May 2015: What is malware?

In this Secure UD Newsletter, we’ll explore the kinds and distribution of malware, as well as how to protect devices from malware.

Read more...

What are the kinds of malware?

There are many variants of malware, each with a different attack pattern. Three of the most common kinds of malware are described below. Viruses Computer viruses are one of the most well-known forms of malware, and they derive their name from their similarities to biological viruses. A computer virus requires a “host program” to grow and spread,  just as a biological virus requires a host organism. A computer virus inserts a copy of itself into a document or another program, and spreads as that infected program or document is shared. Typically, a virus only executes when you open an infected document or run an infected program. Viruses most frequently destroy data, but can be used for other attacks as well. Watch out for unexpected email attachments or suspicious software downloads. Worms While viruses are spread when you run infected software on your system, worms spread themselves across systems and networks without the need for host software. They are standalone programs that spread by taking advantage of weaknesses in a network or the computers connected to a network. A worm travels from computer to computer making copies of itself while it looks for information to steal or destroy, concurrently looking for access to other computers and networks. Trojans Trojans differ from viruses and worms in that they don’t replicate. Like the Greek soldiers hidden in the belly of the original Trojan Horse, they are malicious pieces of software hidden in other software that you download. Typically, they are carried by what appears to be a harmless widget or app. Once downloaded and opened, the Trojan might steal or destroy data,...

How is malware distributed?

Most malware requires user action–or a negligent user’s inaction–to make it onto a host system. Usually, scammers use a variety of tricks to get victims to download, install, and run malware on their computers or devices. Malware distribution is largely dependent on social engineering for this purpose. Email attachments Viruses and Trojans are often disguised as innocent email attachments in phishing emails. Users are tricked into downloading malware that poses as an invoice, form, image, or other document. Once on the user’s device, the malware either unpacks itself or waits for the user to attempt to open it before executing its code. Links in phishing email scams or malicious Web sites Often, phishing email scams try to direct victims to Web sites under the pretense of a threat (“your account will be disabled”), warning (“suspicious activity has been detected on this account”), or deal (“limited-time offer if you click now”). These links typically lead to malicious sites that download malware to the victim’s device when they load the page. Malvertising Malvertising, or malicious advertising, downloads malware to a victim’s device when the victim loads a Web page that displays the malicious advertisement. Malvertising is a pervasive problem because it is poorly controlled and can appear even on legitimate Web sites. Infected storage devices Some social engineers leave malware-infected thumb drives or other storage devices in public locations where they’re likely to be discovered. When someone plugs the storage device into a computer to determine its contents, malware in the device can transfer itself to the computer and infect it. Never plug suspicious or unknown storage devices into a computer....

What can I do to keep my devices safe?

Download, install, and use anti-virus software The UD community can download and install the University-licensed copy of McAfee VirusScan for any employee-, student-, or University-owned computers. Regularly update your virus definitions and scan your computer to identify and remove threats. Scanning is a critical step in protecting your computer because malware often relies on programs called rootkits to hide itself from the user. Scanning reveals and quarantines known malware. Avoid phishing scams Learn how to identify and avoid phishing scams in order to reduce the risk of being exposed to malware. Whenever you receive a suspicious email, report it and then delete it from your inbox. Never click on links in, or download attachments from, these emails. The Secure UD Threat Alert blog has many examples of phishing scams we’ve seen. Think before you click Don’t click on links without verifying that the address to which they point is legitimate. Often, scammers and social engineers will disguise links to malicious Web sites as links to other, more trustworthy sites by hiding the link under text or an image. Hover your cursor over a link and check the true address of the link before clicking. Even better, don’t click the link at all! It is much safer to go to the usual website where you log in to your account at a bank, university, or other other organization. If you have any questions, contact the IT Support Center. More information What is the difference: Viruses, Worms, Trojans, and Bots? (cisco.com) UD-supported anti-virus and anti-malware software Phishing information (US Federal Trade Commission) Secure UD Threat Alert blog IT Support Center website...

Secure shopping sites

When it comes to picking an online retailer, you’ve got plenty of options. Often, shoppers choose recognizable retailers like Walmart or Amazon. These sites tend to be safe since they have more resources dedicated to securing their online transactions. But sometimes lesser-known sites pop up with better deals on popular holiday purchases such as televisions, computers, gaming systems, and gift cards. Not all of these sites are trustworthy; scammers sometimes set up fake retail sites that claim to offer popular items in order to steal your information. Beware of domain name scams that mimic legitimate retailers with misspelled or .net URLs. Here are some tips for finding secure retail Web sites: Check the address. Some scammers will mimic the URLs of legitimate sites (for example, torget.com instead of target.com) in an attempt to steal payment information or distribute malware. Lock it up. Look for a padlock icon in your browser’s address or status bar, and check that the URL begins with “https”. These two things indicate that the site, and any data you send to it, is protected by SSL/TLS encryption. Watch for warnings. If your browser notifies you about a certificate error on a Web page, don’t provide any information to that site. These errors indicate intercepted connections or questionable sites. Know your stuff. Research online retailers before choosing to shop with them. Look for things like BBB accreditation, ratings, and complaints. There’s no rush. Beware of sites or ads that try to rush you into a snap purchase by offering a crazy deal or a limited-time offer. Be realistic. If a deal seems too good to be...

Online payment options

After you identify some stores of interest (or perhaps as part of the process of deciding where to shop), you’ll need to consider payment options. Most online retailers accept all major credit cards as well as other options, such as PayPal. These are by far the most popular payment options, and they account for the majority of online spending. But using a credit card online can be risky if you aren’t careful about managing your information and Internet connection. Around the holidays, it’s especially important to regularly check your card statements for signs of fraudulent activity and to work with your card company to address any issues. Debit or credit? Credit card companies tend to protect consumers through credit limits, statement reviews, and numerous fraud countermeasures, and consumers have limited liability in cases of fraud. The advantage of these features is that they provide a buffer between the time a transaction appears and the time you pay, allowing you to identify and dispute fraudulent charges before they cost you. The main risk associated with debit cards is that they draw funds directly from your bank account, so this buffer time does not exist for debit accounts. Debit cards are also not necessarily covered under the same protections as credit cards, although debit cards issued by major payment networks (e.g. Visa or MasterCard) often carry the same protections as credit cards in the same network. If your debit card is not protected by anti-fraud features, then you may only discover fraud if your card is later declined or if a check bounces (both of which would occur after funds have been...

Things to consider while shopping online

While you’re going about your holiday shopping, keep a few things in mind. If you give a store a cookie, it might start invading your personal space. Disable or clear cookies to prevent stores and advertisers from tracking your browsing history and habits, and from retargeting you for related offers. Stay secure. Never send payment information over public or unsecured networks. Use only secure networks to make online purchases. “There’s an app for that®,” as Apple says. If you’re using a mobile device (tablet or smartphone), consider making purchases through secure and official retail apps rather than through your phone or tablet’s Web browser—especially while using an unsecured  Wi-Fi network at a coffee shop, restaurant, shopping mall, etc. Click now to claim your malware! During the holidays, social engineers will use fake advertisements, social media posts, and phishing email to trick you. Their scams will push “limited time offers” that urge you to click a link or download a coupon. If you click before you think, you might infect your computer, phone, or tablet. This is a great way to get malware, but a bad way to shop. Watch for fake product or site reviews. If a reviewer hasn’t made any other reviews or writes in obvious “marketing speak,” be wary. Genuine reviews are varied, honest, and spread out over months or even years. For more information, visit the following Web pages: McAfee’s “12 Scams of the Holidays” (mcafee.com) 10 Tips for Protecting Against Holiday Online Shopping Scams (secureworks.com) Busy Life – Holiday Scams Abound Near Black Friday (us.norton.com) Shopping Safely Online (US-CERT) The Holidays Are Here Again: FTC...

Has your credit card information been stolen?

Surprisingly, credit card compromises may be the easiest type of hack to deal with. You’re not responsible for any fraudulent charges in excess of $50, and once you’re issued a new card, the problem has been solved, save for some changes to your personal habits. Detect the account theft as quickly as possible The easiest way to quickly detect a compromised financial account is to thoroughly read, and understand, your credit card bills and online banking statements. The key here is to recognize every little charge and to know what each line of information means. Hackers will often test a stolen account by using it for a very small purchase (e.g., a pack of gum at a gas station) before making much larger purchases, like a shiny 72” plasma TV. Read your statements often, and if you don’t recognize something, contact your financial institution immediately. Steps to take after your account has been stolen The FTC provides a thorough online guide on how to deal with identity theft. You will: file an initial fraud report with one of the US’s three credit reporting companies (Equifax, Experian, or TransUnion) order credit reports from all three of them contact the fraud department of your credit card or bank file an official identity theft report with the FTC. During this process, your bank will probably freeze the affected account. Luckily, the identity theft report will prevent all disputed activity from appearing on your credit report and ruining your credit score. Staying safe in the future Being smart about how you handle and understand your personal information is key in protecting your credit card...

Has your email account been stolen?

Being swift to take action following the theft of one of your online accounts is vital. Not only will you need to reclaim control over the affected account, you’ll need to take steps to protect your other accounts, too. How will you know? Hackers use compromised email accounts to access campus computing resources or to send spam and scams to your contacts. With the right login information, a hacker could have full access to UD’s network, which contains the confidential information of thousands of students and employees. If you receive worried calls or angry messages from your colleagues because of mail “you” sent them, you’d better investigate the security of your account. Most online accounts like Facebook and Gmail will alert you if there’s suspicious activity on your account, for example, multiple failed attempts to log in or attempts to log in from foreign countries. Steps to take 1. If you suspect your UD email account was hacked, immediately contact secadmin@udel.edu so IT can begin their investigation of the incident. 2. Immediately change the password of the affected account, and the password on every other online account that uses, or is linked to, that email address. Whichever email account has been hacked (UD, Gmail, Yahoo, etc.), IT advises you to change your UDelNet password. Because many people set up other accounts using their UD email accounts as an “alternate” email address, a hacked Facebook, Twitter, or Yahoo! account, could lead to your UD email being compromised as well. Double trouble! Remember, every password should be different and difficult to guess. You can use IT’s secure password page to help...

You are a target. Information security is everyone’s responsibility.