If you use a computer, you need to be aware of the threats that can harm your device and your security. Two common types of threats are malware and potentially unwanted programs (PUPs). In this post, we will explain what they are, how they differ, and how to avoid them. 

Malware

Malware is a term that stands for malicious software. It is any software that infects your computer without your consent. Malware can have various harmful effects, such as: 

– Stealing your personal information, such as passwords, bank details, or identity documents. 

– Locking your device and demanding a ransom to unlock it. This is called ransomware. 

– Using your device to send spam emails or perform cyberattacks. This is called a botnet. 

– Downloading more malware or other unwanted software onto your device. 

Malware aims to deceive you or make money from you. It may disguise itself as a legitimate program or hide in the background. You may get malware from clicking on suspicious links, opening infected attachments, or visiting malicious websites. 

Potentially Unwanted Programs

PUPs are different from malware in some ways. PUP stands for potentially unwanted program. It is any software that you agree to install, but you may not want it. PUPs often come with other software that you download from the internet. They may be hidden in the end-user license agreement (EULA) that you accept without reading. PUPs can have various annoying effects, such as: 

– Cluttering your browser with toolbars, extensions, or pop-ups. 

– Tracking your web browsing habits and selling them to advertisers. 

– Showing you more ads than usual or redirecting you to unwanted websites. 

– Slowing down your device or consuming your bandwidth. 

PUPs do not benefit you in any way. They may not be illegal, but they are unethical. They may also expose you to more malware or security risks. You may get PUPs from downloading free software, clicking on fake download buttons, or not paying attention to the installation options. 

How can you defend against Malware and Potentially Unwanted Programs

The main difference between malware and PUPs is that malware infects your computer without your permission, while PUPs trick you into installing them. However, both types of software can harm your computer or compromise your security. Therefore, you need to protect yourself from them by following these tips: 

– Use a reputable antivirus program and keep it updated. 

– Scan your device regularly and remove any suspicious software. 

– Avoid clicking on links or attachments from unknown sources. 

– Read the EULA carefully before installing any software. 

– Choose custom installation options and uncheck any unwanted programs. 

– Use a pop-up blocker and an ad blocker on your browser. 

How do you detect Malware & PUPs

To detect malware and PUPs separately, you need to write SIEM rules that look for different indicators of compromise (IOCs). For example, some common IOCs for malware are:

  • Suspicious network connections to known malicious domains or IP addresses
  • Unusual file modifications or deletions
  • Unexpected changes in registry keys or system settings
  • High CPU or memory usage by unknown processes

Some common IOCs for PUPs are:

  • Presence of unwanted browser toolbars or extensions
  • Pop-up ads or redirects to unwanted websites
  • Installation of unwanted software without user consent
  • Changes in browser homepage or search engine

You can use these IOCs to create rules that alert you when malware or PUPs are detected on your network. For example, a rule for malware detection could be:

IF (source_ip = “x.x.x.x” AND destination_ip IN [“malicious.com”, “y.y.y.y”]) OR (file_name = “MyRansomware.exe” AND file_action = “create”) THEN
ALERT (“Malware detected on xy.xy.xy.xy”)

A SIEM rule for PUP detection could be:

IF (browser_extension_name = “MySearchToolbar” AND browser_extension_action = “install”) OR (pop_up_url = “ads.com”) THEN
ALERT (“PUP detected on xy.xy.xy.xy”)

These are just examples of rules that you can customize according to your needs and environment. The key is to identify the IOCs that are specific to malware and PUPs and use them to create rules that help you protect your network.

By following these tips, you can keep your computer safe from malware and PUPs. Remember, prevention is better than cure! 

ToxicSatsuma2018