Adventures with Malware

a skull and crossbones with tentacles emerging from a desktop computer screen

Written by Beth Downey

Twitter

Facebook

Email

By now, everyone is familiar with computer viruses, even if they have had the good fortune to not have dealt directly with one. Most of the time when people are talking about computer viruses, they’re actually referencing malware. Malware is a word derived from “malicious software.” It’s an umbrella term that describes any hostile program or code that is harmful to systems. [source]. There are several types of malware: in addition to computer viruses, there are worms, Trojan horses, ransomware, spyware, adware, and scareware.

A computer virus is a bit of computer code that replicates itself, very much like a virus that multiplies in a human or animal’s body and makes it sick. In the early 00’s, the “I Love You” computer virus spread like wildfire. The virus was distributed via email. Users clicked on an attachment in an email with the subject line “I Love You.” Who could resist that? (Me, actually.) Once the attachment was clicked, the virus was unleashed. In the case of the I Love You, the newly infected computer sent a new batch of emails to people on the user’s contact list with the infected attachment. The rest is history.

Worms are an especially insidious form of malware. They replicate themselves and eat away at files saved on a computer and eventually destroy all the system operating files and data files on a drive.

Spyware is the kind of malware that logs keystrokes of a user without their knowledge. Everything from usernames, passwords, banking information and the like can be captured with spyware.

Trojan horses are viruses designed to look benevolent while behaving malevolently. Users will think all is well, while under the surface the virus can be programmed to steal personal and/or financial information. They can eventually gain control of the host’s computer system files. Large scale system attacks can attempt to gain control over the entire system and render it unavailable to the network owners.

“Can you imagine a 40 person law firm with no computers, client files, or calendar appointments for 2 entire weeks?!”

Advanced malware such as ransomware is used to commit financial fraud and extort money from computer users. Ransomware is becoming more common. It is an advanced type of malware that restricts access to the computer system until the user pays a fee. When it comes to ransomware, we spoke with our favorite computer security expert, Bruce McCully, CEO of Dynamic Edge, who has extensive experience securing and maintaining large scale networks. Bruce offers this counsel:

“Website maintenance isn’t about keeping porn off site; it’s about protecting your reputation and your clients’ data. We are seeing unloved, un-patched, insecure websites being used as an attack vector for depositing malware on unsuspecting visitors computers. This type of virus usually makes a call back to a command and control server and then encrypts the computer it is attacking. A law firm contacted us after their receptionist got one of these viruses and they spent two weeks trying to have their internal people recover their network with no luck. Can you imagine a 40 person law firm with no computers, client files, or calendar appointments for 2 entire weeks?!”

We had our own adventure with the adware variety of malware recently. A client’s website appeared fine when we were performing maintenance and upkeep. However, when a Google search was performed, the results showed erectile dysfunction advertising text. Additionally all the website links from the search page redirected to pages selling these particular pharmaceuticals. We performed a scan which revealed a vicious adware attack. After about a week, we had the entire website scrubbed and back to normal. In a 2018 white paper, Sucuri detailed “Approximately 44% of all infection cases in 2017 were misused for SEO spam campaigns; up 7% from our last report. These campaigns often occur through PHP, database injections, or .htaccess redirects where the site was infected with spam content or the site redirected visitors to spam-specific pages. The content used is often in the form of pharmaceutical ad placements (i.e., erectile dysfunction, Viagra, Cialis, etc.) and includes other injections for industries like fashion and entertainment (i.e. cheap Ray-Bans, gambling, pornography).” This sounds achingly familiar.

So how do you secure your website? Install monitoring software – for WordPress websites, we like Wordfence. To take it a step further, your website host should offer a firewall within your hosting plan; you might have to upgrade but it’s better to pay a little on the front end rather than having a web developer or security company restore your website after a hack or worse, a ransomware attack. Additionally, with your WordPress website you MUST keep the WordPress Core and all the plugins and themes you are using up to date. And if you don’t have a website backup system implemented, do this as soon as possible. Do not pass go, do not collect $200.

Nefarious characters are always seeking opportunities to make mischief, often for profit. Being aware of their tactics and securing your website against bad actors should be a top priority.

Need more information on the topics discussed here? Here's a handy link to ask questions, hire us to help with similar scenarios, or simply say "Hi!"

« Previous Post

Newer post »

The name "Permelia"

Adventures with Malware

Written by Beth Downey

Want Posts Delivered Directly to Your Inbox?