cyber-Hygiene

Cyber-crime is a growing problem that has begun to invade almost every part of the internet. There are numerous ways criminals can attack individuals and businesses online, from traditional fraud or theft, to leaking personal data and hijacking websites through ransomware or distributed denial of service (DDoS) attacks. At ReputationDefender, we help businesses shore up their defenses against these threats which can damage the company’s reputation and leave its leaders struggling to regain control of personal data.

Unfortunately, not every battle is winnable. There are many targeted online attacks, called Advanced Persistent Threats (APT), which are carried out by a massive organization (often a nation-state) with a lot of resources at their disposal. The latest big DDoS attacks also have the ability to knock out huge swaths of the internet for a short period of time, and they are very difficult to defend against.

Most Online Crime is Preventable

However, the majority of cyber-crime instances occur as a result of human error or systems that aren’t secure. People who fail to practice basic hygiene are more likely to get sick or spread disease to others and the same is true of online viruses and malware. Companies that succeed in blocking most access channels will send hackers on to easier targets. Basic cyber-hygiene won’t protect against every threat, but it will make it much less likely that your company will be one of the unlucky ones.

  • Education – A chain is only as strong as its weakest link and in this case that means the employee with the least amount of tech experience. Reduce the risk by educating everyone with computer access in basic security protocols, such as password strength and phishing scam recognition. Make sure anyone with home access is running security software.
  • Use Available Resources – There are a number of online sites that have a lot of information on cyber-security. In the UK, the Get Safe Online site offers valuable resources for companies and individuals who want to protect their privacy. Do not assume that you know everything; read the experts’ advice and then share it with other staff members.
  • Update Regularly – Microsoft, Adobe and other office software offer regular updates and security patches. It is extremely important to make sure someone is in charge of installing these; they’re often designed specifically to close vulnerabilities that criminals have learned to exploit.
  • Invest in Security – Viruses and malware are constantly changing. At some point, technology from ten years ago simply won’t protect against modern threats. Up-to-date security might seem like a big investment, but it’s nothing to what the company will lose through direct stealing or reputation damage if it’s hacked.
  • Perform Internal Audits – Security issues do not go away if you ignore them; they get worse. It’s worth hiring a professional to perform regular audits so you can diagnose the company’s weakest areas and work on fixing them.

Ultimately, combating cyber-crime will take a concerted effort amongst international and governmental agencies to track down these individuals and eliminate all the different ways they can attack. However in the short term, companies can accomplish a lot by making sure their own security practices are first rate.