Malwarebytes anti-malware для windows

What are the most common forms of malware?

Here are the most common offenders in the rogues’ gallery of malware:

  • Adware is unwanted software designed to throw
    advertisements up on your screen, most often within a web browser. Typically, it uses an underhanded method to
    either disguise itself as legitimate, or piggyback on another program to trick you into installing it on your PC,
    tablet, or mobile device.
  • Spyware is malware that secretly observes the
    computer user’s activities without permission and reports it to the software’s author.
  • A virus is malware that attaches to
    another program and, when executed—usually inadvertently by the user—replicates itself by modifying other computer
    programs and infecting them with its own bits of code.
  • Worms are a type of malware similar to
    viruses, self-replicating in order to spread to other computers over a network, usually causing harm by destroying
    data and files.
  • A Trojan, or Trojan horse, is one of
    the most dangerous malware types. It usually represents itself as something useful in order to trick you. Once
    it’s on your system, the attackers behind the Trojan gain unauthorized access to the affected computer. From
    there, Trojans can be used to steal financial information or install threats like viruses and ransomware.
  • Ransomware is a form of malware that locks
    you out of your device and/or encrypts your files, then forces you to pay a ransom to get them back. Ransomware has
    been called the cyber criminal’s weapon of choice because it demands a quick, profitable payment in
    hard-to-trace cryptocurrency.
    The code behind ransomware is easy to obtain through online criminal marketplaces and defending against it is very
    difficult.
  • Rootkit is a form of malware that
    provides the attacker with administrator privileges on the infected system. Typically, it is also designed to stay
    hidden from the user, other software on the system, and the operating system itself.
  • A keylogger is malware that
    records all the user’s keystrokes on the keyboard, typically storing the gathered information and sending it
    to the attacker, who is seeking sensitive information like usernames, passwords, or credit card details.
  • Malicious cryptomining, also sometimes called drive-by mining or cryptojacking, is an increasingly prevalent malware usually installed by a Trojan. It allows
    someone else to use your computer to mine cryptocurrency like Bitcoin or Monero. So instead of letting you cash in
    on your own computer’s horsepower, the cryptominers send the collected coins into their own account and not
    yours. Essentially, a malicious cryptominer is stealing your resources to make money.
  • Exploits are a type of malware that
    takes advantage of bugs and vulnerabilities
    in a system in order to allow the exploit’s creator to take control. Among other threats, exploits are linked
    to malvertising,
    which attacks through a legitimate site that unknowingly pulls in malicious content from a bad site. Then the bad
    content tries to install itself on your computer in a drive-by download. No clicking is necessary. All you have to
    do is visit a good site on the wrong day.

What is cybersecurity?

Cybersecurity, or computer security, is a catchall term for any strategy for protecting one’s system from malicious attacks aimed at doing things like hold your computer hostage, steal system resources (as in a botnet) record your passwords and usernames, and a whole host of other bad things. Such attacks might occur via your hardware (like a backdoor) or through your software (like an exploit).

Cybersecurity threats and their countermeasures are varied and nuanced nowadays, but the marketplace naturally strives for simplicity when communicating to consumers. This is why many people still see “viruses” as the biggest threat to their computer. In reality, computer viruses are just one type of cyberthreat that happened to be popular when computers were in their infancy. They’re far from the most common threat today, but the name stuck. It’s a bit like calling every disease a cold.

“For the most part, antivirus and anti-malware mean the same thing. They both refer to software designed to detect, protect against, and remove malicious software.”

How can I protect myself from malware?

Stay vigilant. Pay particular attention if you see a domain name that ends in an odd set of letters, i.e., something
other than com, org, edu, or biz, to name a few, as they can be an indicator for risky websites.

“Make sure your operating system, browsers, and plugins are always up to date.”

For all your devices, pay close attention to the early signs of malware infection to prevent them from burrowing in.

Make sure your operating system, browsers, and plugins are always up to date, because keeping your software patched
can keep online criminals at bay.

For mobile users, only download apps from Google Play Store (the App Store is the iPhone’s only choice). Every
time you download an app, check the ratings and reviews first. If it has a low rating and a low number of downloads,
it is best to avoid that app.

Do not download apps from third-party sources. The best way to make sure of this is to turn off this function on
your Android phone. Go to Settings on your Android device and open up the Security section. Here, make sure Unknown
Sources is disabled to avoid installation of apps from marketplaces other than the Play Store.

To keep their businesses safe, organizations can prevent malicious apps from threatening their networks by creating
strong mobile security policies and by deploying a mobile security solution that can enforce those policies. This is
vital in the business environment that exists today—with multiple operating systems at work under multiple roofs.

Finally, get yourself a good anti-malware program. It should include layered protection (the ability to scan and detect malware such as adware and spyware while maintaining a proactive real-time
defense that can block threats such as ransomware). Your security program should also provide remediation to correct
any system changes from the malware it cleans, so everything goes back to normal.

So before you take a hit on your PC, mobile, or enterprise network, hit back first by downloading a quality  cybersecurity and antivirus program, such as  Malwarebytes for Windows,  Malwarebytes for Mac,  Malwarebytes for Android, Malwarebytes for Chromebook, Malwarebytes for iOS, portable Malwarebytes, or one of  Malwarebytes’ business products. (It’s a good idea to get that flu shot too!)

Let’s talk Emotet malware

You may have heard about Emotet in the news. What is it: Ancient Egyptian king, your teenage sister’s favorite emo band? We’re afraid not.

The Emotet banking Trojan was first identified by security researchers in 2014. Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services—including other banking Trojans.

Emotet uses functionality that helps the software evade detection by some anti-malware products. Emotet uses worm-like capabilities to help spread to other connected computers. This helps in distribution of the malware. This functionality has led the Department of Homeland Security to conclude that Emotet is one of the most costly and destructive malware, affecting government and private sectors, individuals and organizations, and costing upwards of $1M per incident to clean up.

How do I get adware?

There are two main ways by which adware sneaks onto your system. In the first one, you download a program—usually freeware or shareware—and it quietly installs adware without your knowledge, or permission. That’s because the program’s author signed up with the adware vendor. Why? Because the revenue generated by the advertisements enables the program to be offered gratis (although even paid software from an untrustworthy source can deliver an adware payload). Then the adware launches its mischief, and the user learns there’s a price to pay for “free.”

“There are two main ways by which adware sneaks onto your system.”

The second method is just as insidious. You’re visiting a website. Maybe it’s a trusted site; maybe
it’s a sketchy one. Either way, it can be infected with adware, which takes advantage of a vulnerability in
the user’s web browser to deliver a
drive-by download. After it burrows in, the adware starts collecting your information, redirecting you to
malicious websites, and throwing more advertisements into your browser.

An ounce of prevention vs. a pound of cure

From desktops and laptops to tablets and smartphones, all our devices are vulnerable to malware. Given a choice, who wouldn’t want to prevent an infection instead of dealing with the aftermath?

Traditional antivirus alone is not up to the task, as evidenced by the regular stream of newspaper headlines reporting yet another successful cyberattack.

So what should you do to stay safe? What kind of cybersecurity software—antivirus or anti-malware—should one choose to address a threat landscape that consists of legacy viruses and emerging malware?

The fact is, traditional antivirus alone is not up to the task, as evidenced by the regular stream of newspaper headlines reporting yet another successful cyberattack. It is inadequate against emerging zero-day threats, allows ransomware to successfully hijack computers, and doesn’t completely remove malware. What’s needed is an advanced cybersecurity program that is flexible and smart enough to anticipate today’s increasingly sophisticated threats.

Malwarebytes for Windows fulfills this need for advanced cybersecurity (along with Malwarebytes for Mac, Malwarebytes for Android, and Malwarebytes business solutions). Malwarebytes products protect against malware, hacks, viruses, ransomware, and other ever-evolving threats to help support a safe online experience. Our AI-enhanced, heuristics-based technology blocks threats that traditional antivirus isn’t smart enough to stop.

For an additional layer of protection, consider Malwarebytes Browser Guard. It’s the browser extension that stops annoying ads and trackers. Plus, it’s the world’s first browser extension that blocks tech support scams.

Industry watchers have cited Malwarebytes for Windows for its role in a layered protection approach, providing reliable protection without degrading system performance. It removes all traces of malware, blocks the latest threats, and performs scans fast.

Regardless of the cybersecurity you choose, your first line of defense is education. Stay up to date on the latest threats and protection by making the Malwarebytes Labs blog a regular read.

How do I protect myself from adware?

Finally, even before all the above precautions, download a reputable cybersecurity program for your PC or mobile phone. Perform scans frequently, and keep your updates, well, up to date. Of course, we recommend any of our Malwarebytes family of anti-malware products as a prudent measure: Malwarebytes for Windows, Malwarebytes for Mac, Malwarebytes for Android, Malwarebytes for Chromebook, and Malwarebytes for iOS. By arming yourself with knowledge, and protecting yourself with a robust cybersecurity program, you can take the steps necessary for an adware-free life online.

See all our reporting on adware
at Malwarebytes Labs. 

How do I protect myself from spyware?

The best defense against spyware, as with most malware, starts with your behavior. Follow these basics of good cyber self-defense.

  1. Don’t open emails from unknown senders.
  2. Don’t download files unless they come from a trusted source.
  3. Mouse-over links before clicking on them and make sure you’re being sent to the right webpage.
  4. Use a reputable cybersecurity program to counter advanced spyware. In particular, look for cybersecurity that includes real-time protection.

A quick note about real-time protection. Real-time protection automatically blocks spyware and other threats before they can activate on your computer. Some traditional cybersecurity or antivirus products rely heavily on signature-based technology—these products can be easily circumvented by today’s modern threats.

You should also look out for features that block the delivery of spyware itself on your machine, such as anti-exploit technology and malicious website protection, which blocks websites that host spyware. The premium version of Malwarebytes has a solid reputation for spyware protection.

Digital life comes with ubiquitous dangers in the daily online landscape. Fortunately, there are straightforward and effective ways to protect yourself. Between a cybersecurity suite and commonsense precautions, you should be able to keep every machine you use free from spyware invasions and their malicious intent.

See all our reporting on spyware at Malwarebytes Labs.

If viruses aren’t as big of a threat anymore, why do I need cybersecurity?

Viruses are just one kind of malware. There are other forms of malware that are more common these days. Here are just a few.

  • Adware is unwanted software designed to throw advertisements up on your screen, most often within a web browser, but sometimes within mobile apps as well. Typically, it either disguises itself as legitimate, or piggybacks on another program to trick you into installing it on your PC, tablet, or mobile device.
  • Spyware is malware that secretly observes the computer user’s activities, including browsing activity, downloads, payment information, and login credentials, then reports this information to the software’s author. Spyware isn’t just for cybercriminals. Legitimate companies sometimes use spyware to track employees.
  • A keylogger, spyware’s less sophisticated cousin, is malware that records all the user’s keystrokes on the keyboard, typically storing the gathered information, and sending it to the attacker, who is seeking sensitive information like usernames and passwords, or credit card details.
  • A computer virus is malware that attaches to another program and, when triggered, replicates itself by modifying other computer programs and infecting them with its own bits of code.
  • Worms are a type of malware similar to viruses in that they spread, but they don’t require user interaction in order to trigger.
  • A Trojan, or Trojan Horse, is more of a delivery method for infections rather than an infection itself. The Trojan presents itself as something useful in order to trick users into opening it. Trojan attacks can carry just about any form of malware, including viruses, spyware, and ransomware. Famously, the Emotet banking Trojan started out as an information stealer, targeting banks and large corporations. Later, Emotet operated purely as an infection vector for other forms of malware, usually ransomware.
  • Ransomware is a form of malware that locks you out of your device and/or encrypts your files, then forces you to pay a ransom to get them back. Ransomware has been called the cybercriminal’s weapon of choice, because it demands a profitable quick payment in hard-to-trace cryptocurrency. The cybercriminals behind the GandCrab ransomware claimed to have brought in over $2 billion in ransom payments over the course of a year and a half.
  • A rootkit is malware that provides the attacker with administrator privileges on the infected system and actively hides from the normal computer user. Rootkits also hide from other software on the system—even from the operating system itself.
  • Malicious cryptomining, also sometimes called drive-by mining or cryptojacking, is an increasingly prevalent form of malware or browser-based attack that is delivered through multiple attack methods, including malspam, drive-by downloads, and rogue apps and extensions. It allows someone else to use your computer’s CPU or GPU to mine cryptocurrency like Bitcoin or Monero. So instead of letting you cash in on your computer’s horsepower, the cryptominers send the collected coins into their own account—not yours. So, essentially, a malicious cryptominer is stealing your device’s resources to make money.
  • Exploits are a type of threat that takes advantage of bugs and vulnerabilities in a system in order to allow the exploit’s creator to deliver malware. One of the most common exploits is the SQL injection.
  • Malvertising is an attack that uses malicious ads on mostly legitimate websites to deliver malware. You needn’t even click on the ad to be affected—the accompanying malware can install itself simply by loading and viewing the page in your browser. All you have to do is visit a good site on the wrong day.
  • Spoofing occurs when a threat pretends to be something it’s not in order to deceive victims in to take some sort of action like opening an infected email attachment or entering their username and password on a malicious site spoofed or faked to look like a legitimate site.
  • Phishing is a type of attack aimed at getting your login credentials, credit card numbers, and any other information the attackers find valuable. Phishing attacks often involve some form of spoofing, usually an email designed to look like it’s coming from an individual or organization you trust. Many data breaches start with a phishing attack.

What is adware?

Adware is unwanted software designed to
throw advertisements up on your screen, most often within a web browser. Some security professionals view it as the
forerunner of the modern-day PUP
(potentially unwanted program). Typically, it uses an underhanded method to either disguise itself as legitimate,
or piggyback on another program to trick you into installing it on your PC, tablet, or mobile device.

“Adware is unwanted software
designed to throw advertisements up on your screen.”

Adware generates revenue for its developer by automatically displaying online advertisements in the user interface
of the software or on a screen that pops up in the user’s face during the installation process. And
that’s when you start seeing dubious miracle weight loss programs, offers for get-rich-quick secrets, and
bogus virus warnings that invite your click. Also, you might experience new tabs opening, a change in your home
page, findings from a search engine you never heard of, or even a redirect to a NSFW website.

Mind you, it does happen that legitimate software applications do use online advertising, with ads that are
typically bundled within the program and that display in ways the program developer specified. Adware is an
altogether different kettle of rotten fish. You might download it without understanding its intent. Or it might
land on your PC by means of legitimate software within which it’s secretly buried. Whatever the path, it all
boils down to some program on your computer showing you advertisements that do not come from the websites you are
visiting.

Once adware hijacks your device, it might carry out all sorts of unwanted tasks. The software’s functions may be
designed to analyze the location and which Internet sites you visit, and then present advertising pertinent to the
types of goods or services featured there. While adware is more of a pesky nuisance than a harmful malware threat
to your cybersecurity, if the adware authors sell your browsing behavior and information to third parties, they can
even use it to target you with more advertisements customized to your viewing habits. And it doesn’t matter
whether you are using Chrome, Firefox, or other browsers: It affects all of them.

Here are a few typical telltale signs that you have adware on your system:

  • Advertisements appear in places they shouldn’t be.
  • Your web browser’s homepage has mysteriously changed without your permission.
  • Web pages that you typically visit are not displaying properly.
  • Website links redirect to sites different from what you expected.
  • Your web browser slows to a crawl.
  • New toolbars, extensions, or plugins suddenly populate your browser.
  • Your Mac starts automatically installing unwanted software applications.
  • Your browser crashes.

Stop annoying adware from spamming your device

Ads slowing your device down? Scan and remove adware that’s hiding on your device. Try Malwarebytes Premium free for 14 days.

How can I tell if my Android device has malware?

Fortunately, there are a few unmistakable red flags that wave at you if your Android phone is infected. You may be infected if you see any of the following:

  • A sudden appearance of pop-ups with invasive advertisements. If they appear out of nowhere and send you to
    sketchy websites, you’ve probably installed something that hides adware within it. So don’t click on
    the ad.
  • A puzzling increase in data usage. Malware chews up your data plan by displaying ads and sending out the
    purloined information from your phone.
  • Bogus charges on your bill. This happens when malicious software makes calls and sends texts to premium numbers.
  • A disappearing battery charge. Malware is a resource burden, gulping down your battery’s juice faster than
    normal.
  • People on your contact list report strange calls and texts from your phone. Malware replicates by spreading from
    one device to another by means of emails and texts, inviting them to click on the infected link it displays.
  • A phone that heats up while performance lags. For instance, there’s even a Trojan out there that invades
    Android phones with an installer so nefarious, that it can tax the processor to the point of overheating the phone,
    which makes the battery bulge, and essentially leaves your Android for dead.
  • Surprise apps on your screen. Sometimes you download apps that have malware piggybacked onto them for a stealthy
    installation. That happens because Android allows users to jump straight from Google Play to other marketplaces,
    like Amazon, which might have let a malware maker slip through.
  • Your phone turns on WiFi and Internet connections on its own. This is another way malware propagates, ignoring
    your preferences and opening up infection channels.
  • Further down, we’ll touch upon what you should do if your Android is infected. Plus, here’s a Malwarebytes blog article on securing your privacy on an Android.

Advancements in cybersecurity programs

Two relatively new forms of malware have helped drive the advancement of signature-less detection methods: exploits and ransomware. Though these threats are similar to others in many ways, they can be much harder to detect. Furthermore, once you’re infected, they can be almost impossible to remove.

Exploits get their name because they literally exploit vulnerabilities in a system, software, or web browser in order to install malicious code in a variety of ways. Anti-exploit measures were developed as a shield against this method of attack, protecting against Flash exploits and browser weaknesses, including new exploits that have not been identified or vulnerabilities for which patches have not yet been created.

Ransomware emerged on the malware scene to spectacular effect in 2013. Ransomware made a name for itself by hijacking and encrypting computer data, and then extorting payments as it held the data hostage. and even threatened to erase it if a deadline passed without payment.

Originally, both these threats resulted in the development of dedicated anti-exploit and anti-ransomware products. Since December 2016, Malwarebytes folded anti-exploit and malicious website protection into the premium version of Malwarebytes for Windows, and has since added anti-ransomware for even more advanced anti-malware protection.

How can I remove malware?

If you suspect malware—or you just want to be careful— there are a few steps you should take.

First, if you don’t already have one, download a legitimate  anti-malware program, such as  Malwarebytes for Windows,  Malwarebytes for Mac,  Malwarebytes for Android, Malwarebytes for Chromebook, or  one of our business products. Next, install it and run a scan. Programs like these are designed to search out and eliminate any malware on your device.

If your iPhone has somehow become infected with something nasty, things are a little trickier. Apple does not permit scans of either the iPhone’s system or other files. Your only option is to wipe your phone with a factory reset, then restore it from your backup (which you have, right?). You can also consider using security software that can screen and block scam calls and texts, such as Malwarebytes for iOS.

Who does Emotet target?

Everyone is a target for Emotet. To date, Emotet has hit individuals, companies, and government entities across the United States and Europe, stealing banking logins, financial data, and even Bitcoin wallets.

One noteworthy Emotet attack on the City of Allentown, PA, required direct help from Microsoft’s incident response team to clean up and reportedly cost the city upwards of $1M to fix.

Now that Emotet is being used to download and deliver other banking Trojans, the list of targets is potentially even broader. Early versions of Emotet were used to attack banking customers in Germany. Later versions of Emotet targeted organizations in Canada, the United Kingdom, and the United States.

“One noteworthy Emotet attack on the City of Allentown, PA required direct help from Microsoft’s incident response team to clean up and reportedly cost the city upwards of $1M to fix.”

How can I remove Emotet?

If you suspect you’ve already been infected by Emotet, don’t freak out. If your computer is connected to a network—isolate it immediately. Once isolated, proceed to patch and clean the infected system. But you’re not done yet. Because of the way Emotet spreads across your network, a clean computer can be re-infected when plugged back into an infected network. Clean each computer on your network one-by-one. It’s a tedious process, but Malwarebytes business solutions can make it easier, isolating and remediating infected endpoints and offering proactive protection against future Emotet infections.

If knowing is half the battle, head on over to the Malwarebytes Labs and you can learn more on how Emotet evades detection and how Emotet’s code works.

How does Emotet spread?

If a connected network is present, Emotet spreads using a list of common passwords, guessing its way onto other connected systems in a brute-force ­attack. If the password to the all-important human resources server is simply “password” then it’s likely Emotet will find its way there.

Researchers initially thought Emotet also spread using the EternalBlue/DoublePulsar vulnerabilities, which were responsible for the WannaCry and NotPetya attacks. We know now that this isn’t the case. What led researchers to this conclusion was the fact that TrickBot, a Trojan often spread by Emotet, makes use of the EternalBlue exploit to spread itself across a given network. It was TrickBot, not Emotet, taking advantage of the EternalBlue/DoublePulsar vulnerabilities.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *

Adblock
detector