Unfortunately the Internet isn’t as friendly a place as it used to be during its early days. Old threats like computer viruses and new threats like malware and sophisticated phishing attacks can make having an unprotected business a liability and a headache. We deploy enterprise grade anti-virus and anti-malware software from EmsiSoft, Trend Micro and MalwareBytes to monitor, protect, and actively eliminate threats when they are detected on a system and inside e-mail.
File sharing, e-mail attachments, and USB thumbdrives can all be purveyors of bad programs. Our managed services help protect you, your computer, and your business from the possible types of harm shown below.
A computer virus is a destructive program, meant to disable or impair a computer.Viruses can also be used to take control over a computer remotely and use it to send spam and other malicious internet traffic – this computer is now part of a “Botnet”. Botnets, often numbering in the hundreds-of-thousands of infected computers, are used by cyber-criminals to launch attacks against websites and send bulk spam to millions of recipients. There are a couple common types of viruses that can be installed on a computer:
- Trojan Horse: A virus that is installed without the user’s knowledge along with a “free” game, screensaver, tune-up utility, etc. The host program is used to lure the user into installing the virus without their knowledge. These types of viruses require user action to install them.
- Worm: This type of virus is commonly installed via an infected or malicious e-mail attachment or another program. The difference between this type of virus and a Trojan Horse is that it will propagate itself without user intervention. Typically it will e-mail itself to all the contacts in a user’s e-mail address book with a legitimate looking attachment that the recipients open and are then infected themselves, and the cycle continues.
Malware is a relatively new breed of computer software. It encompasses other types of malicious software such as “grayware”, “spyware”, “adware”, and “scareware”. This software generally does not harm a machine in obvious ways, but is still quite harmful on its own. There are many different types of malware, including the following:
- Grayware: This software has very little legitimate use, and can be used to access a computer remotely for numerous purposes that the user is generally unaware of.
- Spyware: This type of malware tracks a user’s actions, such as visiting websites and view advertisements, and uploads them to the spyware’s author. This information is then sold for marketing and other financial purposes. Spyware can also track login information to sites like social media, e-mail, and online banking. This information is also sold online to other cyber-criminals who then exploit it.
- Adware: One of the least harmful types, this software causes pop-up ads to appear at regular intervals on a user’s machine, even when they are not connected to the internet. This force feeding of computer advertisement is annoying and can be harmful to a computer.
- Scareware: This software is like adware, causing pop-ups but of a different sort. These messages are very ominous sounding and look like other warnings generated by the operating system. Messages include “Warning: Hard drive not found!”, “System Error! Download this utility to correct system errors”, and other such things. The messages normally prompt a user to visit a website and spend money to download a utility that will “fix” the ominous “errors” that don’t really exist. It effectively scares a computer user into buying a useless piece of software they think the system needs. This results in millions of dollars spent annually to fix problems that don’t exist and is a very lucrative business for online criminals.
A phishing attack will normally come in the form of an official looking e-mail or an official sounding phone call. The e-mail sender or the person on the other end of the phone call will be impersonating a member of an organization such as a bank. They may even know your name and account number, or another piece of personal information that they will use to make themselves appear privy to all your private information. Typically the e-mail or phone call will be regarding “suspicious activity” or “pending suspension” of your account. Many people in a panic will give the person all the information they want in order to help them fix the account issue, and they have just fallen prey to a phishing attack.
The first hint that this is a phishing attack is that the person will ask for your account password, pin, or passphrase – do not give these out over the phone or e-mail! For a suspicious phone call, simply tell the caller you will call the bank back and have them transfer you to their desk as a security precaution. For suspicious e-mails, phone your bank at the number listed on their official website (not the number listed in the possibly fraudulent e-mail) and ask them about the e-mail. They may ask you to forward the e-mail to them so they can investigate its validity and possibly track down the fraudsters.