Proceed with caution: Avoid malicious software

Revised: March 2020

Malicious software—known as malware—can jeopardize your privacy by stealing the personal information stored on your smartphone, tablet or computer. It can hijack your mobile device or computer or erase all your data. Malicious software is also sometimes used to spy on individuals to collect sensitive business information.

There are many ways you can download malware by mistake. For example, you could receive an email telling you to follow a link to download free anti-virus software or a message with an attachment that seems to be from someone you know. In both cases, you could end up with a malware problem.

On this page

• Ransomware
• Keyloggers
• Botnets
• Trojans
• Worms
• How malware spreads
• What you can do

Ransomware

Ransomware is a type of malware that denies access to your computer or phone and asks you to pay a ransom to get it back. When ransomware infects a device, it encrypts all the files and holds the key for ransom.

It will be obvious if your device is infected with ransomware because a message will appear explaining that your files are inaccessible and that you need to pay a ransom to retrieve them.

The attacker will usually ask for the ransom payment in the form of a digital currency (for example, Bitcoin) since the transfer would be untraceable. The attacker will usually give a time limit to pay the ransom. After the time limit, the price might increase or the attacker might threaten to destroy all of the files so they can never be recovered.

Police strongly recommend that you not pay the ransom. There is no guarantee that you will recover your data and the criminals may extort you for more money after you pay the original ransom, while making yourself a future target.

Extortion via ransomware is a criminal offence in Canada, and the money you pay will be used to fund criminals and/or criminal organizations and motivate them to further victimize others. See the Royal Canadian Mounted Police’s page on ransomware for more information.

What to do if you download ransomware

If you download ransomware but there is still a chance that your device is not infected, do the following from an uninfected device:

• Delete the email
• Immediately change your email password as well as the passwords for any other accounts that have been hacked
• Follow these tips on our website for creating and managing passwords

What to do if your device is infected by ransomware

From an uninfected device:

• Hire a trustworthy IT professional for assistance in recovering from the attack
• Report the incident to your local police and contact the Canadian Anti-Fraud Centre

Keyloggers

A keylogger is malware often used as a spyware tool by cybercriminals to record everything you type into a device, including passwords and other personal details. Keyloggers can also track your mouse movements. Criminals use the information captured to defraud you.

You can download a keylogger unintentionally by clicking a link in a message or on a website. Sometimes physical keylogger hardware is secretly plugged into a keyboard or device, but this is less common.

How to detect a keylogger on your device

• Monitor your device’s behaviour. Some keyloggers display symptoms similar to other virus behavior: slow computer performance, new desktop or system tray icons, excessive hard drive or network activity, etc.
• Make sure your virus scanner has all the latest updates and run a full system scan to find any keylogger infections
• You can also get anti-keylogger software that specifically scans for software-based keyloggers

Botnets

A botnet is a collection of software robots or “bots” that creates an army of infected computers (known as zombies). A hacker remotely controls the botnet.

When creating a botnet, the hacker's goal is not to infect one or two devices, but hundreds of thousands of computers, smartphones, GPSs, routers and anything else connected to the Internet. A single botnet can include millions of computers and other online devices.

The hacker behind the attack can use a botnet to copy credit card numbers and banking credentials from the infected computers or devices. The hacker can also use the botnet to launch attacks against websites, deliver spam and other malware to victims or conduct other fraud.

How to determine if your device is compromised

• If your computer or other device is part of a botnet, you may notice that it is running slowly, acting strangely or giving error messages. These could be symptoms of someone using your computer remotely as part of a botnet
• Your data usage may be unusually high
• To confirm that your device is affected, make sure your virus scanner has all the latest updates and run a full system scan to locate the malware

Trojans

Trojans are a type of malware that spreads other malware. Unlike many computer viruses, the computer user must download and install the Trojan.

Like the famous Trojan horse of Greek mythology, the attack can come in the form of a gift that secretly conceals malware or some other malicious code, such as a USB thumb drive or an email attachment.

Unfortunately, the drive or attachment harbours a virus or a piece of code that allows computer hackers to monitor your keystrokes as you navigate the Internet—exposing your passwords, banking information and personal web-browsing habits. A Trojan could even add your computer to a botnet.

To avoid being tricked

• Never insert a USB thumb drive into a computer unless you have purchased it from a reputable retailer or it was given to you by a trusted source
• Avoid using USB charging cords, charging stations, or unverified public Wi-Fi spots unless you know where the cords were purchased or who operates the charging stations and Wi-Fi spots
• In general, buy computer and technical supplies from reputable outlets and avoid offers that seem too good to be true
• Don’t open attachments in emails unless you are sure of the source
• Make sure you are downloading software from a reputable source. Do some searches on the software to see if it comes up in any news stories

Scan any software you download before you install it. If you don’t have a virus scanner, there are sites where you can upload it for verification.

Worms

A worm is a type of malware that spreads copies of itself from computer to computer. It can also infect mobile devices. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.

Worms can be transmitted via software vulnerabilities or attachments in spam emails or instant messages. If you open the attachment, the file could automatically download a worm. Once installed, the worm silently goes to work and infects your computer or device without your knowledge.

Worms can modify and delete files, and they can even inject additional malicious software onto a device. Sometimes a computer worm’s purpose is only copy itself over and over — depleting system resources, such as hard drive space or bandwidth, by overloading a shared network.

Worms can also steal data and install a backdoor that gives a hacker access to your device. Hackers can gain control of your computer or mobile device and its system settings.

How malware spreads

• Spam: clicking on links in electronic messages or downloading attachments is one of the most common ways that malware is spread. See our advice: Be diligent when dealing with spam
• Websites: you can click on a website link and download a virus or other malware that is automatically installed on your computer or other device
• Removable media (USB, CD or DVD): malware can be automatically installed when you connect an infected drive to your computer or can spread from one device to another when connected to the same network
• Trojans: unlike many computer viruses, the computer user must download and install the Trojan and usually users are tricked into doing this
  • Attachments encourage people to open files based on a file name that seems interesting
• Freeware/Shareware (executable files): malware can spread if you install infected software applications that are offered free of charge, or that have free limited versions

What you can do

Be careful with email or other electronic messages. Many times, malware is downloaded by clicking on links in messages. Don’t open unknown files or email attachments. Most instances of computer compromise arise from web, email and instant messaging, so you are the first line of defence.

Verify links

To verify links in browser-based email, hover over the name of the sender to see that the name matches the email. On a phone or mobile device, select the sender’s name to call up their contact information. This will allow you to see the full email address.

Always check the full email address or URL. Are there extra numbers and letters you wouldn’t expect? If the address doesn’t look right, don’t follow the links or reply to the email!

If it is a scam, you will quickly notice that it’s not firstname.lastname@gmail.com or offers@onlineretailer.com, as you were expecting, but rather something like firstname.lastname12345@gmail.com or offers@onlineretailer.dealz.com. It will be just close enough to fool you, but definitely not the real thing. Be extra careful if the link is shortened using a service such as bitly.

Use security and privacy safeguards

Make sure your devices are equipped with online security and privacy safeguards including firewalls and virus protection. Be sure to keep the software and operating systems on your devices up to date.

Whenever you download software, documents, images or other files, run a virus scan on the files to ensure they don’t contain malware. The same goes for removable media, such as a USB flash drive.

If you believe you have been a victim of a scam, contact your local police and report it to the Canadian Anti-Fraud Centre.