Malware 101: Don't Open That Attachment!

By:  Mike Twomey | InfoTank, Inc.



It’s December 2013, we find ourselves at the desk of a busy employee. The greenish hue of fluorescent lights are filling the work space where paper is strewn about with some level of organization that only the employee understands. A notification rings out from the computer speakers letting the employee know that they have just received a new email. The subject line reads “URGENT: Invoice due”. “It looks like it’s coming from Finance, it’s got an attachment…” gripped by the curiosity of a possible open invoice the employee opens the attachment. The file opens, but it doesn’t look like any invoice that pertains to this employee’s department so they close it. Shortly after, the whole screen changes to red with a big blue shield and an alert that says “Your personal files are encrypted”. No amount of clicking the X in the top right corner of the box will make it go away. The computer is completely locked up. The notification says that money must be paid to recover your files.
While this story is fictional, it is based on Cryptolocker, a form of ransomware that spread like wildfire a few years ago locking computers across the world and demanding that users pay a ransom of Bitcoin to get access to their files again. But what is ransomware? How does it differ from other forms of malware? Wait a minute, what the heck is malware?! I think before we hit on ransomware, adware and spyware we should take a look at malware as its broadly defined.
There are two components to malware: the propagation mechanism (how the malware spreads) and the payload (what malicious action/scripts the malware loads to your computer). To better understand how to protect ourselves against malware we need to understand these propagation mechanisms.
First, the virus. Viruses spread from system to system via human interaction. Think downloading from file sharing (Dropbox, OneDrive, peer-to-peer networks) or email attachments, thus human interaction. If you want a truly terrifying example of a virus being spread, Google search “Stuxnet”. I’ll just say this, possible spy involvement and nuclear weaponry.
Second, the worm. Worms are different from viruses in that they do not need human interaction to spread throughout a network. Once a computer is infected the worm makes multiple copies of itself and spreads via an internet/network connection.
Lastly, the trojan. Trojans spread by disguising themselves as beneficial software (even sometimes as anti-virus!). Once downloaded and installed, the trojan unleashes the payload which usually runs in the background completely undetected.
So how do we protect ourselves from becoming infected with one of these types of malware? Here are a few tips:
-Do not plug in any USB device that you don’t know the origin. If you find it on the ground or its left on your desk, be skeptical. Leaves of three let it be? No, no, no… random USB let it be. (Virus/Worm)
-Do not download attachments from emails or files from file sharing platforms that you don’t know the sender. Even if you do “know” the sender, make sure the email address matches what you know is that sender’s legitimate email. (Virus/Worm)
-Do not install any programs that you can’t determine legitimacy of the creator. If you’re unsure of a program, let us know! (Trojan)

-Do disconnect your computer from the internet/network if you suspect that it’s been compromised by malware in any way. (Worm)
-Do keep your computer up to date. I know it’s annoying to have to run that Windows update right as you’re trying to leave for work at the end of the day but it has important security updates that includes databases of new virus/worm/trojan definitions that helps your built-in virus protection detect and shutdown any possible attacks against your computer. (Virus/Worm/Trojan)
Stay tuned for our next TekTalk where we will be breaking down malware payloads (ransomware, adware, spyware) and the impact that they can have on not only your computer but your personal life!
Go update NOW.