Malware could be lurking in your computer — and you might not even know it. Viruses, spyware, ransomware and other malware attacks have become so sophisticated that they could be wreaking havoc on your systems without showing any signs — that is, until it's too late. Attackers stealthily plant malicious elements that work in the background, tracking behaviors, logging keystrokes, stealing data and even shutting down networks. Today, there are more ways than ever for malware to secretly make its way into your computers.
"There are two critical aspects where stealth comes into play," said Shel Sharma, director of product marketing at threat detection platform Cyphort. The first is how malware is delivered, and the second how it is detected, he said. "Malware may be delivered through a mechanism that the end user may not even realize they are using," Sharma said. Two examples are spearphishing and simply attacking normal Web browsing activities.
Spearphishing is a form of email fraud that spoofs emails, making it seem as though they come from trustworthy senders. These messages may contain links or attachments that deliver malware. One scenario is an email that comes from a trusted source whose email account was hacked or whose email address and sender name are made to look legitimate. [Best Antivirus Software for Business]
"The attachment may look safe to the user, and they may open it," Sharma explained. "Upon opening, the attachment will infect the computer."
Users can also unwittingly download malware when visiting trustworthy or seemingly trustworthy websites.
"Malware may be hosted on a popular website by hackers," Sharma noted. "When unsuspecting users go to the webpage, the code on the webpage takes advantage of a vulnerability in their browser and automatically downloads and executes the malware without knowledge of the user."
Additionally, malware can infect systems after users inadvertently install the malicious programs. "This is done by luring the user to download and run free software in the guise of games, security, etc.," Sharma said.
This is where antivirus products come in, which users anticipate will protect them and their systems.
"Savvy users use antivirus products to secure their devices," Sharma said. "Even if users download malware files, they expect the antivirus solutions to catch and eliminate the risk."
The problem, however, is antivirus software doesn't detect all malware.
"Antivirus solutions use virus' signatures to identify and eliminate [them]," Sharma said. "However, the new generation of malware uses evasive techniques so that there is no signature for it, and therefore antivirus solutions fail to identify it."
Furthermore, these problems are only growing.
"There are so many ways that a computer can be infected these days, it's almost a full-time job just to keep informed about all of them," said Benjamin Caudill, co-founder at Rhino Security Labs. "These so-called attack vectors multiply all the time, as new technologies are rolled out and the bad guys find ways to exploit them."
The increasing stealth and sophistication of malware attacks makes it more important than ever to understand how malware gains entry into your systems. Here are five ways malware is secretly infecting your computers.
[For a side-by-side comparison of the antivirus software, visit our sister site Top Ten Reviews.]
1. Online ads
Nowadays simply surfing the Web can be very dangerous. Most malware comes from legitimate websites because of poor passwords or software flaws. For example, malvertisements — online ads with malicious code hidden inside them — are popular methods to spread malware. Without even knowing it, your computer is infected upon visiting the website, following the advertisement display. — Bari Abdul, head of consumer business, Check Point Software Technologies
2. Malware and virus obfuscation and encryption
New malware can bypass antivirus tools when they are modified with encryption, or obfuscated. For example, let's say we have "malware.exe," which is detected by an antivirus tool. You might wonder if the same tool would also stop "malware-v1.exe." Both "malware.exe" and "malware-v1.exe" may function exactly the same, but the names are different, and "malware-v1.exe" might simply have an extra comment or description in it, such that the antivirus tool would not recognize it. If encryption and obfuscation are used for malware on a flash drive or in a business document, you could very well find yourself infected. Unfortunately, the best assumption is that you will become infected and that your company or antivirus tools will update with the newest detection and threat-management tools to catch, contain and eradicate the new viruses and malware as soon as they are recognized. — Duane Kuroda, senior threat researcher, NetCitadel
3. Social media
More than three-quarters of all malware and computer viruses are entering computers via social media. People inherently trust social media because the messages are received from friends and recognizable brands, which makes it the perfect avenue to exploit an unsuspecting individual. Social is now the world's largest attack surface and medium combined. — James C. Foster, CEO and co-founder, ZeroFOX
4. Mobile malware
Cybercriminals have developed an app for Android phones, which they posted on Google Play labeled as a utility app. What it really did, however, was load up the phone's memory with malware. The next time that phone was connected to a computer, the malware would activate and infect the computer. — Benjamin Caudill, co-founder, Rhino Security Labs
5. User stubbornness
Viruses, malware and spyware are ultimately about human faults, not software faults. The vast majority of people have heard they should not click on strange attachments or links in email. Most know that, shall we say, sites of ill repute are riddled with bad stuff, and they continue to use them. The vast majority of people have also been told to eat right and exercise, too, but don't always follow those guidelines, either. The biggest secret to why computers keep getting infected is that people don't follow basic best practices, and that's not really a secret at all to security professionals. — Jonathan Sander, strategy & research officer, STEALTHbits
Originally published on Business News Daily.