How Does Malware Get Onto Your Business’s Computers?


Malware and crimeware are rampant, but how does malware get onto your businesses computers? We look at the three major malware vectors you need to know about.

There’s a lot of money in cybercrime and almost every business is a potential target. In most cases, the criminals will not be targeting a business directly via an advanced persistent threat against the business itself, but almost every business is at risk of being the unlucky victim of indiscriminate malware attacks.

The benefits to malware distributors of infecting business machines are numerous, and include harvesting banking and other identity credentials, further distribution of malware, spam distribution, and adding a botnet node to use in DDoS attacks, among others. But how does malware get onto computers in the first place?

A recent report from Sophos, the anti-malware company, goes into some depth about the techniques used to infect machines with the Vawtrak malware, a tool used by online criminals to harvest banking credentials as part of an international crimeware-as-a-service strategy.

There are three vectors by which Vawtrak infects business machines: email, an exploit kit, or via a downloader.

The first method is the most familiar. An email is sent to targets, either as spam or as part of a focused social engineering campaign. The email is intended to influence the recipient to open an attachment, often disguised as a PDF. In reality, the attachment is an executable which initiates the installation of the malware. This vector is one of the reasons that all employees should be given security training about possible malware sources — they should be aware that even innocuous looking attachments could contain malware.

An exploit kit is typically used on previously compromised websites. For example, a WordPress site that has not been properly updated could have been compromised and infected with code that redirects browsers to a page that contains malicious JavaScript code —the exploit kit landing page. The code embedded in the page will attempt to exploit known vulnerabilities in the browser or its plugins — particularly Flash or Adobe Reader plugins — to load the Vawtrak binary.

A downloader is a small malware component that is used to download the main malware payload. There is an interesting economy around downloaders, in which customers pay downloader creators to include their own malware as part of the package of harmful software to be installed — a further example of the crimeware-as-a-service model. Downloaders typically find their way onto computer systems via attachments to spam emails, via direct download (often of pirated content), or through visits to compromised websites.

If you have an interest in malware, the Sophos report is well worth reading, as it goes into detail about the Vawtrak creators’ business model and the technical aspects of infection. But the purpose of this article is to stress to business owners and executives the necessity of information security training for employees interacting with IT systems within a business.

Avoiding infection by malware is, for the most part, relatively straightforward, but employees who don’t have sufficient training and awareness can be a considerable liability to both themselves and to their employers.



Graeme Caldwell — Graeme works as an inbound marketer for Nexcess, a leading provider of Magento and WordPress hosting. Follow Nexcess onTwitter at @nexcess, Like them on Facebook and check out their tech/hosting blog,


Your Turn To Talk

Your email address will not be published.