Ten Malware Myths That Refuse To Die

Every day, the AV-TEST Institute registers over 350,000 new malware and potentially unwanted applications. Malware, an appellate for malicious software is the favorite tool of hackers and cybercriminals. Stories abound of individuals who have lost copious sums or data due to malware attacks.

But why are malware attacks so pervasive and successful? One could argue that it is due to the ingenuity of the attackers, but one has to wonder how much of that ingenuity is bolstered by the attitude of the user. London-based consultancy Willis Towers Watson maintains that 90% of all cyber claims stemmed from some type of human error or behavior. Given the statistics, we can be sure at least some of these human errors are due in part to false beliefs. So how do we determine these false beliefs? If only there was some survey or study that could aid us in this regard.

Enter Cybersecurity firm G Data, they conducted a large scale survey to determine how well internet users understood the dangers online. The following ten myths are drawn from the results of that survey. So let’s dive in and investigate the ten most pervasive myths about malware that could leave you in a lot of hot water.

Myth 1 – If I don’t notice anything suspicious my device is not infected
Apart from Ransomware that loves to make a splash, the longer malware can go undetected, the more useful it can be to a criminal who can continue to use it. An example is a Zombie (botnet) – such a device can send spam, assist in espionage, or participate in a DDoS attack.

Myth 2 – Free antivirus is adequate
Earlier this year news started making the rounds of a free antivirus that was selling its users browsing data. Aside from having your data sold to marketers, the main issue with free antivirus is that they measure up to their paid counterparts. Take a moment and consider this, most free antivirus has a paid counterpart. Why would antivirus makers do this if the free version provided equally good protection? Surely there are differences between free and paid versions of antivirus products.

Myth 3 – Malware is mostly sent via email attachments
While email is still a very potent delivery method, social networking sites have become a favorite for cybercriminals. We’ve all witnessed WhatsApp chain messages with links to sites ready to serve malware. Also, malvertising is another option, this is where malicious code is incorporated into ads and now served on various advertising platforms.

Myth 4 – As long as I don’t download anything
Cybercriminals do not abide by the #GDPR, hence don’t expect them to ask for your permission before loading your device with malware. Visiting a compromised site is all it takes for your device to get infected (usually the malware program is very small) without you taking any other action. This method of delivering malware is known as drive-by-download

Myth 5 – It’s easier to get infected through Torrent sites.
Yes, malware authors love to pass off trojans as the current version of paid software and put them on P2P networks. Still, the infection rate is lower when compared to other methods such as drive-by- downloads.

Myth 6 – I am safe because I don’t visit adult sites
It’s estimated that 28,000 internet users view pornographic material every second, hence it’s a no-brainer that malware authors use sites hosting erotic content to spread malware. But the fact remains that safety depends on the competency of a site’s administrator(s) and the sophistication of the attackers rather than on the nature of a site. Any site can be a potential vector for the spread of malware.

Myth 7 – If I don’t open an infected file I am safe
Yeah, back in the good old days! These days user interaction isn’t always required as it has become possible to write malware that both the download and execution go unnoticed.

Myth 8 – Most malware infections are through USB flash drives
Yes, USB flash drives are a serious concern. There seems to be an almost universal need to plug in a lost but found USB flash drive with the words “confidential” pasted on it. But these days security solutions exist which can prevent the contents of USB-connected devices from automatically executing making them less of a concern. Also, when compared to other means like drive-by-downloads, the risk of infection is low.

Myth 9 – I only visit safe sites, so I don’t need security solutions
Ever heard of a watering hole attack? This is where attackers compromise a group of end-users by infecting websites that members of the group are known to visit. That supposedly safe website you love to visit then becomes your waterloo.

Myth 10 – I have nothing of value, so I am not a target
Yeah right! Think of data you have, email addresses, phone numbers, social media accounts, banking details. Anyone one of these is a valuable goldmine for cybercriminals. Even your device alone is useful as it can be recruited to be part of a botnet for hire.

So there you have it, ten popular malware myths. Hopefully, we’ve been able to dissuade your mind if you’ve believed any of the myths above. A final word, always keep your systems updated, use multi-factor authentication, and back up critical data.