Suspicious software: how to spot legitimate downloads from malicious downloads

In the realm of online security, one major threat that every institution and person should be wary of is the threat of downloading malware that is presented to look legitimate. This attack vector of using malware to look (and often even act) like wanted software is common enough to even have a name – this type of malware is known as a Trojan. Oftentimes, incidents involving Trojans underscore how skilled hackers can be at presenting their software as the correct software for installation, and without the right knowledge, it can often be hard to distinguish what is the difference between wanted and unwanted software. This blog aims to give some easy ways to protect against unwanted software.

There are a few factors and red flags to be aware of, when downloading software.

• Sponsored search results do not always mean safe search results: It is commonly believed that sponsored search results will be safer than any other search result. However, cybercriminals often invest in those spots to give their code a stronger veneer of legitimacy; sponsored results, therefore, should be treated with the same caution as any other result. For example, shown in here is a malicious sponsored add for software called Trello:

• There may be misleading download buttons on web pages: When downloading software, it can be the case that there seem to be multiple download buttons, each of which leads to a different download. This is a red flag, that should lead to questioning the veracity of the site.
• The importance of checking the URL for authenticity: A URL can provide clues about the legitimacy of a site. Be wary that the URL does not contain misspellings of well-known sites (such as appl.com instead of apple.com), or that use uncommon top-level domains (instead of the usual .com, .co.uk, etc.). Cybercriminals often use misspelt URLs to host their malicious code.
• There can be unprofessional website design and poor grammar: Legitimate companies will put effort into maintaining a professional and polished website. If a site contains spelling mistakes and poor grammar, it could very easily be a site designed to distribute malicious software. However, many malicious sites maintain a professional veneer, too.
• Unrealistic promises or too-good-to-be-true offers: If you find a site that promises a piece of software for a severely reduced price than elsewhere, or that has amazing features for a low cost or free, it’s worth investigating further. Hackers often try to entice you to download their software by creating very enticing offers that would be impossible to match elsewhere.

On top of this, there are easy ways to minimize the risks involved in downloading third party software, above and beyond having a vigilant eye. The following steps will help you defend against any Trojan viruses:

• Download software directly from the official source where possible: Whenever possible, download any software you need from the official sources and vendors (such as downloading Microsoft Office from the official Microsoft page, for example). You can download a lot of software from the UCL software database: https://swdb.ucl.ac.uk/.
• Research the software through reputable sites: Before downloading any software, be sure to research it on reputable technology review sites and forums. These platforms often can help you decide on what software is best to use, and help you avoid bogus software.

By keeping these points in mind, you will be able to decrease the risk in your online life, and keep your devices secure.