- disrupting computer operation
- gathering sensitive information
- impersonating a user to send spam or fake messages
- gaining access to private computer systems
The majority of malware is criminal and is most often used to obtain banking information or login credentials for email or social media accounts. Governments, law enforcement agencies, and even private citizens use malware to circumvent encryption and to spy on users. With malware, an adversary can record from a webcam and microphone, disable the notification setting for certain antivirus programs, record keystrokes, copy emails and other documents, steal passwords, and more.
How Can an Adversary Use Malware to Target Me? Anchor link
The best way to deal with a malware attack is to avoid getting infected in the first place. But that might be difficult if your adversary has access to zero day exploits—attacks that exploit a previously-unknown vulnerability in a computer application. Think of your computer as a fortress; a zero day would be a hidden secret entrance that you do not know about, but which your adversary has discovered. You cannot protect yourself against a secret entrance you don’t know exists. Governments and law enforcement agencies stockpile zero day exploits for use in targeted malware attacks. Criminals and other actors may also have access to zero day exploits that they could use to covertly install malware on your computer. But zero day exploits are expensive to buy and costly to re-use (once you use the secret entrance to break into the fortress, it increases the chances that other people may find it). It is much more common for an attacker to trick you into installing the malware yourself.
There are many ways in which an attacker might try to trick you into installing malware on your computer. They may disguise the payload as a link to a website, a document, PDF, or even a program designed to help secure your computer. You may be targeted via email (which may look as if it’s coming from someone you know), via a message on Skype or Twitter, or even via a link posted to your Facebook page. The more targeted the attack, the more care the attacker will take in making it tempting for you to download the malware.
For example, in Lebanon, hackers targeted civilians with malware that was hidden in fake, trojanized versions of secure communication tools such as Signal and WhatsApp. Ethiopian dissidents, students, and human rights lawyers were targeted with spyware disguised as Adobe Flash updates and politically-themed PDF files. And Tibetan activists were targeted with malware hidden in a PDF file that was maliciously made to look as if it had been sent by another Tibetan activist.
So How Do I Protect Myself Against Malware? Anchor link
Use Antivirus Software
Antivirus software can be effective at combating cheap, “non targeted" malware that might be used by criminals against hundreds, or even thousands, of targets. However antivirus software is usually ineffective against targeted attacks, such as the ones used by the Chinese government hackers to compromise the New York Times. EFF recommends using antivirus software on your computer and your smartphone, though we cannot recommend any particular antivirus products as being superior to others.
Be Wary of Suspicious Attachments
The best way to avoid being infected with targeted malware is to avoid opening suspicious documents and installing the malware in the first place. People with more computer and technical expertise will have somewhat better instincts about what might be malware and what might not be, but well-targeted attacks can be very convincing.
If you are using Gmail, open suspicious attachments in Google Drive rather than downloading them—this may protect your computer from infection. Using a less common computing platform, like Ubuntu or ChromeOS, significantly improves your odds against many malware delivery tricks, but will not protect against the most sophisticated adversaries.
Run Software Updates
Another thing you can do to protect against malware is to make sure you are running the latest version of your software and downloading the latest security patches.
As new vulnerabilities are discovered in software, companies can fix those problems and offer that fix as a software update, but you will not reap the benefits of their work unless you install the update on your computer. It is a common belief that if you are running an unregistered copy of Windows, you cannot or should not accept security updates. This is not true.
Sometimes antivirus software won’t detect malware on your device, especially if the malware is new or unknown to antivirus authors. If this is the case you may still be able to find indicators of compromise. Indicators of compromise are signs or clues that your computer has been infected with malware. For example, you might notice the light near your webcam is on, even though you did not activate it yourself (though advanced malware may be able to turn your webcam light off). Another example: Facebook, Twitter, Microsoft, and Google will sometimes warn users if they believe your account has been targeted by state-sponsored attackers.
Other indicators are less obvious; you may notice your email is being accessed from an unfamiliar IP address or that your settings have been altered to send copies of all of your email to an unfamiliar email address. If you have the ability to monitor your network traffic, the timing and volume of that traffic might indicate a compromise. Another example: you might notice your computer connecting to a known Command and control server—the computers that send commands to machines infected with malware or which receive data from infected machines.
What Should I do if I Find Malware on my Computer? Anchor link
If you find malware on your computer, unplug your computer from the Internet and stop using it immediately.
Every keystroke you make may be being sent to an attacker. You may wish to take your computer to a security expert, who may be able to discover more details about the malware. If you’ve found the malware, removing it does not guarantee the security of your computer. Some malware gives the attacker the ability to execute arbitrary code on the infected computer—and there is no guarantee that the attacker has not installed additional malicious software while in control of your machine.
Log into a computer you believe is safe and change your passwords; consider every password that you typed on your computer while it was infected compromised.
You may wish to reinstall the operating system on your computer in order to remove the malware. This will remove most malware, but some especially sophisticated malware may persist. If you have some idea of when your computer was infected, you may reinstall files from before that date. Reinstalling files from after the date of infection may re-infect your computer.