Protect yourself from malware! Because there are quite a few of them.

What are malware and what types are there?

Regardless of whether it is “Trojan”, “virus” or “worm” – all terms ultimately fall into the category of malware. These malicious programs are often multifunctional and, once they have infected a system, are often able to download additional malware from the Internet that cause further damage. One thing is certain: more and more intelligent and increasingly difficult to detect malware comes onto the market every day, and you should protect yourself against them as best you can.

Which devices can be affected by malware?

In principle, all electronic devices that either have an interface to the Internet or to other removable storage devices are susceptible to malware. In addition to PCs, laptops , smartphones and tablets , smart watches, televisions and vacuum cleaners can also be affected software While infected CD -ROMs or USB sticks used to be sources of malicious software , today the constant Internet connection of devices is the main entry point for malware. The purchase of a device should always be accompanied by immediate insurance.

How does a device become infected with malware (examples)?

Email attachments in file formats such as .exe or .scr may contain malware that runs when opened. But also double file extensions like  e.g “pdf.exe” is intended to deceive users. In addition, malware can also be loaded via Office documents. In addition, seemingly harmless links in the text can be  e-mailwhich, when clicked, refer to infected websites or Download a malicious file can be a source of danger for the system.

 

Infected software : Trojans refer to a hidden malicious component of software . Users install these independently but unnoticed - for example when downloading free software offers.

Websites : Calling up a website that has been prepared with malware in the browser – for example from the results of a search engine – can also infect a device. The dangerous thing about it: Even reputable websites can be contaminated with malicious code - for example through manipulated advertising banners. This usually happens unnoticed by the website operator.

What can malware do?

Spying on data: Malware can hide behind websites that look deceptively real or even in e-mail-Hide attachments from supposedly known contacts. Your goal: Spying on or accessing personal information or access data from those affected in order to cause further damage  On-line to set up accounts. We have a look at what you can do to prevent data theft  Phishing area compiled.

 

Blackmail : Ransomware refers to types of malicious programs that restrict or completely prevent access to data or the system. software either blocks all access to the system or encrypts certain data. A ransom is then required for release. Since it is not certain whether the data can actually be decrypted again after the ransom has been paid, it is recommended not to respond to the demands and not to transfer money or online currencies such as Bitcoins.

Manipulation of online banking : If malware has been placed on a computer, it can intercept and manipulate online For those affected, there is no evidence to indicate manipulation. From accessing the website, through the input mask, to completing the transaction, there are no anomalies. The malicious program intercepts data, changes it and forwards the manipulated data to the bank. Only the account statement shows what damage has occurred. We show what you can do in our security tips for online banking.

Displaying advertisements : Adware, a malware that displays unwanted advertisements, usually arrives on your device as an additional appendage to free downloads. If more pop-up windows with advertising open while surfing in the future, adware is probably up to mischief. This software can be comparatively harmless, but it is usually also able to record user data from those affected while surfing the Internet in order to then further individualize advertising pop-ups.

How do I protect myself from malware?

• Carry out regular and timely updates - of your operating system and programs on all devices in order to close security gaps.
• Be careful when opening emails - especially when clicking on links and attachments and if it is an unexpected message from an unknown sender. But you should also be careful with supposedly well-known senders, see for example Emotet.
• Only use trusted sources to download data.
• Make regular backups of important data to protect yourself from encryption and to be able to restore lost data yourself. Install a virus protection program and a firewall detect malicious programs when unwanted downloads
• Use user accounts with reduced privileges so that malware does not have administrative rights and therefore access to the entire system.

Practically every technical system is at risk from malware

Cyber ​​criminals try to smuggle malware onto a system as unnoticed as possible. If you suspect that something is wrong - for example, emails are being sent in your name - first check your device with a current virus protection program. In any case, you should subject your system to a thorough check. Further information in the area of ​​infection elimination .

What can I do if I am affected?

Many malicious programs make profound changes to the system that cannot be easily reversed. If an infection is confirmed, the entire system should be restarted. Regular backups make restoring your data easier. If a malware infection is reported, you should take the following steps:

 

• If the files are encrypted by ransomware and there is no backup , keep the encrypted data as it may be possible to decrypt it at a later date
• Reinstall the operating system. You can find help in the Infection Elimination section
• After reinstalling, change passwords online access ( e-mail , social networks, etc.).

In any case, you should report any misuse or infection of your system to your local police station or at www.polizei-beratung.de .

Special case Emotet

The Emotet malware is currently considered a particularly serious threat and regularly causes significant damage to private consumers and companies in Germany. The reason: Emotet spreads independently to contacts of users of infected systems using very authentic-looking emails. The recipients' systems are also infected with Emotet as soon as an Office document is opened from the attachment or via a link and the execution of macros is activated. Reloaded software then causes the actual damage. How exactly Emotet works and how to protect yourself .

Practically every technical system is at risk from malware

In contrast to the past, today's malware not only endangers computers in the narrower sense, but also basically targets every software-controlled and networked system. Next to  Smartphones and Tablets This applies in particular to routers and also for internet-enabled devices such as digital heating thermostats or a garage door that can be controlled via the internet.

 

The relationship between attack and defense methods is similar to the well-known race between the hedgehog and the hare: every newly discovered malware results in the IT security industry, for example, improving the virus protection function. Each improved defense mechanism in turn prompts the development of even more sophisticated attack methods to circumvent that mechanism.

As a result, this race leads to increased professionalization of malware development and increasingly complex malicious programs. Modern malware variants usually consist of several components that fulfill different functions - including the possibility of reloading further program modules with additional functions after the initial infection of a system. Due to their versatility and multifunctionality, today's malware can hardly be assigned to a single malware category such as virus, worm or Trojan.

For example, the ransomware , like the banking Trojan TrickBot, also has a typical worm characteristic - namely the ability to spread independently within networks. Regardless of the difficulty of classification mentioned above, a basic understanding of how common types of malware work is essential in order to be able to respond adequately cyber

What (almost) all current malware programs have in common

Malicious programs that have a so-called backdoor function are widespread: such programs open for Cyber-Criminals create a backdoor that allows secret remote access to the affected system.

 

No matter how a malicious program is distributed on the computer: once it has established itself, it usually continues to work autonomously, for example by loading additional malicious programs onto the device or connecting to a so-called C2 server from which it can be used centrally Botnet is abused.

The malware receives commands such as reloading further malware from automatically operating command centers on the Internet, so-called command and control servers (C&C servers ). The addresses of such C&C servers can either be explicitly encoded in the program text of the relevant malware or the malicious program contains an algorithm to generate changing C&C addresses, for example depending on the current date. Security specialists can find out the addresses through code analysis - and thus track down server

Source: BSI

Article image: Shutterstock.com/ Olivier Le Moal