Malware attacks critical business systems, customer data and intellectual property
Malware, short for malicious software, can easily be described as unwanted software that is installed in your system without your consent. Viruses, worms, and Trojan horses are examples of malicious software that are often grouped together and referred to as malware.
Recent Malware Statistics
- In 2010 there were 20 million new strains of malware created.
- The number of consumer complaints made to the Federal Trade Commission (FTC) about malware, spyware and adware more than tripled from 6,012 issues in 2009 to 22,813 in 2010, the FTC said in a report.
- The average number of new daily threats created jumped from 55,000 to 63,000 by the end of 2010.
- Approximately 51 percent of the Web’s daily top search terms lead to malicious sites.
*Source: Panda Labs, 2010 Report/2011 Q1 Report and Federal Trade Commission Consumer Sentinel Network Data Book/March 2011
An Often Undetected Threat
With so many people routinely surfing the Web, malware is often unwittingly spread across the Internet. Once you enter a compromised website, your system can easily be contaminated after clicking on malicious links present and malware can be installed on your computer without your knowledge.
Malware is an easy method of mass infection; compromising one website is easier than sending several emails. It targets all visitors/victims that visit a site and click on desirable links, converting their systems to act on the attacker’s behalf.
There are different types of malware (Maladvertising, SEO Poisoning, Typosquatting and Social Engineering) that can be distributed through code on a website. Once you’ve been exposed to an attack a download is activated through an exploit kit. That download can then infect a user’s computer to corrupt it, or steal information.
Malware Delivery Method Graph
Types of Malware
Malicious ads displayed on websites leading to Exploit Kits
Malicious attackers inject common search terms in an iframe script designed to send victims to other sites hosting malicious code. The search term and iframe redirect and get cached in search engines such as Google. Victims who click on the links are sent to sites hosting malicious code.
Also known as "URL hijacking," it is a form of cybersquatting which relies on typographical errors made by an internet user when typing a web address into a browser. If an incorrect website is entered, the user is led to a rogue website owned by a cybersquatter.
Make use of URL shorteners, or social network like-jacking to disguise malicious links
Drive-by downloads that can be activated simply by visiting a website with your browser. This is the most dangerous form of malware. No user interaction, or click, is needed to infect a user’s computer.
After installed on your system, this program will steal information to tunnel to outside parties (credentials, personally identifiable information (PII), espionage).
A rouge antivirus program designed to mislead people by posing as a legitimate antivirus program, but in reality it is only a fake version of the original software which gains access to a system with the help of bogus online scanners, insecure websites and Trojans.
Downloads additional malware to an infected user’s computer, without their knowledge or consent.
Negatively Impacts Your Reputation and Personal Data
Cyber criminals can also attempt to access your personal information by monitoring your computer’s activity. Your computer could be controlled to visit websites or partake in mass attacks without your knowledge. Malware can steal your identity or cause your computer to crash.
Once a website is listed as housing malware, that is, unsafe to visit, it tarnishes the business' brand and can have a negative impact on website traffic. Depending on the industry, a decline in website traffic can equate to a decline in revenue.