Resources for the global digital safety training community.
Credits
Last Updated 2015-05This input session includes definition of basic malware terms, reviewing how users are exposed to malware, and how users can prevent malware infections or handle existing ones. Current trends in threats move very fast, and can either be warnings to include in trainings or examples to use. Keep up to date on vulnerabilities, social engineering trends, etc., for your workshops - particularly if you're training on operating systems that you're less up-to-date on.
When it comes to talking about malware, a definition of terms is helpful so that participants can understand the different types and the distinctions between them. To avoid presenting the content solely as a lecture, and to get a better sense of your participants’ knowledge, you can present this section by asking participants how they would define the following terms, then correcting their definition(s) as needed:
An umbrella term for Malicious Software, very likely containing a virus or an otherwise malicious software application.
Viruses are usually attached to a program or file. They are generally executable files and can only be run when ordered to do so by the user.
This is malware which comes disguised as “legitimate” software - often in cracked versions of proprietary software. They are often designed to steal information and transmit it over the internet. This is one reason that genuine software is always preferable to pirated, cracked software.
Malware which records users’ activities on a computer; a common example of this is a keylogger, but it can be far more advanced.
Worms are similar to trojans but have the unique characteristics of being able to copy and send themselves from computer to computer (or other devices). A well-known example was the I Love You worm.
One easy way to organize this, again so as not to bore participants with a lecture-only session, is to elicit input and ideas from the experiences of participants and write them on a flipchart.
Supplement any crucial answers they haven’t suggested and add them to the list; to save time, you may wish to prepare the following questions (leaving suggested answers blank, of course), on individual pages of flipchart paper before the session, with one question per page:
False: Both OSX (Apple) and Linux operating systems can also be vulnerable to malware, although most malware targets Windows because it is the most commonly used operating system worldwide. With the increasing number of OSX users, more malware is made to target OSX; however, because the number of Linux users are far fewer, Linux malware is far less prevalent.
False: Computers can pass on malware to other devices as “carriers.” An example of this is a computer with OSX, passing on Windows malware to a Windows device, even though that malware didn’t “infect” the OSX device because this malware was designed for Windows. That malware still successfully infected a Windows device, and because of this, users should have antivirus software that also scans for malware designed for other operating systems.
False: Malware may or may not be noticeable - sometimes it will have dramatic impact on a device’s performance, other times a device will continue functioning in an apparently “normal” manner.
False: Anti-malware tools can only identify malware that is known; they cannot protect against “undiscovered” or “new” malware. This doesn’t mean you shouldn’t use anti-malware tools, however!
Once each list is made from this section, hang them up, but leave space next to each list for the list of solutions, both technical and non-technical, that will be covered in the following section.
Go to Survival Time to calculate the average number of minutes it takes for an unpatched computer without antivirus and a firewall to become infected - at time of writing, it took on average 5 minutes.
Below is a list of solutions for avoiding malware to cover together as a group - begin each question by soliciting solutions from participants and adding them to the list, then supplementing additional solutions and missing information as needed.
Place each list of solutions next to the respective list of how users are exposed from the previous section - the avoidance questions below are numbered the same (I or II) as the exposure questions (I or II) from the previous section. Keep them up during the training so participants can refer back to them.
One of the most important ways to protect yourself from malware is to have an updated and licensed operating system, whether open source (Linux), or proprietary (Windows and OSX). Malware takes advantage of outdated and cracked software and operating systems to infect them.
…to verify downloads whenever possible. Suggested tools for this include FileInfo Professional (Free, OSX), HashTab (Paid, OSX), HashCheck (Free, Windows), Rapid CRC Unicode (Free, Windows).
…usually SSL in the browser, whenever possible; similarly, turn on auto-updates for the operating system and applications you use - Flexera for Windows is a free tool that will check to make sure your installed software is up to date.
…on your device to protect yourself; this can also help reduce the spread of malware if you are infected. If you have OSX users, mention that Apple devices are sold with the Firewall OFF by default. Direct them to where they either confirm that it is turned ON or turn it ON themselves (Preferences -> Security & Privacy -> Firewall). Windows usually has firewalls ON by default; to confirm or to turn ON, go to (Control Panel -> Security -> Windows Firewall).
If participants are using pirated copies of Windows, this is extremely dangerous and they should prioritize buying a license if they want to continue using proprietary software (Windows and OSX). If there are a number of participants who cannot afford licenses and are unlikely to use open source, try to see if you can find an organization to provide them with licenses. Otherwise, they should consider using open source operating systems instead.
There are different types of antivirus and anti-malware tools. However, just to make it more confusing, some tools are combined into one, and others have various capabilities enabled depending on whether or not they’ve been paid for.
If participants ask for a place to compare tools, you can point them to AV Comparatives’ Summary Reports for both Windows and OSX tools.
Have an active and updated antivirus program that checks for malware for other operating systems as well, not solely the one on the device it’s installed on - this is to avoid the spread of malware that doesn’t affect one kind of operating system to devices using other operating systems that may be affected. This is most relevant for OSX and Linux operating systems.
Have an antivirus program that has active monitoring capabilities, or “real-time protection”, and use it. This allows the program to actively monitor your computer’s activities to alert you to potential malware, instead of discovering malware during scans alone.
For a case study of how an organization can be compromised by a spearphishing attack, this may be useful - it also illustrates how exploited email accounts of IT staff can be used once the initial email has been successful.
Be very suspicious of private messages on social networking sites or IM which prompt you to:
…on websites, social networking sites, and IM (as well as in emails). Sometimes this may be the only way to realize you’ve been redirected to a (sometimes very convincing) login page.
… when you’re unexpectedly directed to a login screen, or if you’re redirected to an unfamiliar “warning” page of any kind for a service that you use.
…which are becoming far more effective and harder to recognize - examples to share include this fake Google login page and this fake Apple Store ID reset page.
Go through each list and identify each type of exposure to malware and each solution to malware as either technical or non-technical. Use this to illustrate how being safe online is a combination of technical and behavioral solutions.