Diagnosing Malware
(Last Updated On: July 29, 2019)

 

Unfortunately, there are very few people who will not have come across malware on numerous occasions. They may see it flash up as a blocked intrusion on their antivirus software or they may need to remove the potentially dangerous malware from their system. In theory, malware is fairly simple to remove. Just use the latest antivirus software and voila! But as the saying goes, “prevention is better than cure”the same goes for cyber defence. Ensure that you have protection against malware and take an array of simple precautions!

 

A simple malware definition

Even though the majority of us will have come across malware, many people are not aware of the malware definition – the term actually stands for malicious software. These are programs created to compromise the security of your computer system or even your website. The dangers can vary from simple pop-up adverts to those which will access your most private information. These often lead to identity theft and similar crimes. If the fraudsters gain access to your personal data (or that of your customers). They may be able to access bank accounts, take out loans, log into your various online accounts and generally cause havoc.

The best way to combat malware is to be proactive with regards to your antivirus software. Another way is to ensure that you refrain from clicking on dubious links – no matter how interesting they may look. If you find that your machine/website has been infected then malware removal should be instigated as soon as possible.

 

Diagnosing Malware attacks 2019

When you consider that even the likes of Microsoft, and their award-winning Windows operating system, are not always as secure as they could be, this perfectly highlights the problem. It is inevitable that malware attacks in 2019, and beyond, will grow in number and complexity. Criminals and fraudsters are still attempt to keep one step ahead of the antivirus/security software sector. It is fair to say that the antivirus software available today is able to react very quickly to new malware threats. However, this is usually after threats emerge. In simple terms, you can’t find the solution until you know the problem…

“Prevention is better than cure – unknown proverb”

Luckily, there are a number of actions you can take to avoid downloading malware onto your computer system and in some cases onto your website server. These include:-

  • Do not click on dubious links
  • Avoid spam email links
  • Only download files from trusted sources
  • Refrain from using standard passwords
  • Ensure that your antivirus software is up-to-date
  • Carry out regular scans of your computer/server

In reality it is very easy to lose focus for a split second and click on a link which could open the floodgates to malware on your system.

 

Signs of malware

There are a number of ways in which you may become aware of malware on your computer system/host server such as:-

  • The appearance of spam adverts
  • Dubious redirects from websites
  • A general slowdown in the speed of your computer/website
  • Various errors when running software

One of the main problems is that if you have malware on your system but you are unaware then this can simply be mistaken for slow processing times. Many of us, often with the idea that it will never happen to us, simply wait until the next time we reboot the computer system to see if the speed improves. If you see a general sluggishness in the performance of your computer then a malware infection is highly likely. This requires appropriate action IMMEDIATELY.

 

Web Hosting accounts

Despite the fact that leading web hosting companies have an array of security measures to fight malware and cyber-attacks, we have seen many website owners inadvertently opening the door to attacks. This tends to more prevalent on shared hosting accounts which is why many people look towards dedicated servers and VPS hosting. While all hosting services will include a very efficient and fast acting firewall, it is essential that all parties work together to avoid the threat of cyber-attacks.

There are a number of ways in which you can protect your hosting account which include:-

  • Refraining from uploading suspicious software packages
  • Ensure that firewalls are secure and up-to-date
  • Upload security patches on operating systems and software as soon as possible
  • Encrypt important directories

in the event of a malware attack, a recent website backup is the safety net you’ll wish you had. However, this will depend upon the actions taken by the rogue software but in some cases this can lead to removal from search engines and danger warnings. It is important to act quickly because if left to fester malware can cause serious damage to your website, lead to the theft of private and confidential data and ultimately ruin the reputation of your website with the search engines. In some cases the damage to a site’s reputation could be permanent if you don’t act quickly enough.

For added privacy and security, we suggest you check out these advanced VPS Hosting plans.

What to do if you suspect malware on your system?

Before we look at ways in which you can combat/remove malware it is essential that you carry out regular scans of your computer/hosting account to alert you to any issues. If you have a regular monthly checklist then add a manual search for malware and very quickly it will become routine. So, what should you do if you suspect your machine/server has been infected by malware?

  • Run an in-depth antivirus/malware scan of your system
  • Delete any dubious files found via the scan
  • Make a note of when you first noticed changes in system performance
  • Consider using a recent backup of your website prior to the malware attack

In the event that a malware infection is impacting the service of your hosting company you would likely receive a communication making you aware of the situation. Website backup solutions tend to be an integral part of your hosting account. As a consequence in the majority of cases it should not be difficult to restore your website (or computer) to a position prior to the virus attack. You may lose some data added after the backup date but this is often a small price to pay to avoid further problems.

 

Vulnerable software packages

While the majority of malware is innocently uploaded via dubious links/files, the cyber criminals tend to focus on particular weak points of a system once they have access. The open source blogging system WordPress is a package that is often attacked by cyber criminals due to many users failing to update security patches (this is a whole article in itself). Some of the more common elements of WordPress used to inject malicious code include:-

  • Themes
  • Plug-ins
  • Base WordPress files

In the event that you find your WordPress package infected there is a simple way to check the potential location of the malicious code. Navigate to your control panel. Here you can review individual directories and list files filtered on the latest date they were altered. This will highlight the most recent changes and potentially infected files. When using this method to review files it is essential that you also list “hidden” files to give you an overall view.

We are not in any way suggesting that WordPress is the most susceptible software package when it comes to malicious code but it is extremely popular. Unfortunately, despite the fact that security patches, together with plug-in/theme updates, are regularly released, not all users update their software. It is essential that you look to upgrade not only the overall WordPress package as and when available but also review themes and plug-ins. In the event that there is no security patch for a particular theme or plug-in which has been infected you may need to remove/replace this particular element.

 

Avoiding a repeat attack

While it is obviously important to be aware of any malware on your computer/hosting account and take the relevant action, it is also important to avoid a repeat attack. Unfortunately, many website owners forget to take simple action to avoid a repeat attack as they are often extremely relieved to have located and remove the initial malicious software. Some simple actions to take to avoid a repeat attack include:

  • Changing passwords for control panel/hosting account access
  • Changing passwords for software accounts
  • Removing dubious accounts added by the cyber criminals (for example in WordPress)
  • Ensuring you apply security patches where possible
  • Update themes and plug-ins
  • Add/update anti-virus software

It may seem bizarre to suggest that after rectifying the problem many victims will fail to ensure they seal the broken door.  For preventing similar attacks, fix all issues. If the cyber criminals have found a weakness in your hosting account, website or software packages they will try, several times to gain access. They might even relay these weaknesses to their “colleagues”. So, while removing the malicious code is imperative it is also very important to resolve security weaknesses fast.

 

Conclusion

Unfortunately, the battle against malware and cyber criminals is never ending. Thankfully there are relatively simple actions you can take to avoid infection by malware. Never click on dubious links/downloading dubious files. Ensure that all of your software packages, themes and plug-ins are up to date with the latest security patches. If you have a dedicated server, optimise it not only for performance but also security. We may take firewalls for granted but they are essential as the first line of defence.

It is worth mentioning again, once you have rectified a malware infection it is vital that you ensure the original route to infection is closed. Simply uploading a backup where your website was “clean” is a start. However it is inevitably the cyber criminals will attack again unless the original route is closed.

Never take your eye off the ball when it comes to malicious software and the cyber criminals!