Malware

What is malware?

Malware stands for “malicious software.”
It refers to a program or part of a program designed to perform harmful actions and/or extract private data. In German it is often called “Schadsoftware.”

The term is very broad and therefore divided into several categories:

Virus

A virus is a small program or chain of commands that is inserted into already installed software.
When the infected program is executed, the virus is executed as well.

A virus usually consists of two parts:

• Infection component – ensures that the code is inserted into other software and spreads the virus.

• Payload component – the actual malicious part that performs harmful actions.

Worm

A worm is a subtype of a virus.

Unlike a virus, a worm does not need to attach itself to existing software.
It can replicate itself independently and execute its malicious payload on its own.

Trojan (Trojan horse)

A Trojan appears to be harmless or useful software.

However, it contains hidden functions that the user is unaware of.
These functions are often backdoors, which make it easier for attackers to access the system or allow other malware to execute harmful actions.

Ransomware

Ransomware (ransom software) is also called an encryption trojan.

This type of malware encrypts files on a system or an entire network.
Victims are then asked to pay money to the attacker to regain access to their files.

Payment is often requested using cryptocurrencies to remain anonymous.

Adware

Adware is malware that continuously displays advertisements to the user, often as pop-up windows.

Adware often appears together with Trojan malware.

Spyware

Spyware aims to collect as much information about users as possible.

This can happen through:

• reading files on the system

• accessing connected devices such as webcams

How does malware spread?

• Email

Traditional email is still the most important distribution channel for malware today. The constant accessibility through push notifications and the ability to send large numbers of emails very quickly make this method particularly attractive. For example, infected Word files can be sent as attachments via email. Alternatively, users may be tricked into clicking on a malicious link.

• Direct download

Since Trojans disguise themselves as useful software, they may already be offered as public downloads that contain malware. Alternatively, some websites offer legitimate free software but only provide it through download managers. These downloaders may install additional software alongside the desired program, such as adware or spyware.

• Loading active content on a website

Websites have several ways to execute code actively. In addition to JavaScript, which is an essential programming language for websites, there are other technologies such as Java Web Start or Microsoft Silverlight. Security concerns regarding JavaScript are generally very low because code written in this language runs isolated from the rest of the system. Java Web Start and Microsoft Silverlight are not inherently insecure, but these technologies are outdated and no longer receive security updates.

• External storage devices (USB sticks found on the street)

Even simple USB sticks can lead to a system being infected.

One variant is the so-called Rubber Ducky. It is a small programmable chip that looks like a USB stick. However, once it is connected, the system recognizes the device as a keyboard. The attacker can configure the keystrokes in advance that will be executed when the device is connected. In this way, the device can be set up to install malware via the command line.

Another variant is the USB Killer. This device also looks like a normal USB stick. When it is connected to a system, it charges itself with electrical voltage. After a short time, it releases the entire voltage back into the device, which can physically damage the system.

How can I protect myself from malware?

We have established a few rules that can increase protection against malicious software:

Tip: Do not apply these tips only to your personal computer. Your smartphone, tablet, and other devices are just as vulnerable to malware.

Antivirus software: Always use your system with an active antivirus program, at least a free one such as Windows Defender.

Updates: Regularly update your operating system, browser, antivirus program, and other software.

File extensions: Sometimes the actual file extension is overlooked. Malware may appear to be a simple Word document but is actually an .EXE file.

Office without macros: Microsoft Office provides macros that allow tasks within documents, spreadsheets, and other files to be automated. These macros are very powerful and are therefore often used to distribute malware. For this reason, only use Office documents with an “x” at the end of the file name, for example file.doc becomes file.docx.

Delete and report suspicious emails immediately. Do not click on links or download attachments from suspicious emails.

Do not connect unknown or found storage devices to your own device.

Do not connect unknown or found storage devices to your system.

Welches Antiviren-Programm sollte ich benutzen?

• Windows Defender

• Norton

• McAfee

• Bitdefender

• Kaspersky

Warning: Due to Russia’s war against Ukraine, the German Federal Office for Information Security (BSI) has issued a warning about using Kaspersky because of possible espionage and cyberattack risks.

• Avast

• Avira

Sources

Blaicher, Christian, et al. Information Security and Data Protection: Handbook for Practitioners and Companion Book for the TISP. dpunkt.verlag, 2024.

Schildt, Holger. IT-Grundschutz Compendium. eBook (PDF). Cologne: Reguvis Fachmedien GmbH, 2023.