Malware (short for 'malicious software') is software that cybercriminals use to harm your computer system or network. Cybercriminals can use malware to gain access to your computer without you knowing, in targeted or broad-based attacks.
Malware is the term used to refer to any type of code or program that is used for a malicious purpose.
Cybercriminals use malware for many different reasons but common types of malware are used for stealing your confidential information, holding your computer to ransom or installing other programs without your knowledge.
Use this guidance to learn about malware and how to protect yourself.
Tip: You can protect yourself from malware by using antivirus software and secure behaviour online.
Protect yourself from malware
Take the following steps to significantly reduce your risk of being affected by malware:
- Use antivirus software and automatically download signature updates daily. Learn about antivirus software.
- Keep all your other software up to date too. Learn about updating sofware.
- Use strong passwords and passphrases. Learn how to create – and remember – strong passwords.
- Backup your files regularly – ideally every day. Learn about how to back up files.
- If you don’t use Microsoft Office macros, disable them. (Macros are small programs used to automate simple tasks in Microsoft Office documents but can be used maliciously – visit the Microsoft website for information on disabling macros in your version of Office).
- Stay informed on the latest threats – sign up for the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC's) Alert Service.
- Regularly check the software installed on your computer, tablet and other devices and uninstall any programs or software that is unused. If you see new programs or software that you did not agree to install, search the program name or ask your local computer repairer or retailer about the program, to see whether it is safe to use.
Prevent malware by installing applications securely
Malware is distributed in several ways:
- By spam email or messages (either as a link or an attachment)
- By malicious websites that attempt to install the malware when you visit, by exploiting weaknesses in your software
- By masquerading as a good application you download and install yourself. Some malware even pretends to be antivirus or security products.
Protect yourself by only installing the files you need and sourcing them from well known and legitimate app stores.
- Don’t download applications from third-party download sites.
- Don’t click on online ads to download applications and do use ad-blocking software.
- Don’t download and install applications from peer to peer networks – you never know who has changed the files.
- Don’t click on links in emails or instant messages, or execute attachments unless you are sure they are legitimate. Use a spam filter to protect yourself from malicious messages.
- Don’t install applications received from contacts, say via email or USB sticks, without scanning them with your antivirus application first.
Web shell malware
Malicious web shells are a type of software uploaded to a compromised web server that enable remote access to an attacker. While web shells may be benign, their use by cyber adversaries is becoming more frequent due to the increasing use of web-facing services by organisations across the world.
The Australian Signals Directorate and counterparts at the US National Security Agency (NSA) have for the first time jointly published new guidance on mitigating the threat of web shell malware.
Throughout 2019, a range of malicious cyber actors continued to target Australia and our international partners, conducting cyber operations that threatened national, economic and security interests in government and the private sector.
The advisory underscores the determination of both Australia and the United States to collaboratively combat malicious cyber activity and is the first product of its kind published jointly between ASD and NSA. ASD, for its part, has undertaken previous analysis and reporting on web shell use by malicious entities, including development of detection capabilities.
Web shell malware can facilitate cyber attackers' access to a network where they are able to execute arbitrary system commands, enumerate system information, steal data, install additional malicious software or use the infected server to pivot further into the network. Infected web servers can either be internet-facing or internal to the network, such as content management systems.
Due to the increasing use of web shells by adversaries to gain reliable access to compromised systems, ASD and NSA have jointly produced a Cybersecurity Information Sheet (CIS) to help computer network defenders detect, prevent and mitigate the use of this type of malware. This guidance will be useful for any network defenders responsible for maintaining web servers.
Malicious web shells may be difficult to detect through passive web monitoring because attackers are able to easily modify it or use encryption methods to hide their actions. Attackers can use their access servers as relay points to direct commands to other systems, while appearing as legitimate web traffic.
A web shell can be written in any language that the target web server supports. The most commonly observed web shells are written in languages that are widely supported, such as PHP and ASP. Perl, Ruby, Python and Unix shell scripts are also used.
The Detect and Prevent Web Shell Malware (PDF) advisory developed by ASD and NSA utilises a defence-in-depth approach to discover and disable hidden threats, relying on multiple detection capabilities to flag and mitigate problems.
NSA-ASD Cybersecurity Information: Detect and Prevent Web Shell Malware (PDF)
NSA News: Detect and prevent cyber attackers from exploiting web servers via web shell malware
Learn more about malware
There are many different types of malware but most are used to either steal your information, your computer’s resources or your money. This table lists some of the most common types of malware affecting people and businesses in the wild today.
|
Type |
What it does |
|
Trojans and backdoors |
Traditionally trojans were programs that appear to serve a useful purpose but do something malicious when run. Trojans may steal information, download additional malicious files or even provide a ‘backdoor’ into your computer for a hacker – allowing them to do almost anything they like. |
|
Ransomware |
Malware that makes your computer or files unusable until you pay a fee. Essentially extortion by malware. |
|
Keyloggers |
Logs every keystroke you make and then sends that information, including passwords, bank account numbers, and credit card numbers, to scammers for fraudulent use. |
|
Viruses and Worms |
Viruses are malicious programs that infect files, inserting themselves into the file’s code and then running whenever the file is used. Worms are standalone malicious programs that spread themselves from computer to computer. Similar to trojans, viruses and worms can have many different payloads – for example, they can steal your information, download and install other malicious files, delete your files or even send spam. |
The following signs may indicate there is malware on your computer:
- your web browser starts on a different homepage than normal
- your files are inaccessible
- random error messages appear, or
- new programs, toolbars and icons have been installed.
To check if your computer is infected run a full scan using your antivirus software and follow the instructions to remove it.
Read the UK NCSC guide on mitigating malware
Stay ahead of the latest cyber threats. Sign up for the ASD's ACSC's Alert Service, a free service to inform you of the latest cyber threats and how to manage them.
