Malware Explained, A followup to Phishing for Business!

Malware is a general term for malicious software, and is an ever increasing problem across the Internet. Cyber Criminals install Malware by exploiting security weaknesses in a web server to gain access to a web site. Malware includes everything from adware, which displays unwanted pop-up advertisements, to Trojan horses, which can help criminals steal confidential information, like online banking credentials.

To infect a computer through a web browser, the cyber criminal must accomplish two tasks. First, they must find a way to connect with the victim. Next, the attacker must install Malware on the victim’s computer. Both of these steps can occur very quickly and without the victim’s knowledge, depending on the cyber criminal’s tactics.

The following are some of the more common delivery methods of Malware:

• Software updates: Malware posts invitations inside social media sites, inviting users to view a video. The link tries to trick users into believing they need to update their current software to view the video. The software offered is malicious.

• Banner ads: Sometimes called “malvertising,” unsuspecting users click on a banner ad that then attempts to install malicious code on the user’s computer. Alternatively, the ad directs users to a web site that instructs them to download a PDF with heavily-obscured malicious code, or they are instructed to divulge payment details to download a PDF properly.

• Downloadable documents: Users are enticed into opening a recognizable program, such as Microsoft Word or Excel, that contains a preinstalled Trojan horse.

• Man-in-the-middle: Users may think they are communicating with a web site they trust. In reality, a cybercriminal is collecting the data users share with the site, such as login and password. Or, a criminal can hijack a session, and keep it open after users think it has been closed. The criminal can then conduct their malicious transactions. If the user was banking, the criminal can transfer funds. If the user was shopping, a criminal can access and steal the credit card number used in the transaction.

• Keyloggers: Users are tricked into downloading keylogger software using any of the techniques mentioned above. The keylogger then monitors specific actions, such as mouse operations or keyboard strokes, and takes screenshots in order to capture personal banking or credit card information.

Because of the potential damage caused by malware, Google, Yahoo, Bing and other search engines place any web site found with Malware on a blocked list, or “blacklist.” Once blacklisted, the search engine issues a warning to potential visitors that the site is
unsafe or excludes it from search results altogether. No matter how much search engine optimization you do, if your web site is blacklisted the impact to your business could be devastating. This blacklisting can occur without warning, is often done without your
knowledge, and is very difficult to reverse. Taking the proper measures to prevent search engine blacklisting is critical to the long-term success of any web site.

Business to Business (B2B) and Business to Consumer (B2C) has grown tremendously over the last decade. However the increasing use of the internet in everyday life has given the cyber criminals the opportunity to thrive. Malware is becoming more pervasive and jeopardizes the growth of e-commerce by fostering fears of compromised personal information. This leads to trepidation and sub-optimal results for online businesses. There needs to be an effective means to combat the use of malware if e-commerce is to reach its full potential.

Advertisements

Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: