Dealing with Malware
Challenges such as spam, malware, and viruses, can wreak havoc on business. We respect that our customers count on us for mission-critical tasks, and security is key to the solution we offer. While DocuSign has a robust set of controls to ensure world-class security, we urge our customers and non-customers to take action to help ensure the internet is safe for all. Trust is an essential component of what we do.
What is malware?
Malware is short for “malicious software”, an umbrella term for describing viruses, worms, Trojans, spyware, ransomware, dishonest adware, rootkits and other unwanted or harmful computer software. These types of computer programs are designed to reduce your productivity; cause damage to your computer, server or network; or steal information that can be used to access highly sensitive accounts, either business or personal.
Why does it exist?
There are two common reasons why malware is created: fun and profit. Some people are just out to cause a little mayhem, like turning the image on your computer screen upside down. However, your information has value—and to us at DocuSign, spam, malware and viruses are anything but fun. The more dangerous malware comes from those who are looking for information they can use or sell: passwords to access your financial information, your identity, or access to business data, such as credit card numbers—just about any sensitive data is sensitive because of its value. The creators of malware seek quick, easy—and illegal—gains.
What are some examples of malware?
Malware can be hidden in popular sites and items for which people may be searching. Billie Eilish wins numerous Grammy awards and suddenly people want to know more about her and her music. Numerous searches will come up with content that is infected with malware. The same has been found in Kobe Bryant and Coronavirus sites and information.
Malware can be hidden within Trojans embedded in text messages, as attachments or links in emails, within apps for mobile devices, on websites, via fake updates to IoT devices, and more.
How can you prevent malware?
To help prevent malware, you should ensure that you have anti-malware/antivirus software installed on your laptop and always keep it up-to-date. You can run periodic scans that can run on a regular schedule and overnight so that it doesn’t interrupt your computing time.
Additionally, be sure to keep your operating system and software up-to-date. Patches and updates will be provided by developers to fix leaks and vulnerabilities.
Be sure to use secured networks, which includes taking necessary precautions to protect your home network, including creating a strong password to gain access.
Use caution with clicking on offers, on links in emails, or downloading items. Hover over links to see where you are actually taken. See something you want? Visit the site of that actual product, app, software or deal and, verify it really exists and learn more. Be sure to use strong and unique passwords across your various logins, enable MFA (multi-factor authentication) where it’s available, and protect your information from social engineering attempts.
How can you detect and remove malware?
Doing all of the above will provide you with protections that prevent malware from infecting your devices. You may notice that your computer has become sluggish, that you are getting a lot of pop-ups, that new toolbar items or icons may appear on your browsers, you keep getting redirected to other webpages, unusual messages, more crashes, or other indications that things are not normal. All of these could be signs of malware.
If you find any of the above, verify that your anti-virus/anti-malware software is still enabled and working, that your firewalls are enabled, and run a scan. If needed, you may want to disconnect from the internet, restart in safe mode with all software closed, clear the cache from your browsers, and rescan. If it appears to still be infected, it may require a wipe of your harddrive and reinstall of your operating system.
What do we do about it when we see it?
At DocuSign, we take malware extremely seriously. Whenever we encounter malware, we immediately register the problem with antivirus companies, who then add it to their lists of scans. The sooner this happens, the more quickly the spread and resulting damage of the virus can be minimized. In addition, because the creation of malware is illegal, we contact the FBI to report the incident and partner with their cyber security team to track down the perpetrator. When we trace the incident, we contact the people who manage the offending servers and have them shut down immediately.
What should you do if you think you’ve received an infected email?
- DO NOT OPEN any files or executable attachments
- Immediately DELETE the malicious email
- Ensure your anti-virus software is enabled and up to date
For additional steps, contact your anti-virus software company of choice or your company’s IT department.
While malware and viruses can be complicated and tricky, I hope this quick overview helps you understand the problem, identify malware early and kill/report it. In fact, help us clean up the Internet by turning in malicious actors as soon as you come across them. Here are links to submit malware to McAfee and Microsoft.