We need to talk about IT ... Malware reloaded

A couple of weeks ago we looked at how malware operates and it's seven step kill-chain. This week we are going to look at the two responses we need that cover the entire malware kill chain: Defend and Detect.


This covers the first two links in the kill chain: recon and lure. It requires no special software or training, just simply awareness and some basic principals. The aim of defend is not get your system infected in the first place. To reduce your vunerability to the recon stage we need to look at our online presence to see what information attacks can retrieve from the Internet. Social media sites such as Facebook, Twitter and Linkedin essentially trade your personal information for the ability to use their services. They then publish this information so other people can find you and also so they can sell targeted advertising. The amount of information they can share is controlled by two factors, what information you give them in the first place, and your privacy settings. Before you sign up for a social media site or if you are already a member we highly recommend checking what information you are putting online.

Sometimes it is innocuous information that can be used for a malicous purpose. So for example: saying who your mum is on Facebook gives an attacker that information, and from that, an attacker can look at her profile which may include her maiden name - a security question often used for banks - information which is now in the attackers hands. 

It is also prudent to check which parts of your profile are publicly accessible and what is private, only to be shared with friends.

When battling the lure stage, the key here is to be suspicious of things that dont quite seem right. With emails, check the spelling and grammar of emails from big companies, check the email that they are sending from is the offical one, hover over links to see where the link goes before clicking it. If you are still unsure about a link check with the sender via another form of communication to see if it is valid. So don't be afraid to call up your bank or email your friends to see if they did send that email to you. When clicking links on social media it's always worth being prepared to close the page if it seems to be redirecting you through many sites or if it prompts you for an update to a bit of software (i.e flash or java). After all, you can always run flash or java updates from their respective websites.

As the old adage goes, 'if it sounds too good to be true, it probably is!' So be suspicious of emails saying you have won the Nigerian national lottery - especially considering you never entered!


So the first part is to try and avoid getting infected in the first place, the second response is to detect. This has two key facets: detecting and disabling threats that are on your system and removing malware from an already infected system.

So how do we do this?
There are two types of software that you need to help protect you:


These are low overhead - meaning that they don't use up masses of system resources - applications that detect other application signatures and stop the dangerous ones from running. They act when you accidentally click the link in that dodgy email or agree to the suspicious java update. They also have scans to check all your files to makes sure nothing untoward is on your system. 

There are a plethora of antivirus programs on the market to choose from and it is up to you which one to use, however, there are a couple of things that are worth noting when making you decision:

1. Got a Mac? Get Antivirus

In the late 2000's Apple ran a series of ad's saying how Mac's don't get viruses. Things have changed since then and now the popularity of Mac's and their use by lots of creative industries have now put them squarely in the attackers minds, their niche status had previously left them significantly untroubled by malware. We highly recommend getting some kind of antivirus for your mac, Sophos do a great free option that we, aat Maven, highly recommend. 

2. Consider free options

As we mentioned with the Mac antivirus we highly recommend a free option, the same is true for windows machines. Sophos do great windows antivirus as well as looking at both Avast and Microsoft Security Essentials each provide reliable free options.

Anti Malware

These programs have much higher overheads, as they scan processes and system activity in real time; so it is not advisable to run these constantly. They act to root out and remove malware from an infected system. You only really need to run an Anti Malware programme if your antivirus can't get rid of the problem, a couple we would suggest are ADW cleaner and Malware Bytes. Malware Bytes also has a Mac version should you need to get rid of anything.

With the defend and detect mentality you should be protected against most threats, although it is always worth making sure your files are backed up as nothing gets rid of Malware like formatting a hard drive and a clean install of an OS!

So hopefully these tips will keep you virus free, after all, technology should work for you, not against you.