Tag Archives: Malware

Malware: One of the Common Reasons of IT Disaster

August 3, 2015 Rob Mackle

There are different types of IT disasters. One of the reasons of downtime is substandard system strategies to defend against malicious software, which is widely known with its abbreviated word malware. It is designed to attack computer systems. Users are usually unaware of malware in their system. If effective strategies for data protection are not used, business discontinuity and data loss can result.

Initially, malware was just a gag and a risk-free prank; however, it changed into serious threats with the beginning of online banking, e-commerce, and the Internet. Malware are developed to achieve specific goals. For instance, key logger malware is just like a spyware that keeps the record of key strokes to get an idea of password, username and off the record information.

Malware Statistics
It is not possible to define how many times malware occurs. A security expert has exposed through an AV-Test report* that uncovering of malware is increased more than 72 percent in one year. Through this report, it is noted 390,000 malware are registered each and every day.**

Some of the malware have gained worldwide popularity, due to certain goals and functions. Trojan is considered as common malware that attacks on data security system. Appearance of Trojan is appealing and useful just like mythical Trojan horse. In reality, it is infectious trespasser that gives way to other threats to enter in the system.

Causes of Malware
There are many causes which give way to malicious software but most common of them is user blunders. Some of the causes are as follows:

Email Attachment – When email system is manipulated, viruses get way to spread quickly. Once malevolent attachment is opened by a user, it damages the system, and forwards to all in contact list. If data protection system is not enabled, such threats will spoil your business reputation.

Infected Websites – Another source of malware is friendly looking website. When such websites are clicked, thousands of ads on system screen pop up.

Outmoded Software – Usually users ignore software update request at regular intervals. For invincible data security system, it is obligatory to use patched software. Old software is more prone to security threats and susceptibility. Malware developers focus on un-patched software to get some way to exploit system. When industry compliance is involved, the cost of un-patched software can be a staggering amount.

Sharing of Files – Sharing of files is one of the great threats to secured data. Unchained right of entry is given to malware, which often results in identity theft, fraud and sluggish network.

Precautionary Measures

Update your Software – Enhance the security features of your system by continually updating software. Always use some security based software to fix such issues.

Do not Open Email Attachments – For data security, do not ever try to open an attachment when you do not know the sender. In case, the person is in your contact list, always confirm from the sender before opening the attachment.

Careful Web Surfing – Do not click on each link which has some shady news.

Malware is an alarming threat for small, medium, and large enterprise companies. When data protection features are updated and users are trained how to work online, data can be prevented from security threats.

* — http://www.digitaltrends.com/computing/pc-malware-rise-warn-security-firms/

** — https://www.av-test.org/en/statistics/malware/

Nasty! A Malware your Antivirus can’t Detect.

August 5, 2014 Kris Price

Well this is one way to ruin an IT Manager’s morning coffee, a new form of Malware has been discovered that wont be detected by standard antivirus.

An article published on the Register this morning details a rare form of malware that can steal data off a machine without installing any files. The malware is extremely difficult to detect as it will set up home within the computers registry, hence antivirus being unable to detect any suspicious looking files on an infected machine. Nice!

In a report Paul Rascagneres stated, “All activities are stored in the registry. No file is ever created. So, attackers are able to circumvent classic anti-malware file scan techniques with such an approach and are able to carry out any desired action when they reach the innermost layer of [a machine] even after a system re-boot. To prevent attacks like this, anti-virus solutions have to either catch the initial Word document before it is executed (if there is one), preferably before it reached the customer’s email inbox.”

Paul Rascagneres (@r00tbsd) has a reputation for ripping malware and bots to uncover and undermine black hat operations. Last year, Rascagneres won the Pwnie Award at Black Hat Las Vegas for tearing through the infrastructure of Chinese hacker group APT1.

The code has been spread, somewhat typically, through email. The mail, currently being sent under the guise of Canada Post and UPS tracking information, carries a Word Document containing the malicious code. Once opened, this then creates a hidden encoded autostart registry key, subsequently executing shellcode and a binary payload (this is the bit that allows any hacker access to a device).

Rascagneres added, “This trick prevents a lot of tools from processing this malicious entry at all and it could generate a lot of trouble for incident response teams during the analysis. The mechanism can be used to start any program on the infected system and this makes it very powerful.”

Iranian Authorities Prevents Data Loss After Virus Discovered

April 26, 2012

The Iranian authorities have managed to avoid a potential disastrous data loss by responding very quickly and efficiently to a virus that was discovered at an oil terminal.

The malware was first discovered on Sunday and forced the Iranian authorities to disconnect the main oil export terminal on Kharg Island which is in the Persian Gulf. The virus name has yet to be disclosed but it was a data deleing virus which could have had catastrophic consequences if it wasn�t found when it was done. The Iranian authorities acted decisively and therefore prevented the virus from spreading and therefore made the actions that were undertaken very effective in containing it. The Iranian authorities have confirmed this and stated that they had to disconnect the oil export terminal so prevent the virus from spreading.

Iran�s deputy oil minister, Hamdolah Mohammadnejad has confirmed the events and told the official IRNA news agency that the actions implemented stopped the virus from spreading and therefore limiting the impact it could have had.

Mohammadnejad stated, �We shut computers connected to these servers temporarily and fortunately we were able to stop its spread. Thus no information or data were harmed. We are investigating the causes of these cyber problems and in the next two to three days we hope the problems will be solved.”

As an investigation is underway, David Harley who is a senior researcher at the anti-virus company ESET stated, �”At present, it is difficult to say exactly how the virus was able to infiltrate Iran�s systems. Iran�s computing environments are a little unusual, in that there are no legitimate channels for directly supplying and maintaining standard operating systems and apps. This may result in greater than usual exposure to all kinds of exploits.”

This case does prove that as long as decisive and calculated actions are taken when a threat such as a virus is found, data loss can be minimal or prevented all together. It is important that effective plans are in place alongside an effective security system and to ensure that everyone knows what they are meant to do in such an occasion.

Mobile Malware: Is Your Company Protected?

March 27, 2012

The reliance on mobile devices is being hugely preyed upon by cyber criminals. As the Cloud becomes more prevalent in offering new models for growth, data protection is complicated.

Mobile device vulnerabilities were at the forefront of the annual �IBM X-Force Trend and Risk Report.�

This report examined data from more than 4,000 clients across their customer base. One of the main findings was that mobile devices are becoming a huge target for malware which uses application vehicles widely replied upon.

�Seventy thousand new malware strains are detected every day and 54% of employees use their own mobile devices for business purposes,� stated Campbell-Young, CEO at Phoenix Software. However the issue is that attacks on mobile devices are not only more frequent but also much more difficult to detect than ever.

�it�s not nearly as prevalent as attacks against traditional workstations, but it�s growing and it�s a problem that people need to start taking seriously,� stated Tom Cross, co-author of the report.

The general consensus is that a fair level of awareness exists at the top level however there is a great need to educate wider users. This is especially the case as mobile progressively transitions from the consumer market into business.

�New technologies are constantly being created that produce new challenges for IT security professionals,� Cross continued.

�Smartphones and the mobile malware threat they present are the biggest risk both businesses and consumers face today. Malware targeting of the Android operating system has increased by 400%, and 85% of smart phone users are not employing an anti-virus solution to scan for malware,� said Campbell�Young.

�Sure, employees are checking Facebook on their lunch break, but they�re also using social tools to answer customer calls, collaborate with colleaugues and partners, and seek user input for new product innovations� he continued.

Juniper found a 155% increase worldwide in mobile malware across all mobile devices. �The rapid growth in mobile malware combined with ongoing concerns about lost and stolen devices illustrated just how important of an issue mobile security is � and that is an issue that affects everyone, not just corporations� says Dan Hoffman at Juniper.

Mobile security is something that everyone from the top down should be aware of. With so much malware cropping up everyday it is important that organisations stay up to date.

Businesses at risk from updated data harvesting malware

October 13, 2010

Security experts have discovered that a new strain of the Bugat malware has been developed by cybercriminals to target small and medium sized businesses with data theft attacks that can leave them exposed to financial fraud.

Bugat was originally unearthed in early 2010 and was noteworthy for its similarity to the ZeuS botnet tools. However, thanks to swift action by security firms, it was neutralised before it could get a foothold.

Now it seems that criminals have revived Bugat but altered its coding so that it is much harder to detect its presence and neutralise its effects. The result is a serious threat to businesses and Trusteer has even found links between the malware and the recent spate of attacks against users of business-based social networking site LinkedIn.

If the Bugat malware makes its way onto a computer it is able to burrow into any web browser programs, including Internet Explorer and Firefox. From here it will monitor the browsing habits and then harvest data whenever the user accesses their online banking service, passing on this extremely sensitive and valuable information to be used in defrauding firms.

Trusteer believes that significant losses could result from this new form of the Bugat malware. It also says that the chance of infection is three times higher for businesses based in the US, but warns that European businesses should still remain vigilant in order to keep completely out of harm’s way.

Trusteer’s Mickey Boodaei said that by altering and ameliorating the capabilities of malware such as Bugat and ZeuS, the cybercriminal factions are becoming better at evading the protection offered by security software.

Mr Boodaei even went as far as to call the battle with criminals an ‘arms race’ and said that the latest tactics seemed to suggest that many are abandoning the use of mainstream, well known malware, in favour of more uncommon variants, which gives them a higher chance of successs.

The data harvesting carried out by various botnets and malware programs is seen as a serious issue by most and businesses are advised to keep their security software up to date in order to stand the best chance of avoiding infection.