TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Malware

Seven New And Tricky Types Of Malware To Watch Out For

Malware is a huge threat. It can cause a lot of damage and cost people a lot of money. As technology advances, so do the tactics used by cybercriminals.

Malware keeps getting more complex and harder to detect. Here are seven new and tricky types of malware that you should know about:

Polymorphic Malware

Polymorphic malware is a type of malware that changes its code every time it replicates. This makes it hard for antivirus software to detect because it looks different each time. Polymorphic malware uses an encryption key to change its shape and signature. It combines a mutation engine with self-propagating code to change its appearance continuously and rapidly morph its code.

This malware consists of two main parts: an encrypted virus body and a virus decryption routine. The virus body changes its shape, while the decryption routine remains the same and decrypts and encrypts the other part.

Fileless Malware

Fileless malware is malicious software that works without planting an actual file on the device. Over 70% of malware attacks do not involve any files. It is written directly into the short-term memory (RAM) of the computer. This type of malware exploits the device’s resources to execute malicious activities without leaving a conventional trace on the hard drive.

Fileless malware typically starts with a phishing email or other phishing attack. The email contains a malicious link or attachment that appears legitimate but is designed to trick the user into interacting with it. Once the user clicks on the link or opens the attachment, the malware is activated and runs directly in RAM.

Advanced Ransomware

Ransomware is a sophisticated form of malware designed to hold your data hostage by encrypting it. Advanced ransomware now targets not just individual computers but entire networks. It uses strong encryption methods and often steals sensitive data before encrypting it. This adds extra pressure on victims to pay the ransom because their data could be leaked publicly if they don’t comply.

Ransomware attacks typically start with the installation of a ransomware agent on the victim’s computer. This agent encrypts critical files on the computer and any attached file shares. After encryption, the ransomware displays a message explaining what happened and how to pay the attackers.

Social Engineering Malware

Social engineering malware tricks people into installing it by pretending to be something safe. It often comes in emails or messages that look real but are actually fake. This type of malware relies on people making mistakes rather than exploiting technical weaknesses.

Social engineering attacks follow a four-step process: information gathering, establishing trust, exploitation, and execution. Cybercriminals gather information about their victims, pose as legitimate individuals to build trust, exploit that trust to collect sensitive information, and finally achieve their goal, such as gaining access to online accounts.

Rootkit Malware

Rootkit malware is a program or collection of malicious software tools that give attackers remote access to and control over a computer or other system. Although rootkits have some legitimate uses, most are used to open a backdoor on victims’ systems to introduce malicious software or use the system for further network attacks.

Rootkits often attempt to prevent detection by deactivating endpoint antimalware and antivirus software. They can be installed during phishing attacks or through social engineering tactics, giving remote cybercriminals administrator access to the system. Once installed, a rootkit can install viruses, ransomware, keyloggers, or other types of malware, and even change system configurations to maintain stealth.

Spyware

Spyware is malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent. Spyware can monitor your activities, steal your passwords, and even watch what you type. It often affects network and device performance, slowing down daily user activities.

Trojan Malware

Trojan malware is a sneaky type of malware that infiltrates devices by camouflaging as a harmless program. Trojans are hard to detect, even if you’re extra careful. They don’t self-replicate, so most Trojan attacks start with tricking the user into downloading, installing, and executing the malware.

Trojans can delete files, install additional malware, modify data, copy data, disrupt device performance, steal personal information, and send messages from your email or phone number. They often spread through phishing scams, where scammers send emails from seemingly legitimate business email addresses.

Protect Yourself from Malware

Protecting yourself from malware requires using the right technology and being aware of the risks. By staying informed and proactive, you can significantly reduce the risk of malware infections. If you need help safeguarding your digital world, contact us today for expert advice.

Article used with permission from The Technology Press.

Malware And Ransomware: What You Need To Know

Bad software comes in many forms, but two of the most serious threats businesses face today are malware and ransomware. These types of malicious programs can damage your computers, steal sensitive data, and cause serious downtime. Understanding the difference between malware and ransomware — and how they operate — is essential to protecting your business.

Malware is the general term used to describe any “malicious software” designed to cause harm. It includes a wide variety of programs that can corrupt your files, steal your personal information, or even use your computer to attack other systems.

Some common types of malware include viruses, which spread from one computer to another; worms, which can replicate themselves without any action from you; trojans, which disguise themselves as legitimate programs to trick you; and spyware, which secretly monitors your activity.

The damage malware causes can vary widely. It may slow down your system, delete important files, steal your private information, or give control of your computer to cybercriminals. Some malware quietly operates behind the scenes without you ever knowing, while others cause immediate and noticeable problems.

Ransomware, on the other hand, is a specific type of malware that takes your data hostage. It works by locking your files — or sometimes your entire computer — and demanding payment to unlock them.

Think of it as a digital form of kidnapping. Ransomware usually finds its way into your system through infected emails, suspicious downloads, or compromised websites. Once inside, it encrypts your files and displays a message demanding payment for the decryption key.

Sometimes, even paying the ransom doesn’t guarantee that you’ll get your files back, as some attackers simply take the money and disappear.

There are two main types of ransomware. Locker ransomware locks you out of your entire computer, making it unusable. Crypto ransomware specifically targets your files, encrypting them while leaving the system itself accessible. Both types are disruptive and can severely impact business operations.

While malware and ransomware share some similarities, their goals and behaviors differ. Malware is often designed to operate silently, focusing on stealing data or causing long-term harm without immediate detection.

Ransomware, however, is loud and upfront. It wants you to know it’s there because the demand for payment is the whole point.

Unfortunately, malware and ransomware have many ways of sneaking into your business. They often arrive through infected email attachments, fake websites, compromised USB drives, or outdated software with security holes.

Staying protected means keeping your systems updated, using strong passwords, being cautious with links and attachments, and regularly backing up your data.

Knowing the difference between malware and ransomware isn’t just technical trivia — it can make a big difference. The better you understand these threats, the more prepared you’ll be to prevent them.

And if you ever do fall victim to an attack, identifying what you’re up against will help you respond more effectively and minimize the damage.

If you’re unsure whether your business is fully protected or need help strengthening your defenses, get in touch.

We’re here to help you stay secure.

Watch Out! “Malvertising” Is On The Rise!

This image was generated by an AI engine.

There are many types of malware. One of the most common is called “malvertising.” It crops up everywhere. You can also see these malicious ads on Google searches.

Two things are making malvertising even more dangerous. One is that hackers use AI to make it very believable. The other is that it’s on the rise, according to Malwarebytes. In the fall of 2023, malvertising increased by 42% month over month.

Below, we’ll help you understand malvertising and give you tips on identifying and avoiding it.

What is “malvertising?”

Malvertising is the use of online ads for malicious activities. One example is when the PlayStation 5 was first released. It was very hard to get, which created the perfect environment for hackers. Several malicious ads cropped up on Google searches. The ads made it look like someone was going to an official site. Instead, they went to copycat sites. Criminals design these sites to steal user credentials and credit card details.

Google attempts to police its ads, but hackers can have their ads running for hours or days before they’re caught. These ads appear just as any other sponsored search ad. They can also appear on well-known sites that have been hacked or on social media feeds.

Tips for protecting yourself from malicious online ads

Review URLs carefully

You might see a slight misspelling in an online ad’s URL. Just like phishing, malvertising often relies on copycat websites. Carefully review any links in the ads.

Visit websites directly

A foolproof way to protect yourself is not to click any ads.

Instead, go to the brand’s website directly.

If they truly are having a “big sale,” you should see it there. Just don’t click those links and go to the source directly.

Use a DNS filter

A DNS filter protects you from mistaken clicks. It will redirect your browser to a warning page if it detects danger. DNS filters look for warning signs. This can keep you safe even if you accidentally click a malvertising link. Often, you’ll see a block page.

Do not log in after clicking an ad

Malvertising will often land you on a copycat site. The login page may look identical to the real thing. One of the things phishers are trying to steal is login credentials.

If you click an ad, do not input your login credentials on the site, even if the site looks legitimate. Go to the brand’s site in a different browser tab.

Don’t call suspicious ad phone numbers

Phishing can also happen offline. Some malicious ads include phone numbers to call. Unsuspecting victims may not realize fake representatives are part of these scams. Seniors are often targeted; they call and reveal personal information to the person on the other end of the line.
Stay away from these ads. If you find yourself on a call, do not reveal any personal data.

Don’t download directly from ads

“Get a free copy of MS Word” or “Get a Free PC Cleaner.” These are common malvertising scams. They try to entice you into clicking a download link. It’s often for a popular program or freebie. The link actually injects your system with malware to do further damage.

A direct download link is likely a scam. Only download from websites you trust.

Warn others when you see malvertising

If you see a suspicious ad, warn others. This helps keep your colleagues, friends, and family more secure. If unsure, do a Google search. You’ll often run across scam alerts confirming your suspicion.

Foster a culture of cyber awareness

It’s important to arm yourself and others with this kind of knowledge. Foster a culture of cyber-awareness to ensure safety and better online security.

Zero-Click Malware Is The Latest Cyber Threat

In today’s digital landscape, cybersecurity threats continue to evolve. They pose significant risks to individuals and organizations alike.

One such threat gaining prominence is zero-click malware. This insidious form of malware requires no user interaction. It can silently compromise devices and networks.

One example of this type of attack happened due to a missed call. That’s right, the victim didn’t even have to answer. This infamous WhatsApp breach occurred in 2019, and a zero-day exploit enabled it. The missed call triggered a spyware injection into a resource in the device’s software.

A more recent threat is a new zero-click hack targeting iOS users. This attack initiates when the user receives a message via iMessage. They don’t even need to interact with the message of the malicious code to execute. That code allows a total device takeover.

Understanding zero-click malware

Zero-click malware refers to malicious software that can do a specific thing. It can exploit vulnerabilities in an app or system with no interaction from the user. It is unlike traditional malware that requires users to click on a link or download a file.

The dangers of zero-click malware

Zero-click malware presents a significant threat. This is due to its stealthy nature and ability to bypass security measures. Once it infects a device, it can execute a range of malicious activities including:
• Data theft
• Remote control
• Cryptocurrency mining
• Spyware
• Ransomware
• Turning devices into botnets for launching attacks

This type of malware can affect individuals, businesses, and even critical infrastructure. Attacks can lead to financial losses, data breaches, and reputational damage.

Fighting zero-click malware

To protect against zero-click malware, it is crucial to adopt two things. A proactive and multilayered approach to cybersecurity. Here are some essential strategies to consider:

Keep software up to date

Regularly update software, including operating systems, applications, and security patches. This is vital in preventing zero-click malware attacks. Software updates often contain bug fixes and security enhancements.

Put in place robust endpoint protection

Deploying comprehensive endpoint protection solutions can help detect and block zero-click malware. Use advanced antivirus software, firewalls, and intrusion detection systems.

Use network segmentation

Segment networks into distinct zones. Base these on user roles, device types, or sensitivity levels. This adds an extra layer of protection against zero-click malware.

Educate users

Human error remains a significant factor in successful malware attacks. Educate users about the risks of zero-click malware and promote good cybersecurity practices. This is crucial.

Encourage strong password management. As well as caution when opening email attachments or clicking on unfamiliar links.

Use behavioral analytics and AI

Leverage advanced technologies like behavioral analytics and artificial intelligence. These can help identify anomalous activities that may indicate zero-click malware.

Conduct regular vulnerability assessments

Perform routine vulnerability assessments and penetration testing. This can help identify weaknesses in systems and applications.

Uninstall unneeded applications

The more applications on a device, the more vulnerabilities it has. Many users download apps then rarely use them. Yet they remain on their device, vulnerable to an attack.

Only download apps from official app stores

Be careful where you download apps. You should only download from official app stores. And always keep your apps updated using your device’s app store application.

Signs That Your Computer May Be Infected With Malware

Approximately 34% of businesses take a week or longer to regain access to their data and systems once hit with a malware attack.

Malware is an umbrella term that encompasses many different types of malicious code. It can include viruses, ransomware, spyware, trojans, adware, key loggers, and more.

The longer that malware sits on your system unchecked, the more damage it can do. Most forms of malware have a directive built in to spread to as many systems as possible. So, if not caught and removed right away, one computer could end up infecting 10 more on the same network in no time.

Early detection is key so you can disconnect an infected device from your network and have it properly cleaned by a professional.

Keep an eye out for these key warning signs of malware infection so you can jump into action and reduce your risk.

Strange pop-ups on your desktop

Some forms of malware can take on the disguise of being an antivirus app or warranty notice that pops up on your screen.

Hackers try to mimic things that users may have seen from a legitimate program, so they’ll be more apt to click without thinking.

If you begin to see a strange “renew your antivirus” subscription alert or a warranty renewal that doesn’t quite make sense, these could be signs that your PC has been infected with adware or another type of malware.

New sluggish behavior

Computers can become sluggish for a number of reasons, including having too many browser tabs open at once or running a memory-intensive program. But you’ll typically know your computer and the types of things that slow it down.

If you notice new sluggish behavior that is out of the ordinary, this could be an infection. One example would be if you don’t have any programs open except notepad or another simple app, and yet you experience freezing.

When malware is running in the background, it can often eat up system resources and cause your system to get sluggish.

Applications start crashing

Applications should not just crash out of the blue. There is always a reason. Either the software is faulty, there’s been an issue with an update, or something else may be messing with that application’s files.

If you suddenly experience apps crashing, requiring you to restart the app or reboot your system, this is another telltale sign that a virus, trojan, or other malicious code has been introduced.

Your browser home page changes

If you open your browser and land on a homepage that is not the one you normally see, have your PC scanned for malware right away. Redirecting a home page is a common ploy of certain types of malware.

The malware will infect your system and change the system setting for your default browser home page. This may lead you to a site filled with popup ads or to another type of phishing site.

Just trying to change your homepage back in your settings won’t fix the situation. It’s important to have the malware removed as soon as you suspect something is wrong..

Sudden reboots

Another annoying trait of certain types of malicious code is to make your system reboot without warning.

This can cause you to lose the work you’ve just done and can make it difficult to get anything done. This may happen when malware is changing core system files behind the scenes.

With files corrupted, your system becomes unstable and can often reboot unexpectedly.

Missing hard drive space

If you find that a good deal of your hard drive space that used to be open is now gone, it could be a malware infection taking up your space. Some types of malware may make copies of files or introduce new files into your system.

They will cleverly hide, so don’t expect to see the word “malware” on a file search. Instead, the dangerous activities will usually be masked by a generic-sounding name that you mistake for a normal system file.

You run across corrupted files

If you open a file and find it corrupted, this could be a red flag that ransomware or another form of malware has infected your system.

While files can occasionally become corrupt for other reasons, this is a serious issue that deserves a thorough malware scan if you see it.

Get expert malware scanning and removal

Free online malware and virus scans aren’t very reliable. Instead, come to a professional like Tech Experts that can ensure your entire system is cleaned properly.

Malware Is Becoming Harder To Spot

According to new research, four in five malware attacks delivered by encrypted connections evade detection. And since two-thirds of malware is now arriving this way, it has the potential to be a big problem for your business.

This type of threat has already hit record levels and continues to grow. So, if you don’t yet have a response and recovery plan in place, now’s the time to create one.

It sits alongside your cyber security software protection and regular staff training. The plan details what you do in the event of a cyber-attack.

Having the right plan in place means all your people will know how to sound the alarm if something is wrong. It ensures downtime and damage are kept to an absolute minimum.

The faster you respond to an attack, the less data you should lose, the less it should cost you to put things right, and the faster you get back to work. Of course, you should also follow the usual security guidelines of making sure that updates and patches are installed immediately, and regularly checking your backup is working and verified.

Businesses that don’t place a high importance on their own cyber security planning are the ones hit hardest by such an attack.

Can we help you create your response and recovery plan? Call us.

Wiperware: New Malware That Shouldn’t Be Taken Lightly

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Any business can be a target for hackers who use ransomware. However, in recent months, a major new threat has emerged. The recent Petya attack was initially perceived to be another form of ransomware.

However, as the firms involved took stock in the aftermath of the events, it became apparent that the attack took the form of “wipeware,” code that is designed to completely destroy the files stored on any system.

What is wiperware?

Wiperware is designed with one goal in mind: total destruction. The malware asks users to install a software update and then it immediately takes control of the device. Once it has gained admin access, it completely overwrites all files on the device and in some cases the entire network. Any attached storage is also vulnerable, included USB external drives, memory sticks and network shared drives.

While the motivations behind Petya remain unknown, what is abundantly clear is that wiperware is a threat that needs to be taken very seriously. Here are a couple of things you can do right now. [Read more…] about Wiperware: New Malware That Shouldn’t Be Taken Lightly

Five Tips For Staying Ahead Of Malware

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Malicious software has become an everyday issue for many computer users, and it can have serious implications for your finances. To keep your information, data, and finances safe, you need to be aware of the common threats to your online security that exist and how you can protect yourself against fraudulent activity.

According to research from Kaspersky Security, malicious software, which is also commonly referred to as malware, impacted as many as 34.2% of computer users in 2015. But what is malware and how does it work?

Malware is somewhat different than computer viruses because instead of completely stopping your computer from operating, it sits quietly in your system stealing important and sensitive information.

It is estimated that over 1 million new forms of malware are released on a daily basis in the form of spyware, Trojan horses, phishing links, and ransomware. [Read more…] about Five Tips For Staying Ahead Of Malware

Yes, You Can Still Get Infected – Even With Anti-Virus

Scott Blake is a Senior Network Engineer with Tech Experts.

With the sudden release of a new variants of malware and ransomware such as CryptoWall, users are wondering why their anti-virus programs are not blocking the ransomware infection from infecting their computer.

As with many other forms of malware, the infection needs to exist before a cure or way to detect the threat can be created. This takes time and during this period of R&D, the malware spreads like wildfire.

While there are several forms and classifications of infections, there are basically only two different methods in which infections are released into your system: User Initiated and Self Extraction.

User Initiated infections are caused by a user clicking on a link within a webpage or email or by opening infected email attachment. Once opened, the malware is released and quickly spreads throughout your system.

Because the user manually clicked on or opened the link/document, most anti-virus programs receive this as an authorized override by the user and either internally whitelists the link/document or skips the scan.

CryptoWall is spread through this method, usually contained within an infected Word, Excel or PDF document. The creators of these programs take advantage of the programming of the document to hide the infection.

With the world becoming a paperless society, we are becoming more and more accepting of receiving and opening attachments sent to us through email. It has practically become second nature to just click and open anything we receive, regardless of any warning.

Self-Extracting infections are exactly what they’re named. These infections require no outside assistance to worm their way through your system, infecting as they go.

The number one method creators of this form use to place their software on your system is through “piggy back” downloads.

Red button on a dirty old panel, selective focus - virus

Piggy back downloads occur when you authorize the download and install of one program and other programs (related or unrelated to the original program) are automatically downloaded and installed with it. The most common way is by downloading programs promising to speed up your computer.

Infections can also exist on your system and lay dormant for long periods of time, waiting for the computer to reach a certain calendar day or time. These infections are called “time bomb” infections. Just like piggy back infections, they require no outside assistance to infect your system.

They are mostly found buried in the registry of the system or deep within the system folders. Because they are not active on the time of placement, most anti-virus programs will not detect them. Active reporting through toolbars is another means of becoming infected over time.

When a user downloads and installs a toolbar for their browser, they authorize at the time of install that it is okay to install and all of its actions are safe. However, most toolbars are actively scanning, recording, and reporting back to the creator. They also act have conduits for installations of other unwanted programs behind the scene.

If left unchecked, those additional programs can become gateways for hackers to gain access to your system and spread even more infections.

To help stop the spread of malware/ransomware such as CryptoWall and its variants, we need to become more vigilant in our actions when either surfing the Internet or opening email and attachments.

The best rule of thumb to follow for email is: if you don’t know the sender, or you didn’t ask for the attachment, delete it. As for websites, read carefully before you download anything and avoid adding toolbars.

Internet Security: Beware Of “Malvertising”

Michael Menor is Vice President of Support Services for Tech Experts.

As if Internet use wasn’t already troubled with cyber perils, users now have to add “malvertising” to the list of things from which they need to protect themselves.

“Malvertising,” like the name suggests, means “ads that contain malware.” Some mal-ads aren’t dangerous unless you click on them – but others can do “drive-by downloads,” sneaking their malware onto your computer simply because you’re viewing the page on which the ad appears.

While most malvertising is on websites, it can also show up on other ad-displaying apps, such as Facebook, Skype, some email programs, and many games.

The reason that malvertising is more of a problem than other malware approaches is that it can be spread through online advertising delivery networks like Google DoubleClick to legitimate sites that users routinely visit, like the New York Times, Huffington Post, and Yahoo, as well as routinely-used mobile apps that show ads. Malware-bearing ads can be “injected” either by hacking ads at the provider end or by buying and providing mal-ads. In most cases, there’s no way for a user to tell just by looking that an ad has been compromised.

The Potential Damage
The dangers of advertising-delivered malware are the same as those from malware you get any other way. Malware can steal account usernames and passwords, bank and credit card information, and other sensitive data.

It can encrypt your data and “hold it for ransom.” It can, in turn, infect other computers on your network and turn your computer into a “zombie,” spewing out spam and malware to the Internet.

July_2015_MalvertisingLike other viruses and malware, malvertisements take advantage of security vulnerabilities on users’ computers and mobile devices. These may be anywhere from the operating system, to web browsers and other applications, to add-ons and extensions like Java, JavaScript, and Flash.

How do you know if your computer has been infected by malware? One sign is that your web browser shows unexpected pop-ups or seems to be running slower. But many malware infections remain “stealthy,” possibly even eluding anti-malware scans.

Legitimate ad creators and ad delivery networks are working on ways to detect and prevent malware from getting into the digital ads they serve. Otherwise, people have even more reason to not look at ads or block ads entirely.

But, assuming it can be done, this won’t happen for a year or more. The burden is on companies and individuals to do their best to protect their networks, computers, and devices.

What Can Companies and Users Do?
Although malvertising is a relatively new vector, the best security practices still apply; if you’re already doing things right, keep doing them. But what does “doing things right” look like?

  1. Avoid clicking on those ads, even accidentally.
  2. Maintain strong network security measures. Next generation firewalls at the gateway can often detect malware payloads delivered by ads, block the ads entirely, and/or detect communication from already-infected devices.
  3. Regularly backup systems and critical files so you can quickly restore to a pre-infected state if your systems and data are compromised.
  4. Deploy endpoint security software on every device so that it’s protected on and off the network.
  5. Ensure that all operating systems and client software (especially web browsers) are fully patched and up to date.
  6. If you suspect a computer has been infected, stop using it for sensitive activities until it’s been “disinfected.” Again, many security appliances can help you identify and quarantine infected devices.

It’s unfortunate that even more of everyday Internet use is potentially unsafe, but the steps to fend off malvertising are essentially security precautions that companies and individuals should already be following.