ST18-004: Protecting Against Malicious Code

["US-CERT" <US-CERT () mil govdelivery com>]

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



ST18-004: Protecting Against Malicious Code [ https://www.us-cert.gov/ncas/tips/ST18-271 ] 09/28/2018 11:17 AM EDT 
Original release date: September 28, 2018

 

What is malicious code?

Malicious code is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. 
Various classifications of malicious code include viruses, worms, and Trojan horses.


  * *Viruses* have the ability to damage or destroy files on a computer system and are spread by sharing an already 
infected removable media, opening malicious email attachments, and visiting malicious web pages. 
  * *Worms *are a type of virus that self-propagates from computer to computer. Its functionality is to use all of your 
computers resources, which can cause your computer to stop responding. 
  * *Trojan Horses* are computer programs that are hiding a virus or a potentially damaging program. It is not uncommon 
that free software contains a Trojan horse making a user think they are using legitimate software, instead the program 
is performing malicious actions on your computer. 

How can you protect yourself against malicious code?

Following these security practices can help you reduce the risks associated with malicious code:


  * *Install and maintain antivirus software.* Antivirus software recognizes malware and protects your computer against 
it. Installing antivirus software from a reputable vendor is an important step in preventing and detecting infections. 
Always visit vendor sites directly rather than clicking on advertisements or email links. Because attackers are 
continually creating new viruses and other forms of malicious code, it is important to keep your antivirus software 
up-to-date. 
  * *Use caution with links and attachments.* Take appropriate precautions when using email and web browsers to reduce 
the risk of an infection. Be wary of unsolicited email attachments and use caution when clicking on email links, even 
if they seem to come from people you know. (See Using Caution with Email Attachments [ 
https://www.us-cert.gov/ncas/tips/ST04-010 ] for more information.) 
  * *Block pop-up advertisements.* Pop-up blockers disable windows that could potentially contain malicious code. Most 
browsers have a free feature that can be enabled to block pop-up advertisements. 
  * *Use an account with limited permissions.* When navigating the web, it is a good security practice to use an 
account with limited permissions. If you do become infected, restricted permissions keep the malicious code from 
spreading and escalating to an administrative account. 
  * *Disable external media AutoRun and AutoPlay features.* Disabling AutoRun and AutoPlay features prevents external 
media infected with malicious code from automatically running on your computer. 
  * *Change your passwords.* If you believe your computer is infected, change your passwords. This includes any 
passwords for websites that may have been cached in your web browser. Create and use strong passwords, making them 
difficult for attackers to guess. (See Choosing and Protecting Passwords [ https://www.us-cert.gov/ncas/tips/ST04-002 ] 
and Supplementing Passwords [ https://www.us-cert.gov/ncas/tips/ST05-012 ] for more information.) 
  * *Keep software updated.* Install software patches on your computer so attackers do not take advantage of known 
vulnerabilities. Consider enabling automatic updates, when available. (See Understanding Patches and Software Updates [ 
https://www.us-cert.gov/ncas/tips/ST04-006 ] for more information.) 
  * *Back up data.* Regularly back up your documents, photos, and important email messages to the cloud or to an 
external hard drive. In the event of an infection, your information will not be lost. 
  * *Install or enable a firewall.* Firewalls can prevent some types of infection by blocking malicious traffic before 
it enters your computer. Some operating systems include a firewall; if the operating system you are using includes one, 
enable it. (See Understanding Firewalls for Home and Small Office Use [ https://www.us-cert.gov/ncas/tips/ST04-004 ] 
for more information.) 
  * *Use anti-spyware tools.* Spyware is a common virus source, but you can minimize infections by using a program that 
identifies and removes spyware. Most antivirus software includes an anti-spyware option; ensure you enable it. 
  * *Monitor accounts. *Look for any unauthorized use of, or unusual activity on, your accountsespecially banking 
accounts. If you identify unauthorized or unusual activity, contact your account provider immediately. 
  * *Avoid using public Wi-Fi.* Unsecured public Wi-Fi may allow an attacker to intercept your devices network traffic 
and gain access to your personal information. 

What do you need to know about antivirus software?

Antivirus software scans computer files and memory for patterns that indicate the possible presence of malicious code. 
You can perform antivirus scans automatically or manually.


  * *Automatic scans*  Most antivirus software can scan specific files or directories automatically. New virus 
information is added frequently, so it is a good idea to take advantage of this option. 
  * *Manual scans*  If your antivirus software does not automatically scan new files, you should manually scan files 
and media you receive from an outside source before opening them, including email attachments, web downloads, CDs, 
DVDs, and USBs. 

Although anti-virus software can be a powerful tool in helping protect your computer, it can sometimes induce problems 
by interfering with the performance of your computer. Too much antivirus software can affect your computers performance 
and the softwares effectiveness.


  * *Investigate your options in advance. *Research available antivirus and anti-spyware software to determine the best 
choice for you. Consider the amount of malicious code the software recognizes and how frequently the virus definitions 
are updated. Also, check for known compatibility issues with other software you may be running on your computer. 
  * *Limit the number of programs you install.* Packages that incorporate both antivirus and anti-spyware capabilities 
together are now available. If you decide to choose separate programs, you only need one antivirus program and one 
anti-spyware program. Installing more programs increases your risk for problems. 

There are many antivirus software program vendors, and deciding which one to choose can be confusing. Antivirus 
software programs all typically perform the same type of functions, so your decision may be based on recommendations, 
features, availability, or price. Regardless of which package you choose, installing any antivirus software will 
increase your level of protection.

How do you recover if you become a victim of malicious code?

Using antivirus software is the best way to defend your computer against malicious code. If you think your computer is 
infected, run your antivirus software program. Ideally, your antivirus program will identify any malicious code on your 
computer and quarantine them so they no longer affect your system. You should also consider these additional steps:


  * *Minimize the damage.* If you are at work and have access to an information technology (IT) department, contact 
them immediately. The sooner they can investigate and clean your computer, the less likely it is to cause additional 
damage to your computerand other computers on the network. If you are on a home computer or laptop, disconnect your 
computer from the internet; this will prevent the attacker from accessing your system. 
  * *Remove the malicious code.* If you have antivirus software installed on your computer, update the software and 
perform a manual scan of your entire system. If you do not have antivirus software, you can purchase it online or in a 
computer store. If the software cannot locate and remove the infection, you may need to reinstall your operating 
system, usually with a system restore disk. Note that reinstalling or restoring the operating system typically erases 
all of your files and any additional software that you have installed on your computer. After reinstalling the 
operating system and any other software, install all of the appropriate patches to fix known vulnerabilities. 

Threats to your computer will continue to evolve. Although you cannot eliminate every hazard, by using caution, 
installing and using antivirus software, and following other simple security practices, you can significantly reduce 
your risk and strengthen your protection against malicious code.

________________________________________________________________________

Author: NCCIC________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]