DreamHost ACADEMY

Odds are, you’re familiar with the term “malware.” In the last decade or so, it’s risen to prominence as a favored tactic of cybercriminals, but its history goes back far further than that.

The idea of a computer virus can be traced back to 1949, in a paper written by early computer scientist John von Neuman. However, it wasn’t until the early ‘70s that we saw the first actual virus, “Creeper Worm,” which successfully copied itself onto remote systems.

As we moved into the late ‘80s and early ‘90s, we started to see a rise in malicious software with programs like the “Morris Worm” and the “Michelangelo Virus.” Since then, we’ve seen an unprecedented surge in cyber attackers using malware.

But what is malware, and how do you protect yourself from it?

What Is Malware?

Malware is the term used to describe any kind of software that has malicious intent behind it – i.e., any software designed to exploit a loophole in networks, services, or programmable devices.

These programs are typically used to extract data that cybercriminals can use for financial gain. Today the data that can be extracted via malicious activity is almost endless.

Why Do Cybercriminals Use Malware?

So why is it that cybercriminals use malware? What are the benefits of this type of criminal?

Here are the most common reasons criminals use malicious code for nefarious gains.

• It allows them to infect computers and mine bitcoin — as well as other cryptocurrencies.
• It allows them to take control of a large number of computers, which then allows them to launch large-scale DDoS attacks (denial of service attacks). You can read more about that here.
• It enables them to steal masses of consumer data. That can be (but isn’t limited to) financial and credit card data.
• It helps them fool victims into handing over their personal data, which is often used for identity theft.

What Are the Types of Malware?

Adware

Have you ever had unwanted ads pushed your way? It’s pretty common, especially for Adware. Adware is most often targeted at people in exchange for another service — for example, software that you don’t pay for. If the product is free, then you probably are the product.

Be wary.

Trojan

Named after the story of the horse that the Greeks used to enter the city of Troy, a trojan horse is one of the better-known types of malware. Trojans pretend to be harmless applications. The user downloads them but unwittingly allows the application to steal personal data. There are also Trojans that can crash your device or even launch a malicious attack.

Spyware

As the name suggests, this type of malware is used to spy on people. While predominantly used by law and government agencies, it’s also available to consumers. Usually installed on your computer without your knowledge, it transmits personal data and activities like your web browsing activity.

Scareware 

Have you ever been browsing the web, and a message pops up telling you your computer has been infected? The answer is probably “yes.” Always, always ignore it! Most of the time, it’s just to scare you into downloading a rogue application.

Worms 

The computer worm has garnered a lot of press over the years. They can copy themselves from one machine to another and don’t require any user interaction.

Ransomware 

A ransomware attack is one of the most profitable versions of malware. Because of that, it’s one of the most popular.

Ransomware is a type of malware that takes victim’s files and encrypts them. The cybercriminal will then send a ransom demand. The victim’s data is often not restored until that payment has been made.

Typically, the victim will receive instructions for getting the decryption key, after the fee has been paid. Ransom demands differ greatly in price, and more recently the fee to receive the instructions must be paid in Bitcoin.

Viruses 

Viruses are one of the most common types of malware around. By and large, they come in an email with an attachment. That attachment usually contains a virus payload that performs malicious action. As soon as you open the file, the device becomes infected.

Fileless Malware

Fileless malware uses legitimate programs to infect your computer. The biggest issue with fireless malware is it leaves no files to scan and no malicious programs. There is no footprint. That makes it incredibly hard to detect and to remove.

Polymorphic Malware

Polymorphic malware can take many shapes. So what makes it polymorphic? The fact it’s constantly changing. This makes it trickier to identify or detect, and typically entails the use of techniques such as changing file names and types.

By constantly changing these characteristics, polymorphic malware can avoid detection by pattern matching — which antivirus software has typically relied on.

Keystroke Logger

Keystroke Loggers are one of the oldest forms of cyber threat causing infected computers, but how do they work?

Keyloggers are essentially a way to spy on your computer, recording everything you type. This allows cybercriminals to steal personal data like passwords and financial information. In more recent years they have been used by companies to infect computers and monitor employees and the work they do — which is almost as bad as their more nefarious uses by cybercriminals.

That said, they do have some more legitimate uses — one of which is being used by intelligence agencies for surveillance purposes.

Related: Why Security Through Obscurity Isn’t Enough to Keep Your Website Safe

How Can Malware Affect My Website?

Now that you know about the malware types, it’s important to understand the consequences of unwanted software. A malware infection doesn’t just affect your devices – in some instances, it can also harm your website.

What are the consequences if your site is infected with malware?

• Search engine technology is incredibly sophisticated, and they’re good at spotting infected sites. This could cause you to drop out of the search results, which (needless to say) can have a detrimental effect on traffic and sales.
• If users land on your site and notice it’s been infected with malware, they are unlikely to return. It immediately erodes trust; cyber security is important to most visitors.

How Do I Know if I’ve Been Infected with Malware?

It can be tricky to know whether your device has been infected with malware, but there are some common signs you should keep an eye out for.

• You’re getting lots of pop up ads.
• You have issues starting up your computer or shutting it down.
• You’re getting warnings that your computer isn’t safe — but from software you don’t remember installing. These are often followed by messages to download and buy software to fix these issues. … Don’t.
• You get lots of browser redirects. This is when you click on a site, but then your browser takes you to another website. One that looks suspect, and you had no intention of visiting.
• Your computer is running super slow. Of course, this could just be because you have a slow computer or one that’s on its last legs. However, if your computer is running slow AND you see some of the other issues outlined above, it may be infected by malware.

Related: 13 of the Best Security Plugins to Keep Your WordPress Site Safe

How Can I Protect Myself from Malware?

Check Your Computer Regularly

These are relatively simple checks, but they’re ones that can help protect you — or at least help you catch issues early.

• If you spot any indications that you’ve been infected with malware (see section higher up this article), you should run whatever security software you have installed on your device. This should remove any malicious software.
• One of the best ways to keep yourself safe is to use antivirus software. Antivirus software is constantly checking your data (whether that be files, applications, software, or web pages) to help protect you against malware. It flags suspicious behavior and then looks to remove or block the offending malware. For example, we offer DreamShield, a scanning service that regularly checks your website for malware.
• Keep an eye on your credit card and bank accounts. While many banks have excellent fraud filters, it’s always worth checking yourself – especially if you think you have been a victim of malware.

Be Wary of Downloads

Being vigilant is one of the best things you can do to protect yourself from malware.

• Never open an attachment unless you are certain of its origin. While email clients are good at intercepting these, there are always some that make it through.
• Check the legitimacy of any company you buy software from. You can either stick to the big household names or look for reviews and testimonials.
• Don’t use unofficial app stores. While malware does make it into the official stores, moderators are quick to identify and remove it. The same can’t necessarily be said of unofficial app stores.

Just … Be Careful

This might sound obvious, but it’s incredibly important for protecting yourself against malware.

• Don’t click unknown links. This doesn’t matter where they are — it can be in an email, on your favorite social media site, or in a text message. If it feels fishy or too good to be true, then it probably is.
• You can’t always stick to well-known and trusted sites — no matter how hard you try. Ensure you have a safe search plugin added to your browser to mitigate the risk of ending up on the wrong sites.
• Don’t assume that emails from services like your bank are real. Cybercriminals are extremely good at appearing legitimate. If you get an email or text from a service like a bank, then log into your banking app to see if they actually sent the message. Failing that, phone your bank and check.

Protect Your Devices

Protecting yourself from malware is about being proactive and keeping your devices up to date.

• Make sure you keep all your operating systems and applications up to date. A favorite tactic of cybercriminals is to find vulnerabilities in out of date systems and software. Keeping them up to date helps protect yourself from malware.
• Invest in security software. There are many credible vendors for this kind of software, and they tend to be reasonably priced. When choosing a provider, make sure it’s well known. If you’re at all unsure, read online reviews before purchasing.
• Never click on a pop-up link unless you know and trust it. When you see one that feels untrustworthy, get rid of the pop-up, and click off the site — asap.

Protecting yourself and your computer from malware entails being vigilant to the signs of potential attack or infected device and installing malware protection.

Say Goodbye to Malware Threats

Website owners, however, should take extra steps and install malware protection on their domain. DreamShield is DreamHost’s own security service that allows you to scan your site for malicious software and will automatically scan it for you once a week after that.