Office of Compliance Programs


Information Security Training on Malware

Revised April 23, 2018


Welcome to LSUHSC-NO’s Information Security online tutorial on Malware. All employees, students, and affiliates of the University who use the LSUHSC IT Infrastructure in the course of their work or studies are required to complete this training on an annual basis.


The primary goal of this tutorial is to help raise your awareness on how to recognize malicious software and take proper action to prevent its disruptive effects. LSUHSC cannot protect the integrity, availability, and confidentiality of its information without the informed participation and support of everyone! You are the last line of defense in identifying and eliminating malicious software. Training is the key to that defense so it is important that you stay up-to-date with your compliance training.

What is Malware?

Malware (short for “MAL"icious soft"WARE") is any software designed to infiltrate a computer system and perform actions without the user's informed consent. It can enter your computer or digital device as the result of clicking on website links, pop-up ads, toolbars, games, emails, or any other normal computer activity.

How Does Malware Infect a Computer or Digital Device?

What Can a Hacker Do If Your Computer Becomes Infected with Malware?

Motivation for Malware

Malware Perp Line Up


Malware authors use several common tricks to install malicious software on your computer or digital device. Understanding the most common ways they do can help you stay protected. Examples of Malware include:

Viruses & Worms

Viruses are programs that copy themselves to a PC or laptop and install themselves without the user’s knowledge or consent. They can be transmitted as attachments to an e-mail or in a downloaded file, by clicking on a link to an infected website or be present on digital media such as:

A worm is a virus that replicates itself by resending itself as an e-mail attachment or as part of a network message. They usually take advantage of security holes in the operating system or software package.

Virus Infects UPS Stores

In August 2014, United Parcel Service announced that customers of UPS Stores in 24 states may have had their credit card information exposed by a computer virus. An investigation revealed that information on approximately 100,000 transactions had been compromised.



Spyware is the class of programs that:

New Keystroke Logger Old Keystroke Logger

Keystroke Loggers

There are two types:

Keystroke Logger Leads to Health Data Breach at Kentucky Hospital

On September 16, 2015, Muhlenberg Community Hospital was notified by the FBI of a keylogger cyberattack which lead to a health data breach. An investigation revealed that a software keylogger had been installed on several hospital computers and may have been on the computers as early as January 2012.

Data compromised included patient:

Compromised employee and contractor information included:



A Rootkit is software that enables continued privileged access to a computer while actively hiding its presence from the user by subverting normal operating system processes. They are made up of one or more programs designed to perform any of the following functions:

Rootkits are used by cybercriminals to:

Chinese Cybercriminals Breached Google Play To Infect Android Devices

In August 2015, a group of Chinese hackers uploaded a Brain Test app to the Google Play store. The app installed a rootkit which allowed the app to reinstall itself after the user deleted the app. The rootkit included a backdoor to allow its creators to install further malware. Somewhere between 200,000 and 1 million devices were believed to be infected. The rootkit can only be removed by re-flashing (i.e. performing a factory reset) the device.



Like their ancient Greek namesake, Trojans are programs that appear to be one type of program (e.g. a screensaver) but are hiding additional functions of which the legitimate user is completely unaware. These functions can include:

40 Million Credit Card Accounts Exposed in Attack on CardSystems Solutions

In June 2005, hackers compromised CardSystems Solutions database using an SQL Trojan attack. This attack inserted code into the database every few days through a browser page, placing data in a zip file and sending out via the Internet’s File Transfer Protocol. Hackers gained access to names, accounts numbers, and verification codes of 40 million credit card users.

Hybrid Malware

The differences among types of malware are becoming less important because most hackers don't restrict their code to just one type of malware. Most attacks use features of viruses, worms, Trojans, spyware, phishing, and bots. For example, the replicating features of a virus can be combined with remote control features of a Trojan and the administrative functions of a rootkit to create a program that spreads like a virus, then “phones home” for instructions, then causes the victims computer to carry out those instructions.


A recent development in hybrid malware is Ransomware. The goal of ransomware is not to steal your data but hold it hostage. The hacker uses one of the previously discussed methods to install an encryption program on your PC. Once all the files are encrypted, the encryption keys are transmitted to the hacker and a message similar to the following is displayed:


(Click or Tap on image for expanded view)

Ransomware Facts

Signs of a Ransomware Attack

What To Do if Infected with Ransomware

Hospital Pays $17,000 for Ransomware Encryption Key

On February 5, 2016, employees of Hollywood Presbyterian Medical Center in Los Angeles reported being unable to get onto the hospital's network. The malware blocked access to certain systems, including the hospital’s electronic medical record, as well as electronic communications. The hospital staff had to revert to paper for all operations/communications. After trying for ten days to defeat the encryption, hospital executives agreed to pay the ransom of 40 bitcoin (approx. $17,000).

Zero Day Malware

Zero Day malware refers to brand new or previously unknown malware. Because zero day malware is new, anti-virus and spyware scanner programs that depend solely on signature recognition cannot provide any protection. In recent years, foreign governments and organized crime have joined the ranks of malware programmers in searching for new vulnerabilities in software. This has tremendously increased the resources available for researching and developing new types of malware. As a result, the occurrences of new malware are increasing at an alarming rate. The STUXNET virus that infected computers used in Iranian nuclear plants contained exploits from four previously unknown vulnerabilities in Microsoft’s Windows Operating System.

Suspicious Email

Suspicious email includes:

Steps to combat malware from infecting your computer by email include:

Frequently, emails will try to trick the recipient into installing malware by:

The malware will take the form of either:

A hacker will often send a suspicious email will via a third-party file sharing service. This makes it more difficult to trace the email back to the hacker.

If You Suspect an Email is Suspicious, You Should:



You see the following email arrive in your inbox:

You know that Dr. Pond is the head of a sister agency with which LSUHSC-NO conducts business. You open the email and find the following:

You know of Dr. Pond but your office does not have any dealings with her. Her agency is not a part of LSUHSC so the "*External Email; Evaluate*" message is expected. A PDF file is attached. Should you open it?.


With money being so tight, we need to pay them promptly.


There's something that doesn't feel right.

Hover your mouse over or tap your finger on the box below to see the right answer. (Tap on any picture to make the answer disappear.)

There are several things about this email that raise suspicions:

The appropriate course of action is to contact Dr. Pond by some method other than email (e.g. by phone) to confirm that the email was actually sent by her. If it was not, send the email as "an attachment " to, and delete it from your Inbox.

Infected Websites

Malware can also infect websites. Any unprotected computer that browses an infected website will become infected. Even well-known and respected websites such as the and have been infected.


One of the signs of an infected website is a scareware message that pops up in the middle of your browsing. Scareware is a message designed to scare you into installing malware on your system. The following is an actual scareware message that is designed to look like a message from the Windows Security Center.

Scareware #1

(Click or Tap on image for expanded view)

The following Scareware message appears when surfing an infected website. It appears to be a warning from your anti-virus program. The message is a fake. The number of infections "found" is set to a large number deliberately to shock and scare the user. However, clicking on ANY of the buttons (including the “OK” in the lower right corner) will cause malware to be installed on your device. The best course of action is to power off your device. If you device is a Windows computer, power off without selecting the "Shut Down" menu option.

Scareware #3

(Click or Tap on image for expanded view)

How Can YOU Tell if a System Message is Scareware?

Ask yourself the following questions:

If any of the above are TRUE, then it may be Scareware. Call the Help Desk or your computer supporter to make sure.

Make sure your browser is set to always start from a home page selected by you and does not restore previously visited websites.

Warning Signs YOUR Computer Might Be Infected

Contact your computer supporter or the Help Desk if you suspect your computer has malware installed.

How To Protect Yourself from Malware

Follow these steps to reduce the risk of your devices being infected with malware:

As a Recap

Getting Help

If you have any questions, please contact the Office of Compliance Programs by: