Malware

The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.

What is malware?

Malware (short for ‘malicious software’) is software that cyber criminals use to harm your computer system or network. Cyber criminals can use malware to gain access to your computer without you knowing, in targeted or broad-based attacks.

Cyber criminals use malware for different reasons, most commonly to steal your confidential information, hold you to ransom or install damaging programs onto your device without your knowledge.

Malware can get onto your device or system when you visit an untrustworthy website or download an infected file via an email or a portable device, such as a USB stick.

Types of malware

The most common types of malware include:

  • trojan viruses, which appear to be ‘normal’ files but include hidden information to give cyber criminals access to and control of your device or system

  • ransomware, that once inside your device or network denies access to systems or files until a ransom is paid

  • keyloggers, which record keystrokes and use that information to steal passwords and other sensitive information, such as banking details.

  • viruses, which infect and corrupt software installed on devices and then reproduce. A worm is a type of virus that, once inside a vulnerable system, can spread on its own.

How do I recover from a malware threat?

Seek help immediately from your ICT support team or a computer services company, who can help you identify what’s gone wrong.

The UK National Cyber Security Centre provides a series of steps to help limit the impact of the infection.

How do I prevent malware?

You can take a few simple steps to prevent getting malware:

  • Minimise visits to unknown websites and avoid being enticed by clickbait.

  • Look for the padlock symbol and ‘https’ in the browser address bar when surfing the net.

  • Install and regularly update anti-virus and anti-ransomware software.

  • Install a firewall to stop traffic from untrustworthy sources getting onto your device.

  • Keep your operating system and software up to date with the latest versions; this should be done automatically where possible.

  • Back up your computers and phones regularly, and choose automatic back-ups where possible. Keep back-ups separate from your computer, on separate devices or use a cloud service.

  • Disable macros in Microsoft Office.

  • Have an incident response plan ready to dramatically reduce the damage inflicted, ensure a quick recovery and safeguard against future incidents.

  • Adopt multiple layers of defence against malware; no single mitigation will protect you. You can develop multiple strategies that will improve your resilience and detect malware without disrupting the day-to-day running of your organisation.

Stay ahead of the latest cyber threats. Sign up for Stay Smart Online alerts, a free service to inform you of the latest cyber threats and how to manage them.