First let’s talk about the definition of malware. <\/p>\n\n\n\n
Malware, short for malicious software,<\/em> is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information. As Microsoft puts it<\/a>, “[malware] is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network.” In other words, software is identified as malware based on its intended use, <\/em>rather than a particular technique or technology used to build it.<\/p>\n\n\n\n This means that the question of, say, what the difference is between malware and a virus misses the point a bit: a virus is a type of malware, so all viruses are malware (but not every piece of malware is a virus).<\/p>\n\n\n\n <\/p>\n\n\n\n There are a number of different ways of categorizing malware; the first is by how the malicious software spreads. You’ve probably heard the words virus, trojan, <\/em>and worm <\/em>used interchangeably, but as Symantec explains<\/a>, they describe three subtly different ways malware can infect target computers:<\/p>\n\n\n\n Malware can also be installed on a computer “manually” by the attackers themselves, either by gaining physical access to the computer or using privilege escalation to gain remote administrator access. <\/p>\n\n\n\n Another way to categorize malware is by what it does <\/em>once it has successfully infected its victim’s computers. There are a wide range of potential attack techniques used by malware:<\/p>\n\n\n\n Any specific piece of malware has both a means of infection and a behavioral category. So, for instance, WannaCry<\/a> is a ransomware worm. And a particular piece of malware might have different forms with different attack vectors: for instance, the Emotet banking malware has been spotted in the wild as both a trojan and a worm<\/a>.<\/p>\n\n\n\n <\/p>\n\n\n\n Prevention – An Ounce of Prevention Equals a Pound of Cure<\/p>\n\n\n\n With spam and phishing<\/a> email being the primary vector by which malware infects computers, the best way to prevent malware is make sure your email systems are locked down tight\u2014and your users know how to spot danger. We recommend a combination of carefully checking attached documents and restricting potentially dangerous user behavior<\/a>\u2014as well as just familiarizing your users with common phishing scams<\/a> so that their common sense can kick in.<\/p>\n\n\n\n When it comes to more technical preventative measures, there are a number of steps you can take<\/a>, including keeping all your systems patched and updated, keeping an inventory of hardware so you know what you need to protect, and performing continuous vulnerability assessments on your infrastructure. When it comes to ransomware attacks in particular, one way to be prepared is to always make backups of your files<\/a>, ensuring that you’ll never need to pay a ransom to get them back if your hard drive is encrypted.<\/p>\n\n\n\n It’s fully possible\u2014and perhaps even likely\u2014that your system will be infected by malware at some point despite your best efforts. How can you tell for sure? CSO <\/em>columnist Roger Grimes has written a deep dive into how to diagnose your PC<\/a> for potential malware that you might find helpful.<\/p>\n\n\n\n When you get to the level of corporate IT, there are also more advanced visibility tools you can use to see what’s going on in your networks and detect malware infections. Most forms of malware use the network to either spread or send information back to their controllers, so network traffic contains signals of malware infection that you might otherwise miss<\/a>; there are a wide range of network monitoring tools out there<\/a>, with prices ranging from a few dollars to a few thousand. There are also SIEM tools<\/a>, which evolved from log management programs; these tools analyze logs from various computers and appliances across your infrastructure looking for signs of problems, including malware infection. SIEM vendors<\/a> range from industry stalwarts like IBM and HP Enterprise to smaller specialists like Splunk and Alien Vault.<\/p>\n\n\n\n How to remove malware once you’re infected is in fact the million dollar question. Malware removal is a tricky business, and the method can vary depending on the type you’re dealing with. CSO <\/em>has information on how to remove or otherwise recover from rootkits<\/a>, ransomware<\/a>, and cryptojacking<\/a>. We also have a guide to auditing your Windows registry<\/a> to figure out how to move forward.<\/p>\n\n\n\nTypes of malware<\/h2>\n\n\n\n
Malware Prevention – An Ounce of Prevention Equals a Pound of Cure<\/h2>\n\n\n\n
How to Find Malware<\/h2>\n\n\n\n
How to Get Rid of Malware<\/h2>\n\n\n\n