Every news and social channel is rife with the ill-impact of malware. But what is malware and more importantly — how do you get it?
The wiki link above explains malware better than I can — essentially, a single term for all undesirable computer programs that could mess with your files. Viruses, trojans, worms, rootkits, …. and now ransomware.
How does one get it? There could be many possible ways — knowing them well is important in order to avoid picking up one unwittingly.
- Link? Blink !! A bad link. Almost everyone has received emails from what looks like your bank or a friend. There’s a small attachment which says “Here’s our new agreement” or “Here is a photo of you I found — you’ve GOT to see it.”. If it sounds or looks weird — it probably is.
- Check the email of the sender — no, not just by what shows up on top of the email. Depending on what you use (GMail, Yahoo, Outlook), you move your mouse over the email and hover. Else right-click, copy the email address and paste it into a harmless application like notepad. This is the real email of the sender. If the email says it is from “manager@bankofamerica.com” but you discover that the real email sender is “manag0r@bankxoiexkxkiei.ru” — that’s enough a signal to delete the email
- Read the sender’s email address VERY carefully. It may say “sales@paypal.com” and you verify that it is “sales@paypa1.com” — see that? The sender is from “paypa1 — paypay-one” dot com. Or could be “sales@paypal.co”. These subtle differences could mean the difference between peaceful existence vs losing a lot of valuable data.
- Download, Compare — THEN install. You could be downloading software from a well known and reputed site. Recently, someone hacked Handbrake’s download server and replaced one of the download exe’s with malicious software
- Either way — if you get click the file in email or the downloaded one, you’ve now installed malicious software — or malware — on your machine.
- Bad Ads… And there is Steganography — hackers have now learnt the art of inserting malicious javascript within ads. Click on a bad ad and bingo!!!
Once installed malware is capable of anything — opening a backdoor and sending your machine details to the creator so he can now monitor you, log your keystrokes and get details of your social network accounts, your bank, your identity. The malware could propogate itself by hacking your account and sending itself to everyone in your network. It could infect other machines at your workplace — the list is endless.
But all is not lost — there are a few steps you can take which will guard you.
- Whenever you download software — check the SHA/MD5 key of that download. This is a very specific string generated using the actual installation file. If someone has tampered with the file, the SHA/MD5 will not match and you know it is malware
- Don’t open files from emails that look suspicious.
- Backup, backup, backup. Backup your valuable files — not on another drive on the computer. At least in two other places. One could be an external drive, the second could be a secure cloud storage.
- Use good privacy protection tools with your browser — Ghostery, DisconnectMe, etc.
- Update your AntiVirus application and definitions frequently.
- Run tools like MalwareBytes that will keep your system clean.
- Use a browser like Firefox or Chrome that tells you when a website is compromised or has a fake certificate.
Be good, stay safe…
