Friday Night Wiki
TopicsAbout
Buy me a coffee
Cybersecurity

Malware and Protection

Understanding, preventing, and recovering from malicious software.

What Is Malware

Malware is any software designed to harm you or your devices. It's an umbrella term covering many types of threats.

Malware TypeWhat It DoesImpact
VirusAttaches to files, spreads when executedCorrupts files, spreads to others
WormSelf-replicates across networksConsumes resources, spreads rapidly
TrojanDisguises as legitimate softwareProvides attacker access
RansomwareEncrypts files, demands paymentLoss of data, financial extortion
SpywareMonitors your activityPrivacy invasion, credential theft
AdwareDisplays unwanted advertisementsAnnoyance, performance impact
KeyloggerRecords keystrokesCaptures passwords, messages
RootkitHides deep in systemPersistent, hard to detect
CryptominerUses your computer to mine cryptocurrencySlows system, increases power bill

How Malware Spreads

VectorExamplePrevention
Email attachments"Invoice.pdf.exe"Don't open unexpected attachments
Malicious downloadsFake software updatesDownload from official sources only
Drive-by downloadsCompromised websitesKeep browser updated
USB drivesFound/borrowed drivesDon't plug in unknown drives
Pirated software"Free" premium softwareUse legitimate sources
Malicious adsMalvertisingUse ad blocker
Fake appsImpersonation in app storesCheck reviews, developer info
Software vulnerabilitiesUnpatched systemsKeep everything updated

Ransomware

Ransomware is one of the most damaging threats to individuals and families.

How Ransomware Works

StageWhat Happens
InfectionMalware installed via phishing, exploit, or download
ReconnaissanceScans for valuable files
EncryptionLocks your files with attacker's key
Ransom demandPay in cryptocurrency or lose files
TimerPressure to pay quickly
Data theftModern ransomware also steals data first

Ransomware Prevention

ActionWhy It Helps
Regular backups (3-2-1 rule)Restore without paying
Offline backupsRansomware can't encrypt disconnected drives
Update all softwarePatches vulnerabilities used for infection
Email cautionMost ransomware arrives via phishing
Antivirus/antimalwareDetects known ransomware
Limit admin accessReduces damage scope

If You Get Ransomware

DoDon't
Disconnect from network immediatelyPay the ransom (usually)
Document everythingTry to negotiate
Report to authoritiesDelete the ransomware note
Check for free decryptorsAssume data is lost
Restore from backupRestore to infected system

Free decryptor resources:

  • NoMoreRansom.org
  • ID Ransomware (id-ransomware.malwarehunterteam.com)

Should You Pay the Ransom

ConsiderationsReality
No guarantee of decryptionSome attackers take money and disappear
Funds criminal enterpriseEncourages more attacks
May be targeted againKnown to pay = attractive target
Some data may be lost anywayDecryption isn't always complete
Legal issues in some casesPaying certain groups may violate sanctions

General advice: Don't pay if you have backups. Consult professionals and authorities.

Spyware and Stalkerware

Spyware Types

TypePurposeConcern Level
Commercial trackingAdvertising dataModerate (privacy)
KeyloggersCapture passwordsHigh
Screen recordersSee all activityHigh
StalkerwareIntimate partner surveillanceCritical
Government spywareSurveillanceVaries by country

Signs of Spyware

SymptomPossible Cause
Battery draining fasterBackground monitoring
Increased data usageSending data to attacker
Phone gets hot when idleHidden processes running
Unfamiliar appsMonitoring software installed
Settings changedSomeone else has access
Device slower than normalMalware consuming resources

Stalkerware Concerns

If you suspect an abusive partner installed monitoring software:

DoDon't
Seek help from domestic violence resourcesImmediately remove it (may alert abuser)
Use a safe device to researchAssume you're not being monitored
Document evidenceConfront abuser without safety plan
Contact law enforcement if safeUse shared accounts for sensitive communication

Resources:

  • National Domestic Violence Hotline: 1-800-799-7233
  • Coalition Against Stalkerware: stopstalkerware.org

Antivirus and Antimalware

What Protection to Use

PlatformBuilt-in OptionThird-Party Options
Windows 10/11Microsoft Defender (good)Bitdefender, Norton, ESET
macOSXProtect (basic)Malwarebytes, Bitdefender
AndroidPlay Protect (basic)Bitdefender, Norton
iOSLocked-down systemGenerally not needed
LinuxClamAV (basic)ESET, Sophos

Choosing Security Software

FeatureWhy It Matters
Real-time protectionBlocks threats before execution
Regular updatesDetects new threats
Low system impactDoesn't slow down your computer
Ransomware protectionExtra defense against file encryption
Web protectionBlocks malicious websites
ReputationProven track record

What Security Software Won't Do

MisconceptionReality
Block all malwareNew threats can slip through
Protect against phishing clicksCan warn but can't stop you
Fix all vulnerabilitiesUpdates still required
Remove advanced rootkitsMay need full reinstall
Prevent social engineeringHuman judgment still needed

Safe Downloading Practices

Software Sources

SourceSafetyNotes
Official developer websiteBestVerify URL carefully
Official app storeVery goodStill check reviews
Package manager (Linux)Very goodMaintained repositories
Reputable download sitesModerateMay include bundled software
Torrent/pirate sitesDangerousHigh malware risk
Random websitesDangerousOften malware distribution

Verifying Downloads

Verification MethodWhat It Does
Check URL carefullyEnsure official site
Verify file hashConfirm file wasn't modified
Check digital signatureConfirm legitimate publisher
Scan with VirusTotalMultiple antivirus check
Read recent reviewsOthers may report issues

Browser Extension Safety

Safe PracticesRisky Behaviors
Install from official storeInstall from random websites
Check permissions requestedGrant all permissions blindly
Read reviews and ratingsInstall first thing you find
Limit number of extensionsInstall many extensions
Remove unused extensionsLeave old extensions installed

Keeping Systems Updated

Why Updates Matter

Update TypeWhat It Fixes
Security patchesKnown vulnerabilities
Bug fixesPotential exploit entry points
Feature updatesSometimes include security improvements
Definition updatesNew malware signatures

What to Keep Updated

ComponentUpdate Frequency
Operating systemEnable automatic updates
Web browserEnable automatic updates
Antivirus definitionsAutomatic, multiple times daily
Other applicationsCheck weekly
Router firmwareCheck monthly
IoT devicesCheck when available

Update Best Practices

DoDon't
Enable automatic updatesDelay updates indefinitely
Restart when promptedIgnore restart requests
Update all devicesForget about tablets, phones
Check for router updatesAssume router updates itself
Verify update authenticityClick popup "update" warnings

Recovering from Malware

If You Suspect Infection

StepAction
1. DisconnectRemove from network (unplug ethernet, disable WiFi)
2. Don't panicAssess calmly, document what happened
3. Boot safelySafe mode or from clean media
4. Scan thoroughlyUse multiple antimalware tools
5. Change passwordsFrom a clean device
6. Monitor accountsWatch for unauthorized activity

Malware Removal Tools

ToolUse Case
MalwarebytesGeneral malware removal
HitmanProSecond opinion scanner
ESET Online ScannerBrowser-based scan
Kaspersky Virus RemovalStandalone removal tool
Windows Defender OfflineBoot-time scan for Windows

When to Reinstall

ScenarioRecommendation
Ransomware infectionWipe and restore from backup
Rootkit detectedFull reinstall recommended
Persistent reinfectionWipe, reinstall, check for root cause
Unknown infection severityConsider reinstall to be safe
Sensitive data at riskReinstall for certainty

Malware Prevention Checklist

Daily Habits

PracticeBenefit
Think before clickingAvoid phishing and malicious downloads
Keep antivirus runningReal-time protection
Don't run unknown softwareAvoid trojan infections

Weekly Tasks

TaskPurpose
Run full antivirus scanCatch anything missed
Check for software updatesPatch vulnerabilities
Review installed programsRemove unfamiliar software

Monthly Tasks

TaskPurpose
Update router firmwarePatch network vulnerabilities
Verify backups workEnsure ransomware recovery
Review browser extensionsRemove unused, check permissions

Special Malware Concerns

Cryptominers

SignsImpact
High CPU usage when idleShortened hardware lifespan
Computer runs hotHigher electricity bills
Fans running constantlySlower performance
Battery drains quicklyMobile device unusable

Browser-Based Threats

ThreatPrevention
Malicious websitesUse browser protection, update browser
Cryptojacking scriptsUse script blocker, uBlock Origin
Fake download buttonsLook carefully, use ad blocker
Browser hijackingReview and remove bad extensions

Fake Antivirus (Scareware)

SignsWhat to Do
Popup saying you're infectedDon't call the number
Demanding payment to "clean"Close browser, run real scan
Can't close popup easilyForce quit browser
Fake scan resultsIgnore, use legitimate antivirus

Key Takeaways

  1. Backups are your best ransomware defense - 3-2-1 rule: 3 copies, 2 media types, 1 offsite
  2. Keep everything updated - Most malware exploits known, patched vulnerabilities
  3. Download from official sources only - Pirated software is a major infection vector
  4. Built-in protection is often sufficient - Windows Defender is good for most users
  5. Don't run unknown software - Verify source before executing anything
  6. Browser protection matters - Ad blockers and safe browsing prevent many infections
  7. Disconnect if infected - Limit spread and data theft
  8. Multiple scans are better - No single tool catches everything
  9. When in doubt, reinstall - Complete reinstall guarantees clean system
  10. Stalkerware is abuse - If you're in this situation, seek help safely