Malware Basics and Safety Tips

in #malware2 years ago (edited)

Malicious software — or “malware” for short — is a broad class of software built with malicious intent. Over the course of the last few years, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans sometimes are not sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any TX fees, or the latest/fastest miner, and the attacker posts a program with malware embedded as a response. This type of attempt usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the download file (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to no detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Good security practices:

Don't immediately open attachments or click on suspicious looking links.
Hackers are very good at creating fake emails that look like they are legitimate (usually malware disguised as legitimate files). Either ignore such requests or independently verify that the supposed source did send the email to you. It is also good practice to at least scan the links or files with Virustotal.

Anti-Virus/Anti-Malware software
Install good anti-virus and anti-malware software that periodically searches for and removes threats. Make sure to keep the software updated at all times and set a scan schedule.

Spam Filters
The forum database was compromised in 2015 which resulted in the emails associated with the accounts being dumped. You are likely already receiving some spam emails due to this. Your email provider my have decent spam filters that will block out some spam.

Be careful with everything
Always be careful with what kind of files you download and run, or what kind of drives you plug into your machine. Both may contain self-executing and undetectable malware.

Use common sense
Nobody is going to give you some get-rich Bitcoin mining software, nor is somebody going to sell you any kind of legitimately acquired goods at unreasonably low prices. Do not download and run software from unknown/random users on a machine that you actively use. Even running it inside a VM may not be safe enough.

Untrusted Websites
Don’t visit untrusted websites and take everything you read with a small grain of salt. Hackers tend to create fake websites and pop-ups with enticing messages that are intended to lure you in and download malware. There have been a lot of phishing attacks such as: Phishing ADs on Google, fake Bitcoin wallets on iOS and Google Play stores, etc. @cleverbot


I don't fully understand what you mean by that.

Congratulations @frenchbread11! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You made more than 10 comments. Your next target is to reach 50 comments.

You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Vote for @Steemitboard as a witness to get one more award and increased upvotes!