As with every successful event, behind every successful malware attack there’s a great planning process. Now, don’t think of an attacker as a mere well-organised event planner. Cybercriminals who launch data and money-robbing attacks are great strategists that make use of already existing malware-producing and distributing infrastructures called “malnets”.
Malnets, short for “malware networks”, have become serious internet security threats because of their scope and the difficulty in uncovering them. As they are prone to last beyond several attacks, they enable cybercriminals to adapt to new vulnerabilities in web structures, and launch dynamic attacks over and over again.
How does a malnet work?
Built, managed and maintained by cybercriminals, a malnet can serve cybercriminals’ malicious purposes whenever they want to launch an attack. In order to avoid falling victim to such internet security danger, first you have to learn what it’s all about:
Complex structure. A malnet comprises thousands of domains, servers, websites and cybercriminals spread over large geographical regions. They work together to compromise your internet security and drive you to the malware payload, that is: the damage caused by malware. It is important to mention that not all servers and websites in a malnet are malicious – some of them are legitimate e-mail servers and websites hacked by cybercriminals. With this infrastructure in place, they can plan and launch an attack at any time.
All-in-one-place targets. Attackers focus on places on the web buzzing with user activity, because the success of an attack highly depends on having lots of users in one place. It comes as no surprise that search engines, social networks and e-mail platforms are primarily targeted and used as “malnet entry points”. So, while browsing the web, socializing or sending/opening e-mails there’s always a chance you become the victim of an internet security breach or scam.
Common attacks. How do attackers trick you into “entering” a malnet? They either build malicious websites or hack trusted websites to infect them with links to their websites. Then, they start spreading links to these websites accompanied by enticing messages – these are malicious links. Usually, for the messages accompanying the links, they exploit trending news or celebrity-related content, national holidays or important world events, and even the need for certain services to lure you into the malnet funnel. But what techniques do they use to make those malicious links reach you?
- SEO poisoning – pushing malicious links up in your search results.
- Spam – sending you deceiving e-mails that contain such links.
- Malvertising – inserting malicious ads into legitimate ad networks.
- Polluting social networks – placing malicious links in social media news feeds.
Malware onto your computer. Once you enter the malnet, you’re exposed to malware infections that can really shake up your internet security. You may be tricked into downloading a virus, Trojan, spyware or other type of malware disguised as some kind of freeware (internet security programs, software needed for running other programs, Flash or browser updates). In reality, after you install them on your computer they enable cybercriminals to take over your computer, data and/or identity, and maybe infect your friends as well.
Like any other criminal gang, these malnets have names. The largest malnet, and most efficient in compromising users’ internet security, is called Shanukle and operates in North and South America, Europe and Asia. It spans over a wide range of threats and numerous online activities: drive-by downloads, malvertising, Firefox and Flash updates, botnets, work-at-home scams, and even pornography and gambling.
How to avoid becoming the victim of a malnet – tips that need to become habits:
- Stay informed about internet security threats. Part of an effective defence strategy is knowing the enemy, how they attack and their weapon of choice.
- Get internet security software that comes with Safe Browsing, to flag all malicious websites. BullGuard Internet Security 12 comes with such a feature. It gives you detailed information on those high-risk websites, even when you run into them on Facebook.
- Have a strong Firewall in place to block attacks on your computer. Check your Firewall logs for unusual traffic and block all unsecured traffic that attempts to use port 443 – bots may exploit it to take over your computer. If you don’t seem to find your way around your Firewall settings, contact the Support service of your Firewall provider.
- Install a proactive internet security program and schedule regular antivirus scans just in case. BullGuard’s internet security suite comes with a state-of-the-art antivirus engine which brings together Signature-based Detection that brings down already known malware, and Behavioural Detection which spots unknown (yet) malware by how it “acts” and blocks it.