Malware 101: What It Is, Current Trends, Signs You’re Infected & Prevention

Malware refers to any modified script in a software system that aims to cause intentional harm to the victim. The term malware is a portmanteau that blends two words: malicious and software.

Let’s take a good look at this bad situation. We’ll review how malware works, alarming stats and trends, signs that you’re likely infected and, most importantly, ways to prevent this malice.

How malware works

Malware is commonly deployed to a target system in the form of repackaged software that, first, installs on the system and then modifies the behavior of services and tools that interact with it. It exploits known vulnerabilities in the system and manipulates an unsuspecting victim tricked into installing the malware payload into the target machine.

Malware has several characteristics:

• Its invisibility to victims
• Self-replication and propagation
• Self-execution and deterioration of a software system behavior

A simple malware may be a few lines of code that modify the behavior of a software system. A virus is a common example.

A complex malware may be a software program that executes sophisticated algorithms designed to affect the performance of a target system or leak data to third parties without being detected by the user and cybersecurity tools. Examples include:

• Backdoors
• Worms
• Logic bombs
• Trojan horses
• Botnets

Trends in malware

Despite widespread efforts into combating malware, it remains one of the most prevalent cybersecurity threats. This primarily comes down growth: technology adoption is growing fast, but many users lack the necessary cybersecurity awareness.

Known vulnerabilities in old technologies remain unpatched. Social engineering easily manipulates unsuspecting and less tech-savvy users into installing malware designed to exploit these vulnerabilities. And the results are concerning:

• Over half a million new malware strains circle the Internet every day.
• Over one billion malware programs exist.
• Over 5.4 billion malware attacks are conducted every year.
• 7% of websites on Google are infected with malware.
• Ransomware is the most popular malware with 48% share, which suggests that many malware attacks are indeed financially motivated.

Am I infected? Signs you might have a malware problem

How does an average user determine whether their machines are under a malware attack? Successful malware attacks are characterized by their invisibility property. They remain under the radar — even when you’ve installed expensive antivirus tools on your machine.

However, it is quite easy to identify the subtle consequences of any installed malware. If your machines are infected with malware, watch out for the following signs:

Seeing too many ads and redirects

Ads serve the purpose of making money by compromising a target system. Flooding a website with ads gives advertisers the ability to reach more audience, albeit at the visual inconvenience of their targets.

Is your computer crashing? Slowing down?

A malware may be executing repetitive and parallel requests, overflowing RAM buffer and cache, which makes your computer slow. Or, it may be running crypto mining and peer-to-peer resource sharing programs in the background that slow down your machine.

Running out of storage, or losing access to your own files

While you expect to have ample storage at your disposal, malware programs may occupy hard disk space and install bloatware. The purpose of bloatware may be to…

• Modify the performance of interacting applications and services.
• Leak sensitive user behavioral information and data to third parties without your knowledge.

Slow internet

If you’re not streaming videos or playing games online, but still find your internet performing slowly, it is likely that spyware may be running in the background or that your machine may be a part of a larger botnet attempting a Denial of Service attack.

Different browser and OS settings

Perhaps you were socially engineered to change browser settings that allow websites to track your location or change the default search engine? Have some apps obtained permission to use your mic and webcam without your knowledge?

Noticing the signs = it’s probably too late

All these signs are subtle and potentially a consequence of a malware attack. But by the time you recognize these signs, it’s already too late. If it was a malware attack, you have already fallen victim to it and may not be fully aware of the damage caused. A cleanup may require full storage formatting and software reinstallation to guarantee a malware-free system.

Still, any loss of valuable data — login credentials, credit card details and valuable files — may be irrecoverable. So what can you do to prevent a malware attack in the first place?

Preventing malware attacks

Standard security best practices go a long way in preventing malware attacks:

• Use strong passwords and change them frequently.
• Understand the concept of social engineering, how cybercriminals can impersonate legitimate entities and trick you into installing a malware payload by clicking links and downloading attachments.

Business organizations must go a step ahead and improve their Intrusion Detection System capabilities. Use Anomaly-based detection systems that learn from patterns of attack signatures and traffic requests, model true system behavior and alert against any anomalous behavior in real-time.

Be wary of the insider threats: use strong Identity and Access Management protocols such as ABAC that strictly enforce the Principle of Least Privilege Access while maintaining flexibility to share computing resources and data between all data producers and consumers in line with organizational policies. And, lastly, don’t forget to consider your disaster recovery plan in light of a malware attack.

Splunk supports enterprise security

With the right cybersecurity strategy in place, you can likely get ahead of malware. See how Splunk can help support these efforts and strengthen your digital resilience.

What is Splunk?

This posting does not necessarily represent Splunk's position, strategies or opinion.