What is Malware?
Malware (malicious software) is a general term used to describe hostile, intrusive or annoying software or program code. Malware includes viruses, tracking software, "bots", trojans, etc. For more info on malware/anti-virus...
Doesn't anti-virus software detect and eliminate malware?
No. No software is completely effective against malware, and anti-virus software tends
to concentrate on viruses but not other forms of malware. The least harmful malware
packages may only track the web pages a user contacts; the more serious may steal
personal information or log-in information as it is typed. Malware infections are
often picked up by accessing infected websites. In the past, avoiding unknown web
sites was a reasonably effective practice for avoiding infections.
Am I safe if I avoid unknown web sites?
No. Recently, malware's ability to infect machines has significantly increased through
a process called "malvertizing". An innocent user may access a legitimate website.
If that website flashes ads, which many do, an infected ad that appears while the
primary website is being viewed can infect the machine as if the user had clicked
directly on the ad itself. Since many sites flash rotating ads from third parties,
one person might be infected because a particular ad flashed when s/he was accessing
the site, while a few seconds later another person might not see the ad and not be
infected. This new approach to infection is a powerful tool for malware dispersal
and is resulting in many more malware infections.
How great is the risk?
Recent warnings have been issued by agencies tracking malicious software that malware
designed to steal credit card numbers and passwords is being distributed in this way.
We have found some infections like this on campus, but have no way to systematically
scan for and detect this software, as it changes constantly. Some institutions, including
school districts, have lost hundreds of thousands of dollars overnight when such malware-infected
machines are used for online banking. Protection is no longer found in simply avoiding
unknown websites.