Tag Archives: Malware and Virus Protection

Posted on Author Atlantic Computer Services Categories Blog

Malware Now Hiding Inside Fake Copies Of Online Books

Kaspersky Lab has recently issued a warning that should alarm and dismay students around the world.  Based on the findings of some of the company’s researchers, they’ve discovered a new surge in malware masquerading as legitimate digital textbooks. Given the staggering price of physical textbooks, many students have changed to acquiring digital copies of the books they need.

While the price difference is considerable between the digital and physical copies, penny-pinching students often shop for the best deals possible on the digital copies of the books they’re buying.  Unfortunately, a disturbing percentage of bargain-priced texts are poisoned and used to infect the devices of the students downloading them with a variety of malicious payloads.

Based on Kaspersky’s research, there were in excess of 365,000 attacks last year that relied on malicious documents with educational-related filenames.  Of those, 233,000 of the cases involved poisoned documents downloaded by more than 74,000 people and blocked by the company’s software.

According to a Kaspersky spokesperson, about a third of those files were malware disguised as textbooks, and more than 30,000 users attempted to open them.

The company was able to block an impressive percentage of those types of attacks. However, based on their own numbers, that still means that more than 132,000 infection attempts were successful.  While the attacks were made using a staggering array of malware, the most commonly employed were identified as:

  • MediaGet
  • Agent.gen & Win32.Agent.ifdx
  • The Stalk worm

Of the ‘Big Three,’ the MediaGet downloader is the least harmful, designed to simply download an unnecessary torrent client.  Unfortunately, the other two downloaders, WinLNK.Agent.gen and Win32.Agent.ifdx are capable of dropping all manner of nasty malware onto an infected device.

Stalk is different from these others, being classified as a worm.  Its main goal in life is to spread itself to as many machines as it can and will merrily mail and text itself to the entire contacts list on any infected machine.

The bottom line from Kaspersky is simply this:  Bargain priced digital texts very often have a high hidden cost.  It pays to be wary.

0
Posted on Author Atlantic Computer Services Categories Blog

Popular PDF Creator App Found To Have Malware

Do you use the PDF Creator App called CamScanner?  If you do, you’ve got plenty of company.  Since the app was first published in 2010, it has been downloaded more than a hundred million times.

Unfortunately, Google recently pulled it from the Play store when they discovered that it began delivering malware to user devices.

For much of the app’s life, its creators, Shanghai-based CC Intelligence, have relied on ads and in-app purchases to generate revenue from the app.  That shifted in recent months, and Kaspersky Lab discovered that recent versions of the app introduced a new library that contained a Trojan designed to deliver malware to Android devices.

According to a spokesperson at Kaspersky, the “malicious code may show intrusive ads and sign users up for paid subscriptions.”  Granted, this isn’t as bad as it could be, because intrusive ads are more of an annoyance than a genuine threat. However, the issue of unwanted paid subscriptions is a bit more worrisome.

Even so, based on their investigation into the matter, Kaspersky concluded that it was probable that this is simply a case of the developer accidentally using a malicious ad library.  It seems unlikely that they’d run the risk of ruining a reputation that’s been nearly a decade in the making. This conclusion is underscored by the fact that the developers have removed the offending library from the most recent build of their app.

Unfortunately, this kind of thing is all too common.  There are a disturbing number of instances where legitimate apps have been found to be using poisoned libraries, so in that regard, CamScanner is as much a victim as the users who wound up with paid subscriptions.

Even so, kudos to Kaspersky, Google and CC Intelligence for swift, decisive action. If you use the app and have been noticing intrusive ads, be sure to upgrade to the latest version as soon as possible.

0
Posted on Author Atlantic Computer Services Categories Blog

New Adware Uses Interesting Technique To Avoid Detection

Being more of a nuisance than anything, adware doesn’t see as many innovations as other forms of malware. Once in a while, an adware developer surprises the security researchers.

That happened recently when two researchers working for enSilo discovered an innovation in an adware strain, known as DealPly.

As Adi Zeligson and Rotem Kerner indicated in a recent blog post, DealPly has some interesting features bolted on, which make it much more adept than most other forms of adware at avoiding detection by antivirus programs.

The adware is typically installed on a target’s machine by being bundled with a legitimate app.  Once it’s installed, it will add itself to the Windows Task Scheduler and run every hour.  Each time it runs, it will contact its command and control server and request instructions.

Here’s where things get interesting. DealPly was designed modularly and makes use of Virtual Machine Detection and Machine Fingerprinting techniques.

Microsoft SmartScreen is one of two major systems used to verify the risk of files and web addresses.  It’s updated regularly with newly blacklisted sites.  Naturally, malware authors find this to be a problem because it only gives them a limited window of time before their code and malicious URLs wind up on the list.

DealPlay, however, contains code that seems to be based on a reverse-engineering of Microsoft SmartScreen. When it contacts its command and control server, it requests a list of hashes and URLs to query using the SmartScreen reputation server. Once it has its list of queries to make, it will send a JSON request to the SmartScreen API to see if the server will respond with any of the following:

  • UNKN Unknown URL/File
  • MLWR Malware related URL/File
  • PHSH Phishing related URL/File

Essentially, this query allows DealPly to know whether it has been blacklisted.  If so, the software enters an idled state until it can be updated.  This allows DealPly’s developers a something close to real-time mechanism to know when they need to update their code, allowing them to stay ahead of the curve.  Very clever.  Very clever indeed, and troubling to IT staff everywhere.  We can expect this technique to be copied by other malware developers, worldwide.

0
Posted on Author Atlantic Computer Services Categories Blog

Fast Food Chain Hit By Malware And Data Breach

Do you have a Checkers or Rally’s fast food location near you?  Is it your go-to fast food joint?  If so, be advised that they’re the latest company to fall victim to a hacking attack.

The company recently discovered evidence of malware on its payment processing systems in a total of 102 of the company’s stores, which amounts to about 15 percent of their total locations.

Checkers and Rally’s official statement about the matter reads, in part, as follows:

“We are working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders.  We encourage you to review your account statement and contact your financial institution or card issuer immediately if you identify an unauthorized charge on your card.  The payment card brands’ policies provide that cardholders have zero liability for unauthorized charges that are reported in a timely manner.”

Although the company only recently discovered the malware, it had been in place for quite some time. The earliest installation occurred in mid-2017 and the bulk of the infections occurred between early 2018 and 2019.  The company also notes that only customers who paid for meals using credit or debit cards at infected locations have been impacted.

The malware has been removed and as the company’s statement indicates, the investigation is ongoing.  You can read the full details about the incident on the Checkers and Rally’s website.  The main thing to do at this point is to monitor your credit or debit card statements closely if you used a card to pay for purchases at the fast food chain during the period of infection.

Stay vigilant.  This won’t be the last successful hacking attack we hear about in 2019.  Unfortunately, it won’t be long before we have another report of this kind to make.

0
Posted on Author Atlantic Computer Services Categories Blog

Latest Windows 7 Update Could Cause AntiVirus Program Issues

If you’re still using Windows 7, you probably already know that Microsoft recently threw users of some of it’s older operating systems a bone when they issued a rare, emergency security patch designed to better protect their systems. Unfortunately, there’s a problem. According to the UK security firm Sophos, and backed up by sporadic user reports, installing the new patch creates conflicts on startup with a number of antivirus programs.

This is causing some systems to freeze on restart, getting stuck  at about 30 percent into the configuration process.

Microsoft has acknowledged the issue in a bulletin, which expands on Sophos’ findings. The bulletin revealed that what the company is describing as a “glitch” also impacts Windows Server 2008 R2 users and the patch causes problems for users who have McAfee Endpoint Security Threat Prevention 10.x, McAfee VirusScan Enterprise 8.8, and McAfee Host Intrusion Prevention 8.0.

Sophos reports that they’re working with Microsoft to resolve the issue, but to this point, no time frame for resolution has been given. Although at present, the company has not listed the problem as a known issue on their site.

This puts Windows 7 and Windows Server 2008 R2 users in a tricky spot.  The recent security patch is critical. It closes the door on a wide range of high severity security issues, making it much more difficult for hackers to gain unauthorized access.  On the other hand, if it doesn’t work with the antivirus programs you’re using, installing it might give you pause.

Microsoft has offered no guidance on this point, so each business owner and department manager will have to weigh the risks and proceed accordingly.  Just know that the company is actively working to resolve the issue, and when they do, you’ll have at least a bit more protection. Although again, if you haven’t already begun making plans to migrate away from your older operating system, the time is now.

 

0
1 40 41 42 43