The malware, short
for "malicious software" is software used to affect people who use
computers. It has a wide range of capabilities including:
- interrupt
the operation of the computer
- collection
of sensitive information
- impersonate
a user or a user to send spam or fake messages
- Get
access to private computer systems
Most malicious programs have a
criminal profile and are most often used to obtain banking information or login
credentials for email or social media accounts. Governments, law
enforcement agencies, and even private individuals use
malware to bypass encryption and to spy on others. With malware, an adversary can
record from a webcam and microphone; disable the notification settings of
certain antivirus programs, record keystrokes, copy emails and other
documents, steal passwords, and much more.
How can
an adversary use malware to attack me?
The best way to deal with
a malware attack is to avoid getting infected in the first place. But
that can be difficult if your adversary has access to zero-day vulnerabilities.
that is, attacks that take advantage of a previously unknown vulnerability in a
computer application. Think of your computer as a fortress; a zero
day would be a hidden secret entrance that you do not know, but that your
adversary has discovered. You cannot protect yourself from a secret
entrance whose existence you do not know. Governments and law enforcement
agencies store zero-day exploits for use in targeted malware
attacks. Criminals and other actors can also gain access to zero-day
vulnerabilities that they could use to covertly install malware on your
computer. But zero-day feats are expensive to buy and costly to reuse
(once the secret entrance is used to enter the fortress, it increases the
chances of other people finding it).
For example, in Lebanon, hackers
targeted civilians with malware that was hidden in fake software, trojanized
versions of secure communication tools like Signal and
WhatsApp. Ethiopian dissidents, students, lawyers and human rights lawyers
were being targeted with spyware disguised as Adobe Flash updates
and politically themed PDF files. And the Tibetan activists were being
attacked with malware hidden in a PDF file that was maliciously made to look like
it had been sent by another Tibetan activist.
So how do I
protect myself against malware?
Use Antivirus Software
Antivirus software can be
effective in fighting cheap, "undirected" malware that can be used by
criminals against hundreds, or even thousands, of targets. However,
antivirus software is often ineffective against targeted attacks, such as those
used by Chinese government hackers to compromise
the New York Times. EFF recommends the use of antivirus software on your
computer and Smartphone, although we cannot recommend any one antivirus product as superior to
the others.
Be wary of suspicious
attachments
The best way to avoid getting
infected with targeted malware is
to avoid opening suspicious documents that might install the malware in the
first place. People with more computer and technical experience will have
somewhat better instincts about what can and cannot be malware, but
well-targeted attacks can be very forceful.
If you use Gmail, open suspicious
attachments in Google Drive instead of downloading them, this can protect your
computer from infection. Using a less common computing platform, such as
Ubuntu or Chrome OS, significantly improves your odds against many malware
delivery tricks, but does not protect you against more complex adversaries.
Run software updates
As new vulnerabilities are
discovered in software, companies can fix those problems and offer solutions
such as a software update, but you won't get the benefits of your work unless
you install the update on your computer. It is a common belief that if you
are running an unregistered copy of Windows, it cannot or should not accept
security updates. This is not true.
Write down indicators
of vulnerability
Sometimes antivirus software will
not detect malware on your device, especially if the malware is new or unknown
to the antivirus authors. If this is the case, you may still be able to
find indicators of compromise. Indicators of compromise
are signs or clues that your computer has been infected with malware. For
example, you might notice that the light near the webcam is on, even though you
haven't activated it (although advanced malware can turn off the webcam
light). Another example: Facebook, Twitter, Microsoft, and Google
sometimes inform users if they believe their account has been attacked by
state-sponsored attackers.
Other indicators are less
obvious; You may notice that your email is being accessed from
an unknown IP address or that your settings have been altered to send copies of
all your email to an unknown email address. If you have the ability to
monitor your network traffic, the timing and volume of that traffic may
indicate a compromise. Another example: you might notice that your
computer is connecting to a known command and control server - computers
that send commands to computers infected with malware or that receive data from
infected computers.
What should
I do if I find malware on my computer?
Every keystroke you make may be
being sent to your attacker. You may want to take your computer to a
security expert, who can discover more details about the malware. If you
have found the malware, removing it does not guarantee the safety of your
computer. Some malicious programs give an attacker the ability to
execute arbitrary code on the infected computer, and there is no guarantee that
an attacker will not have installed additional malicious software while in
control of your computer.
You may want to reinstall
the operating system on your computer to remove the
malware. This will remove most malicious programs, but some particularly
sophisticated malicious programs can persist. If you have any idea when
your computer was infected, you can reinstall files older than that
date. If you reinstall files after the date of infection, it may re-infect
your computer.
What should
I do if I find malware on my computer?
Go into computers that you think
are safe and change
their passwords; Every password that
you have entered while your computer was infested can be considered
compromised.
You may want to re-install your
computer's operating system in order to remove the malware. This operation
removes most malware, but especially sophisticated ones may persist. If
you have an idea when your computer was infested, you could re-install the
files from before that day. Re-installing
files that existed after the day of infection can re-infest your computer.
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDelete