How can malware affect application software

What is malware?

A wide variety of malicious programs that endanger the security and functionality of your computer system can be summarized under the umbrella term of malware. Most malware is automated software that spreads undirectedly through security loopholes and careless user behavior. The purpose is to carry out functions that the user does not want or to damage the infected computer system.

The development and use of malware can pursue different goals: Websites that are infected by malware can, for example, be misused by third parties to automatically distribute spam and malware or automatically redirect visitors to phishing sites. Spyware and adware can be used to espionage unnoticed and collect data for marketing purposes, while ransomware blackmail users or viruses make the whole system inoperable. Every computer and every website is a potential target and should be protected accordingly. The threat scenarios are diverse, which underscores the importance of secure web hosting.

So there are many reasons not to underestimate the risk of malware infestation and to minimize it. Dealing with the basic functionality of malware and the variable forms it can take is a first step.

The history of malware and today

The first malware was developed in the 1980s. It was a computer virus developed by researchers. The Internet had not yet been invented and computer technology was still a long way from having the system-relevant status that it would acquire in the following decades. Another legend from the National Institute of Standards and Technology (NIST) has it that the first computer virus called "Brain" was developed in 1986 by two brothers who were tired of customers simply making illegal copies of software from their store. Supposedly they developed the first virus that was passed on to the computer system when the floppy disks were copied.

What was a curiosity back then can cause irreversible damage today. The increasing digitization and networking of almost all areas of public and private life as well as large parts of the infrastructure gives malware an unprecedented potential for destruction. For a long time, the ultimate goal of malware was only to compromise end devices and web services such as online banking and other password-protected offers with sensitive customer data. With the relocation of more and more functions and information to the Internet and the increasing importance of user data, the Internet itself is a source of valuable information. Online shops, customer portals and profiles in social networks are also targets of malware. Adware & Co access valuable data and capitalize on it. This is where contact data is skimmed off, phishing e-mails are automatically sent or malware is hidden in files and programs offered for download. So the damage that malware can do today is immense.

How does malware work?

A malware attack on a computer, cell phone or website usually goes unnoticed by the user at first. The camouflaged malware carries out its unwanted functions in the background. Depending on the type of malware, these can influence the existing security software from antivirus programs and firewalls, manipulate or delete stored files or collect user data for advertising purposes. If the user notices an infestation due to malfunctions, damage has often already been caused. Targeted hacker attacks tend to be the exception. The majority of active malware attacks are carried out by automated software and are not targeted.

The prerequisite for the massive use of malware is the Internet. Closed systems can also be infected, but this requires an infection by a device that serves as a carrier for the malicious program. The Internet allows malware to spread endlessly after it has been injected once. Websites, social networks and e-mail inboxes serve as infrastructure for the malware. It is therefore in the interests of both the provider, with whom you, the customer, run your web hosting or server, and the user, to protect his web projects as well as possible.

How and whether a malicious program spreads in the system depends on the type and purpose of the malware in question. A classic virus program consists of three parts:

  1. An infection routine that ensures that the virus is successfully implanted in the system.
  2. A copy routine that writes the malicious program to other programs or files, thereby spreading the virus in the system.
  3. A status routine that ensures that programs or files that have already been infected are not attacked again.

Badly protected websites and e-mail inboxes can be turned into real malware slingshots, which is why website operators should always strive for up-to-date virus protection.

Types of malware

The computer virus known to everyone is the oldest form of malware, but it is by no means the only one. The forms that malware can take are as diverse as the ways in which they get into the respective system. In addition to computer viruses and worms, Trojans (also known as Trojan horses) and drive-by downloads, spyware, adware, scareware, ransomware, grayware and rogueware are the most popular forms of malware. Here is an overview of the different types of malware and how they work:

  • Computer worms or viruses are malicious programs that infect networks by automatically sending e-mails. Initially, the virus embeds itself in such a way that it is activated automatically when the system is restarted by infecting functions that are carried out automatically when the system is started. They spread by copying themselves and writing them into macro-enabled documents, programs, and media. If the program or document that contains the virus is opened, the malicious program is activated and begins to write into other programs or documents. Depending on the form and where the virus starts, a distinction is made between boot viruses, macro viruses, script viruses and file viruses. By forwarding infected files or sending them by e-mail, other PCs are infected and the malware continues to spread. Identifying the virus before it successfully executes its infection routine is critical to effective virus protection.
  • A Trojan horse or a Trojan horse is a program that pretends to perform a useful function in order to motivate the user to install the harmful program himself. Trojans are suitable as carriers of espionage software for recording passwords, TAN numbers, credit card IDs or user data.
  • A backdoor is a Trojan that gives hackers hidden access to the system. They can copy, change and delete files in the background, track keyboard entries or start programs.
  • Bots are programs that automatically perform certain repetitive actions in the background. This can be very useful, just think of search engines like Google & Co., which use bots to automatically search and index Internet websites. This way of working of the bots can also be used for dubious purposes, for example to take control of an entire computer system and, in the worst case, to remotely control the PC. The goal is often to spy out personal data such as bank account details or credit card numbers. Once they are on the PC, bots execute certain commands without the knowledge of the user. In so-called botnets, hackers infect several PCs with the same bot and thus allow remote control of the computer network created in this way.
  • Drive-by download is a more recent form of malware. The malicious software is also downloaded unnoticed when an infected file is downloaded. Simply calling up an infected website can also lead to the download of malware. This type of malware often exploits browser and website vulnerabilities.
  • Spyware and adware often spy on the computer and user behavior for the purposes of advertising, market research and data trading in order to subsequently place targeted advertising. These adware programs are often unknowingly installed with the installation of other useful software. Since they do not damage the functions of the system, they are also referred to as grayware in a trivial way. This is also the reason why this form of malware goes undetected the longest. It is difficult to completely uninstall spyware or adware. Individual fragments are often not identified and are often retained even after a supposedly successful uninstallation.
  • So-called rogueware, like a Trojan, pretends to be a useful security program and thus entices the user to download it. For this, the user is urged to buy or download the respective rogueware by means of so-called scareware with a fake reference to an alleged virus attack.
  • A particularly aggressive type of malware is so-called ransomware. These malicious programs block access to the operating system with the sole aim of blackmailing the user, usually for money in cryptocurrency. Ransomware has hit the headlines again and again in recent years when even large corporations and public institutions have been blackmailed in this way, including the mobile operator Telefónica, Deutsche Bahn and the British National Health Service.

These forms of malware mentioned here do not always appear in their pure form. Complex malware can combine different functions. New malware programs and processes are constantly emerging. Spam and phishing emails are still massive, but not as successful for a long time. The malware adapts to this development. This increases the use of malware that is activated undetected by normal downloads or links.

How do you find out if your system is infected?

Hardware such as PCs or servers as well as websites themselves can be infected by malware, adware and the like. The operating systems of smartphones are also increasingly affected by attacks. In fact, malware has become so ubiquitous that every computer, program, and website is under constant attack. In order to minimize the risk, a competent provider or hoster is just as important as the installation of effective protection programs.

The infection of a website with malware is difficult to detect because it is hidden in the source code of the page. Once access has been gained here and a malicious program is left behind in the code, it can operate from here unnoticed. Regular malware searches are therefore necessary in order to identify malware as early as possible. Completely freeing the source code of the malicious program is often unsuccessful with conventional deinstallation, since residual fragments are often left behind, which continue to be executed undetected even after the deinstallation. We will go into more detail below on how to remove malware.

Malware cannot be recognized immediately on the computer either, and in the case of grayware such as spyware and adware, which do not permanently impair the functionality of the system, an infestation may not be noticed at all. The deviating or limited functionality of a system is a clear indicator of an attack by malware.

Slow loading, the failure of the task manager, a suddenly changed start page of the browser, pop-ups that open offline (especially with adware) or the unauthorized sending of e-mails or advertising posts in social networks clearly indicate an infestation of the system through malware. In an emergency, the owner of the computer, website or social media account is denied access and locked out of the respective system while the malware continues to run.

However, the above examples are not always a case of malware infection. Bugs and errors in the software code that were unintentionally implemented by programmers can also lead to unstable software, reduced system performance or crashes. It is all the more important for you to always install the latest software patches for the respective application.

How can you protect yourself from malware?

Malware often gets onto the computer through the unconscious help of the user himself. Spam mails with malware attached are still one of the most common distribution channels. Promises, threats, or intimidation are used to urge recipients to open the attachment. This procedure, known as phishing, is widespread and can attack email inboxes as well as social media profiles and other networks. However, the success of this procedure is diminishing due to the increasing awareness of users and the spread of anti malware programs. However, malware can also hide in downloads or get onto the computer by simply calling up a website. In order to detect malware before it becomes noticeable by the first damage, proactive and regular security measures are required. The massive and steadily growing use of malware makes comprehensive virus protection indispensable. Every year new malicious programs emerge that are constantly finding new ways to gain access to information and systems. In order to optimally protect yourself against attacks by the latest forms of adware, ransomware & Co., the security software must always be up to date.

You can use these means to prevent your system from being infected with adware, ransomware, etc. as much as possible:

  • Using a computer in online mode without the latest antivirus program and active firewall is simply grossly negligent these days. In such a case you can assume that your system is infected many times or will be infected within a very short time. Therefore: always ensure that you have the latest antivirus update and that a working firewall is in place. Modern antivirus programs detect and intercept a large number of different types of malware. An at least daily, automated update should be set here.
  • Another measure, especially in families with young family members, can be to set up a guest profile for each user, with which they can then use the Internet. Guest profiles do not have administration rights and many types of malware cannot even be installed in the system.
  • Another measure, especially in families with young family members, can be to set up a guest profile for each user, with which they can then use the Internet. Guest profiles do not have administration rights and many types of malware cannot even be installed in the system.
  • Purchase software from official sources. Free and shareware should also always be downloaded from the provider's website.
  • When installing most applications, you have the option of installing additional software. You can usually select these options during installation. Make sure you only install software that you really need or that you know about.
  • Be careful which banners or pop-up windows you click while browsing the Internet. If the offer seems too good or dubious to you, don't do it.
  • Nowadays it should be a matter of course to handle your sensitive data carefully. This includes passwords, log-ins or account details. Always check whether the page on which you want to enter this data is encrypted and reputable. Do not save passwords in the browser or in Excel tables. Use secure programs such as KeePass to manage passwords.
  • Use only secure internet connections with your mobile devices or laptop. Open networks that do not require you to enter a password can easily be used by attackers to intercept the data you have sent.

So the bottom line is that you too can prevent your system from being infested with your own behavior. Surf the Internet carefully and avoid dubious websites and pages without an encrypted connection (SSL). In addition, do not download files from an unknown source or from a mail / attachment with an unknown sender.The same also applies to the use of your smartphone, more and more malware is being programmed for mobile Android or Apple operating systems.

The STRATO security tools for protection against malware

The security features of the STRATO products protect your server and computer from the dangers of the Internet such as malware and DDoS attacks or help you to restore files after a virus attack. A number of security tools are available to you:

  • STRATO BackupControl ensures that fully automatic backup copies of your hosting data are created on a daily basis. You can access the backups at any time via FTP. Deleted files or older versions can be easily restored.
  • STRATO SiteGuard protects your server from hacker attacks. You will be notified immediately in the event of unauthorized access. This means that malware cannot get onto your computer through others. Your homepage data cannot be deleted or changed.
  • Finding and removing malware is possible with STRATO's integrated spam filter. We protect you and your users from unwanted or even dangerous emails. Our multi-level spam and virus protection ensures that such messages do not end up in your STRATO mailbox in the first place.
  • With SiteLock, STRATO offers a regular check of the website for security vulnerabilities and helps you with valuable tips to make your homepage even more secure so that you no longer have to worry about malware and hacker attacks.

First aid if your computer is infected with malware

Even with the greatest possible caution and security measures, an infestation with malware can occur. If you suspect that your computer or website is infected, there are several measures you can take. Depending on the case, it may be necessary to act immediately, for example to avoid infecting the devices of your website visitors.

When infecting a computer or laptop, there are four first steps you can take to remove the malware and prevent further damage to your system.

  • Disconnect from the Internet. This includes WLAN connections as well as LAN cables or, on mobile devices, the mobile data connection.
  • Restart the computer in safe mode. This prevents the execution of all background programs that go beyond the basic installation.
  • Clear cache and temporary files. Malicious applications often put files in these folders in order to retrieve them for their activities.
  • Run multiple malware scanners. If you don't have one installed, download and run one, better two, different malware scanners from the Internet before disconnecting from the Internet. With this procedure you will efficiently remove most malicious programs from your computer.

What to do if the website is infected

If your web presence is infected with malware, a few other steps are necessary. You will usually be informed about a potential infestation of your web space by your hosting provider or a search engine will list your website as dangerous. Therefore, when choosing your hosting provider, pay attention to the respective security measures that are part of your hosting package in order to prevent your website from being infected with malware. Trustworthy providers are always at your disposal when it comes to security measures.

These essential safety precautions include:

  • A secure server location
  • The encryption of all data connections (STRATO guarantees secure data transmission via SSL)
  • The use of secure access data (cryptic passwords and of sufficient length)
  • Use a to restore your website to a pre-malware version.

In addition to the security features already mentioned, the STRATO security concept is based on data centers in Germany, which ensure a perfectly secured infrastructure. The TÜV certifications according to ISO 27001 are renewed every year.

If you work with content management systems, always make sure that the versions are up-to-date, because regular updates are essential for effective protection. In addition, make backup copies of your databases and website files regularly (daily or weekly) so that you can import them in the event of a malware attack. In this way, you are essentially resetting your website to the state before the infestation.

If your website is infected, you can do the following:

  • Immediately take your web presence offline to avoid infecting site visitors.
  • Make sure that your own PC is not the cause of the infestation. By using ftp access, for example, malware can find its way into your file system.
  • Change all passwords, including those of your server and database.
  • Use a to restore your website to a pre-malware version.

Our STRATO experts are at your disposal at any time to repair the damage caused by malware on your web space and to import the backup.