LSUHealthLogo

Office of Compliance Programs

Malware

Information Security Training on Malware

Revised February 7, 2017

Introduction

Welcome to LSUHSC-NO’s Information Security online tutorial on Malware. All employees, students, and affiliates of the University who use the LSUHSC IT Infrastructure in the course of their work or studies are required to complete this training on an annual basis.

Purpose

The primary goal of this tutorial is to help raise your awareness on how to recognize malicious software and take proper action to prevent its disruptive effects. LSUHSC cannot protect the integrity, availability, and confidentiality of its information without the informed participation and support of everyone! You are the last line of defense in identifying and eliminating malicious software. Training is the key to that defense so it is important that you stay up-to-date with your compliance training.

What is Malware?

Malware (short for “MAL"icious soft"WARE") is any software designed to infiltrate a computer system and perform actions without the user's informed consent. It can enter your computer or digital device as the result of clicking on website links, pop-up ads, toolbars, games, emails, or any other normal computer activity.

How Does Malware Infect a Computer or Digital Device?

What Can a Hacker Do If Your Computer Becomes Infected with Malware?

Motivation for Malware

Malware Perp Line Up

KNOW YOUR ENEMY!

Malware authors use several common tricks to install malicious software on your computer or digital device. Understanding the most common ways they do can help you stay protected. Examples of Malware include:

Viruses & Worms

Viruses are programs that copy themselves to a PC or laptop and install themselves without the user’s knowledge or consent. They can be transmitted as attachments to an e-mail or in a downloaded file, by clicking on a link to an infected website or be present on digital media such as:

A worm is a virus that replicates itself by resending itself as an e-mail attachment or as part of a network message. They usually take advantage of security holes in the operating system or software package.

Virus Infects UPS Stores

In August 2014, United Parcel Service announced that customers of UPS Stores in 24 states may have had their credit card information exposed by a computer virus. An investigation revealed that information on approximately 100,000 transactions had been compromised.

Spyware

Spyware

Spyware is the class of programs that:

New Keystroke Logger Old Keystroke Logger

Keystroke Loggers

There are two types:

Keystroke Logger Leads to Health Data Breach at Kentucky Hospital

On September 16, 2015, Muhlenberg Community Hospital was notified by the FBI of a keylogger cyberattack which lead to a health data breach. An investigation revealed that a software keylogger had been installed on several hospital computers and may have been on the computers as early as January 2012.

Data compromised included patient:

Compromised employee and contractor information included:

Rootkit

Rootkits

A Rootkit is software that enables continued privileged access to a computer while actively hiding its presence from the user by subverting normal operating system processes. They are made up of one or more programs designed to perform any of the following functions:

Rootkits are used by cybercriminals to:

Chinese Cybercriminals Breached Google Play To Infect Android Devices

In August 2015, a group of Chinese hackers uploaded a Brain Test app to the Google Play store. The app installed a rootkit which allowed the app to reinstall itself after the user deleted the app. The rootkit included a backdoor to allow its creators to install further malware. Somewhere between 200,000 and 1 million devices were believed to be infected. The rootkit can only be removed by re-flashing (i.e. perfoming a factory reset) the device.

Trojan

Trojans

Like their ancient Greek namesake, Trojans are programs that appear to be one type of program (e.g. a screensaver) but are hiding additional functions of which the legitimate user is completely unaware. These functions can include:

40 Million Credit Card Accounts Exposed in Attack on CardSystems Solutions

In June 2005, hackers compromised CardSystems Solutions database using an SQL Trojan attack. This attack inserted code into the database every few days through a browser page, placing data in a zip file and sending out via the Internet’s File Transfer Protocol. Hackers gained access to names, accounts numbers, and verification codes of 40 million credit card users.

Hybrid Malware

Different kinds of malware can be combined to create programs with new capabilities. For example, the replicating features of a virus can be combined with remote control features of a Trojan and the administrative functions of a rootkit to create a program that spreads like a virus, then “phones home” for instructions, then causes the victims computer to carry out those instructions.

Ransomware

A recent development in hybrid malware is Ransomware. The goal of ransomware is not to steal your data but hold it hostage. The hacker uses one of the previously discussed methods to install an encryption program on your PC. Once all the files are encrypted, the encryption keys are transmitted to the hacker and a message similar to the following is displayed:

Ransomware

(Click or Tap on image for expanded view)

Ransomware Facts

Signs of a Ransomware Attack

What To Do if Infected with Ransomware

Hospital Pays $17,000 for Ransomware Encryption Key

On February 5, 2016, employees of Hollywood Presbyterian Medical Center in Los Angeles reported being unable to get onto the hospital's network. The malware blocked access to certain systems, including the hospital’s electronic medical record, as well as electronic communications. The hospital staff had to revert to paper for all operations/communications. After trying for ten days to defeat the encryption, hospital executives agreed to pay the ransom of 40 bitcoin (approx. $17,000).

Zero Day Malware

Zero Day malware refers to brand new or previously unknown malware. Because zero day malware is new, anti-virus and spyware scanner programs that depend solely on signature recognition cannot provide any protection. In recent years, foreign governments and organized crime have joined the ranks of malware programmers in searching for new vulnerabilities in software. This has tremendously increased the resources available for researching and developing new types of malware. As a result, the occurrences of new malware are increasing at an alarming rate. The STUXNET virus that infected computers used in Iranian nuclear plants contained exploits from four previously unknown vulnerabilities in Microsoft’s Windows Operating System.

Suspicious Email

Suspicious email includes:

Steps to combat malware from infecting your computer by email include:

Frequently emails will try to trick the recipient into installing malware by:

The malware will take the form of either:

If You Suspect an Email is Suspicious, You Should:

Infected Websites

Malware can also infect websites. Any unprotected computer that browses an infected website will become infected. Even well-known and respected websites such as the NewYorkTimes.com and bbc.com have been infected.

Scareware

Scareware is a message designed to scare you into installing malware on your system. The following is an actual scareware message that is designed to look like a message from the Windows Security Center.

Scareware #1

(Click or Tap on image for expanded view)

The following Scareware message appears when surfing an infected website. It appears to be a warning from your anti-virus program. The message is a fake. The number of infections "found" is set to a large number deliberately (not 1 or 2 but 41!!!!!) to shock and scare the user. And who wants to "continue unprotected"? However, clicking on ANY of the buttons (including the “x” in the upper right corner) will cause malware to be installed on your system. The best course of action is to power off your system without "shutting down".

Scareware #2

(Click or Tap on image for expanded view)

How Can YOU Tell if a System Message is Scareware?

Ask yourself the following questions:

If any of the above are TRUE, then it may be Scareware. Call the Help Desk or your computer supporter to make sure.

Warning Signs YOUR Computer Might Be Infected

Contact your computer supporter or the Help Desk if you suspect your computer has malware installed.

How To Protect Yourself from Malware

Follow these steps to reduce the risk of your devices being infected with malware:

As a Recap

The ultimate defense is a well-informed user (like YOU)who can recognize malware and take the proper action.

If you are unsure about what to do, please ask for help. Contact your computer supporter or call the Help Desk (568-HELP).

Getting Help

If you have any questions, please contact the Office of Compliance Programs by: