1

Malware: The State Of The Threat In 2016

by Grey One •

  • Most malware is acquired when users visit questionable web sites (e.g. adult sites) or when they click on questionable email (e.g. free offers or fake invoices)
  • MS Windows is by far the most vulnerable operating system — but malware exists for Apple OS X and Linux also
  • You can significantly reduce your risk of a malware attack by keeping MS Windows is by far the most vulnerable operating system — but malware exists for Apple OS X and Linux alsoyour OS, web browser and applications updated diligently

What is malware?

Malware or malicious software is software used to disrupt computer operations, gain unwanted access to computer systems, and use that access for, often, hostile purposes. It is normally disguised as benign files or links to web sites.

Who uses malware?

Malware is used by:

  • Criminal groups for financial gain
  • Espionage operations targeting national organizations and businesses in order to extract secret information or disrupt operations

Malware can be used to:

  • Take control of your system for nefarious reasons (e.g. sending spam email, or running DOS (denial of service) attacks remotely and anonymously)
  • Steal personal identification details (e.g. credit card numbers or passwords)

We will discuss in this article about desktop (not mobile devices) malware that is used to steal information and funds from individuals. This type of malware is normally opportunistic and not targeted to a specific individual. If you are in the wrong place at the wrong time and vulnerable, you can become a victim to this type of crime. The benefit of the Internet to a criminal is that they can build a scam and malware and be able to target large numbers of individuals. They only have to achieve success with a small percentage to make significant returns on their work.

Malware and cyber crime has become a large industry of organized crime. There are services-for-hire in every part of a cyber “heist”: developers of the code that takes advantage of specific vulnerabilities, operators of distribution networks to get the malware to the victims, command and control networks that automate the exploits, groups that use the stolen identities and credit cards to get goods and cash, groups that launder the funds, etc.

Why is there an increase in malware?

As a society we are doing an increasing amount of business, entertainment and social interactions over the Internet. As an example, the infrastructure for online financial transactions has increased to the point now that businesses and individuals can no longer avoid doing business online.  So cybercriminals when asked why they build malware will (mis)quote the famous bank robber, Willie Sutton — “Because that’s where the money is.”

So how to you reduce your risk of being a victim of malware?

Reduce your profile. Like in any risk in life we can reduce being “owned” by malware by reducing the size of the target on our back. We can do this through technology and knowledge. One of the most effective ways to reduce your target profile is to use a computer environment that is the least attacked and, if attacked, is the least vulnerable. So what are our options?

There is no doubt that the vast majority of malware is designed to attack devices that are using Microsoft Windows. The advantages to the criminal to target Windows users are significant:

  • Windows is run on about 80-85% of the desktops today
  • The number of known vulnerabilities is about nine times over its closest rival, Apple OS X
  • Microsoft does not have as effective an ecosystem to discover and fix bugs as Linux’s open source community or Apple’s control of hardware and development platforms

Although the amount of new Mac OS X malware discovered annually has been trending upwards over the past five years, it is still very small in comparison to Windows. Apple has made good advantage on its decision to base OS X on Unix BSD. It inherits Unix’s security design and the continuous improvements in the open source components it also uses.

Linux has a very small proportion of the world’s desktops but has a high proportion of servers worldwide. New vulnerabilities are found on Linux but they are mostly associated with the server configurations – and the servers cannot be socially engineered and the systems are often updated promptly by professionals. In general, you have to have reasonable technical skills to use a Linux desktop as a general-purpose home system.

I know there are lots of technical opinions about the points above, but the statistics says that you are less of a target if you don’t run Windows. In spite of this data, I know that very few folks are going to run out and replace their Windows box with a Mac or Linux system – so we will work with hand we are dealt.

Keep updated and patched

Regardless of the platform that you use for your home system, you still need to keep it updated. The biggest advantage that cyber criminals have is that after software vendors publish fixes for vulnerabilities, it takes the users a fair amount of time (usually months) to update their systems. This gap in time is criminal’s opportunity. Aside from zero-day vulnerabilities, almost all malware takes advantage of known vulnerabilities and misconfigurations of access control on the device. So, it is important to keep your OS, browser and applications updated diligently. If there is no vulnerability, most malware cannot be successful — unless they can convince you to let down your guard some other way.

Should I use an anti-virus package?

There is a lot of hype and misinformation about the use of anti-virus (AV) programs to protect your system from malware. The biggest disadvantage of AV systems is that AV programs rely upon the process of discovering new malware variants some way by themselves or through other partners, then analyzing how to recognize the malware, and then creating a “signature” (usually an arithmetic hash of the malware payload file) to detect it on your system. The AV vendor then updates its database on your system and if your AV program sees the file signature on a downloaded file, it will block the file. The reason this is a disadvantage is that there are tens of thousands of new versions of malware created every day and the AV vendors need to create signatures for each one.  [Some AV vendors also use heuristics or behavior modeling to detect some families of malware.] Malware developers can create thousands of unique versions of its one exploit with simple utilities and you might be the first to get one of the newly minted clones before the AV vendor has seen it and created a signature.  This is an amazing arms race enacted every day.

The reality is that a lot of cyber criminals are cheap or lazy or both. They will reuse malware for long periods of time figuring they will find enough systems that don’t have updated AV. So even if your AV may be behind a few days or weeks, it can still detect last month’s malware and block it. This is a good reason to use AV and keep it updated.

How much should I pay for an AV package?

There are a lot of AV vendors and their product prices range from free to premium. There are also a couple of organizations that test these vendors frequently and rate them on a few metrics. If you are interested in seeing how your AV vendor measures up look at:

Also PC Magazine does a good job rating the AV packages at least once a year.

My recommendation is to use Microsoft’s AV software at a minimum. It is free with Windows 7, 8 and 10. Although, it does not score as high as most other AV packages, it is still effective, free, nicely integrated and does not harass you to update itself or re-subscribe.

If you are looking for a high scoring AV package, both Bitdefender and Kaspersky score consistently high and are worth their price.

The other benefit of good AV packages is that they may have tools to remove malware if you do get infected. This can be a significant advantage if they can remove the artifacts of an infection.  If they can’t, you may need to reload your entire system from a backup from a date when you can be assured you were not infected.

Stay out of bad neighborhoods

That advice applies to your online neighborhoods too. The highest incidence of malware is on adult sites. I will let you to decide why that would be. Additionally, advertisements offering free anything are often infected in some way. If you want to browse freely anywhere online, you will want to set up a separate system that is quarantined from your system that holds personal information. This approach allows you to re-image your system with a clean version and start again clean each time. See our brief guide to setting up a virtual OS — or you can find a more extensive guide here.

Additionally, we have written about ransomware and the danger of opening unexpected email attachments. Don’t follow unsolicited ads and report them as spam.

Knowledge is power

Finally, like everything in life, the more you know about some aspect, the better the chance you can use it effectively.  It is really important to keep current on the latest risks of online activity. It is good for your online health to read blogs like ours and others that cover cyber crime and risks to our privacy. These threats will not decrease in the foreseeable future – we need to live with them.
A couple good sites that track security risks that are easy to read are:

What about mobile systems?

As I mentioned up front, I will not discuss mobile systems malware in this article. The iOS and Android platforms are getting lots of attention from the cyber criminal world. These platforms have their unique issues: locked/unlocked, application certification, etc. I’ll cover this topic in another article.

Comments 1

  1. Good article. Thx.
    Another way to reduce your malware profile if you are using Windows is to upgrade to the newer versions like Windows 10. There are fewer malware exploits for new versions cause they have less vulnerabilities and Microsoft has improved the security of the new operating system, so it is more difficult to get control of the system. I am not saying that Windows 10 will not have vulnerabilities, but the older the Windows version you are running, the more vulnerable you are.

Leave a Reply

Your email address will not be published.