How does malware infect my computer?
File-based malware infections are typically caused by; someone clicking a link in an email or a fake alert message, visiting a malicious website, inserting an infected USB stick or unintentionally downloading the malware alongside other software. Perhaps from file-sharing services or free software download sites. Once the malware has been downloaded to the user’s computer, it will carry out whatever instructions have been encoded within it.
Fileless malware uses similar infection techniques. A typical scenario might be an email with a password protected zip file attachment that contains a macro and executes code, which in turn connects to a malicious host, downloads and executes malware and then deletes any files or other traces created in the process.
The person receiving the email is persuaded by the content of the email to not only use the password provided in the email, but to enable macros. This persuasion is known as social engineering, similar to typical phishing attacks, and works like this:
- The email pretends to come from an authority, such as HMRC or DVLA, or suggests that the attachment contains sensitive information or embarrassing photos, to persuade the recipient that they should open it.
- When they try to open the attachment, it presents a fake alert, informing the recipient that the attachment was created in an earlier version of the application. This alert looks convincing, and indicates that the user should click ‘enable content’ to be able to see the document. This, of course, will enable macros, and the cascade of infection begins.
How can I tell if my computer has been infected?
Symptoms of malware infection will depend on what the program was intended to do. Sometimes there will be no symptoms at all, but you might notice one or more of the following:
- You may have noticed that your computer has slowed down. This might not indicate malware (there are other reasons why this might happen), but it could be that malware is consuming the available resources and causing the poor performance.
- Your computer is working too hard (you can hear unusual noise from the fan). This usually means that something is using your computer resources intensively—and if it’s not you, it might be malware.
- Your computer crashes, won’t start or shut down properly, or is otherwise unresponsive. This could be due to malware, but there might be other reasons too, such as a hardware failure.
- Your internet connection may be slower than usual. Check there are no downloads running in the background and no-one gaming or watching videos. If there are no such resource-intensive activities going on, then malware might be using your bandwidth for its own purposes.
- You might be using your data allowance on your mobile device quicker than usual. If you’re not doing anything different, malware might be using your data allowance for its own purposes.
- Sometimes you’ll see additional ads popping up, there might be unexpected extensions added to your browser, or even unexpected programs. This could be due to subsets of malware known as adware or bloatware. These types of malware add unwanted programs to your computer.
- You might see threat warnings from antivirus programs that you don’t recognise. These might be genuine messages from an unwanted program that you didn’t intend to install, but was bundled with one that you did want, or the alerts may be trying to get you to click on a dodgy link.
- Your browser might open websites that you didn’t expect or want to visit. These are typically malicious sites and will ask for your personal information, or will add further infections to your computer.
- Your contacts may be getting spam messages that appear to be from you (but are being sent by malware).
- Your security programs have been disabled or deleted.
- You might not be able to get at some files and there might be a warning that your data has been encrypted.