5 Minutes Guide to Malware

Malware is the new computer virus, the new worm, the new spam. In fact, malware is all of those and more. Malware is a genuine threat to your Web site, to your business, and to your customers. Malware leads to:

• Web site traffic loss – New customers are warned about your site and loyal customers stop coming back.
• Brand tarnishing – Your company's reputation – not just your Web site – is damaged.
• Consumer confidence erosion – Consumers will not trust your Web site, your business, or your products and services.

Instead of overt Internet vandalism and mayhem, today's malware criminals stealthily infiltrate Web sites and home computers for devious or illegal profit.

Their mission: Put malware on your site and spread the malware to your visitors for fraud and theft.

Your mission: Keep malware off your site and keep customers on your site!

Why should I care about malware?

Trust. Your customers and business partners trust that your Web site is safe. Malware on your site diminishes or eliminates that trust.

• Customers who are warned of or infected by malware on your site will no longer trust your site or your business. They may stop doing business with you through any means.
• If there is malware on your site, Web browsers like Internet Explorer and Firefox and search engines like Yahoo! and Google will show a warning that your site is dangerous when a customer tries to visit it (this is known as "blacklisting").
• Malware on your site can install malware on your customers' computers (known as "drive-by downloads"). Malware on your customers' computers can steal their personal information, track their keystrokes and activities, and spread viruses and more malware.

What is malware?

Malware is any computer program that is installed on a computer without the owner's knowledge, in order to deliberately damage the computer or perform illegal activities.

• Malware is short for "malicious software". Malware is related to the more well-known term "computer virus", but they are not exactly the same.
• Malware is a broad term used to refer to many different forms of hostile, intrusive, or annoying software, such as computer viruses, worms, trojan horses, rootkits, spyware, dishonest adware, and crimeware.

How is malware used?

For illegal profit, consumer deception, Web site vandalism, and other criminal activities.

• Adware shows pop-up ads on infected computers and the attackers collect payment based on the number of times the ads appear.
• Spam is the bulk junk mail that everyone gets in their Inbox. Spam can be sent from malware-infected computers. The attackers collect payment based on the number of emails sent or on responses to the sales or information requests in the emails.
• Identity Theft and Infostealing capture private information, such as usernames and passwords, credit card and banking information, or social security numbers. The attackers can use the stolen data directly to impersonate the theft victim, or sell lists of stolen data within their crime network.

Where does malware come from?

Like a computer virus, malware starts on a few computers and then spreads to many computers.

• To effectively distribute malware to as many computers as possible, the first goal of a malware attack is to infect your Web site.
• Unknown to you and the people who visit your site, the malware then installs more malware on the visitors' computers.
• Installation may be totally invisible to your site visitors – all a visitor needs to do is go to a certain page, and the malware can install on the visitor's computer. Installation may also be disguised as or packaged with a useful plug-in, which the visitor intentionally downloads and installs.

How do I prevent a malware infection? 

Keep your web server secure, clean, and backed up.

• Maintain an up-to-date backup server.
• Secure the Web server that hosts your Web site.
• Secure any applications or other code that is executed or distributed on your Web site.
• Know and trust the people who manage your Web site.
• Remove programs that are not needed.
• Do not use the server for other purposes, especially browsing the Web.
• Do not rely on commercial, off-the-shelf antivirus services to protect your Web site.
• See the Malware Best Practices article for more details on these prevention recommendations.
• also read important vulnerability basics