Tag: malware trends

Emerging Malware Trends: Ransomware

The mutation of malware is happening very rapidly where new types of techniques are evolving to raise money for hackers. Ransomware is a mutation of scareware, where the hacker hijacks a PC by encrypting all its files and demands ransom to unlock or decrypt the files. The infected PC may not send spam mails or track sensitive information for its creator. It is worse than that.

The ransomware came into radar screen of security researchers in 2009, where a Vundo Trojan is found to encrypt all personal files and the users are asked to pay for the key to decrypt them. The earliest form of scareware just used to make people pay for useless software and fake antivirus. The hackers were able to make it sophisticated enough to hold a PC for ransom. Apart from encryption, the ransomware might just block access to all the applications of the system, asking the user to buy a license in order to fix the problem. The hacker might even entice with a 30-day-money-back guarantee message, which is false.

Techniques used to install Ransomware:
Ransomware is just one kind of malware. So all the methods been used to install it in your PC are similar to that of any virus or trojan infection. However, the actual talent of the hacker lies in making the victim to pay the ransom. Heavy techniques of social engineering are used here. The following are a few techniques used by hackers of ransomware:

  • Spam emails with malicious files. The malicious files contain code that exploits the vulnerabilities in the software applications. The code then takes control of the PC denying the access to applications and files.
  • The exploitation of the vulnerabilities in browser due to opening malicious web pages. Then an in-line adult advertisement, is shown in every web page the user opens. It covers main part of the web page which the user can’t get rid off. The text written on the banner will be in a foreign language. The user is also asked to send SMS to a premium rate phone number, to get special code that will make the ad disappear and also receive access to an archive of explicit videos.
  • The user visiting a spoofed site may suddenly see a message that his PC is infected and to download a tool to get rid off it. The downloaded file actually contains ransomware.
  • A malicious .dll file is smuggled into the PC, which manipulates the working of parental controls or Web content filtering features of the PC. When the user tries to open even legitimate sites like Youtube, Facebook, etc from browser, a message in red background is displayed saying: “Restricted Site! This web site is restricted based on your security preferences. Your system is infected. Please activate your antivirus software.” The domains will be allowed to access only of the user purchases a fake AV from the hacker.
  • Another technique includes manipulation of the master boot record, preventing the booting into operating system. A message is displayed saying that the access to the PC is blocked and the user is asked to visit a site. In the site, he will be asked to pay for getting back access to the PC. However, in such cases, the user can just bypass the prompt and restore the master boot record. Rescue disks are very much helpful in these cases.
  • An Instant messaging worm is found to block access to the Facebook account in the infected PC. The message looks as if Facebook itself has blocked the account. The victim is asked to complete answers for a survey within a short period of time. Amid of the survey the victim is tricked to subscribe premium rate services on their mobile phones.
  • Adult websites are main hub for the malware downloads. For example, a piece of ransomware identified as WORM_RIXBOT.A, was downloaded over 137,000 times from a single adult website, in December alone. This worm prevents users from accessing their desktops and asks them to send a text message to a premium number in order to receive unlock code.
  • The recent Japan earthquake also triggered few ransomware infections. The emails sent to the users contain links to fake news articles from where the malware installs in the PC. Then the access to the desktop is seized with a message claiming to be from Federal police saying that some illegal activities are discovered on PC and pay some fine within the given time of they don’t want their hard drive erased.
  • The recent technique of ransomware involves display of a windows reactivation message. The victim is given a toll-free phone number for getting the reactivation code. However, the call will not be free and the hacker is paid indirectly from the victim’s pocket.

In most of the above instances, the files on the hard drive are encrypted. For decrypting the files, a private key is required from the hacker. In such cases, the users must plug off their PC, immediately after seeing the encryption message to stop further encryption of files. This makes sure to save at least some amount of data from getting encrypted. The hard drive should then be removed and installed as a secondary drive in another PC to copy unaffected files into some other storage device. Regular backups are key here to minimize the impact. The encryption can then be cracked down with the help of some security expert.

Emerging Malware Trends: Smartphone Malware

Ever since the mobile phones have included web browsing technologies, they were a major hit among users. The latest smartphones have even put mobile users a step ahead with exclusive features like online shopping, downloading, video streaming, social networking, mobile applications, email, and even document editing and sharing.

Recently, a report (by Conductor) said that smartphone ownership increased roughly 58% during the year 2010 (from 17% in 2009 to nearly 27% in 2010). The 2010 holiday shopping saw a 300% increase from mobile users (to 5 high-traffic e-commerce sites). It has even reached to the point that mobile email usage rises while web-based email declines (according to comScore). There are now more than 7 million mobile internet users in the UK according to Nielsen. That compares with more than 40 million in the US. Social networking is also big and growing at higher pace in mobile segment. According to comscore, nearly 58 million mobile subscribers accessed a social networking site at least monthly via mobile device as of December 2010.

Now you see the size of this segment of users, connected to Internet. No doubt it is attracting more and more marketers towards mobile marketing, but is it just marketers who are getting attracted?

We now see a new trend in malware, emerging – the smartphone malware. In fact it has already grown to a frightening level. Cyber criminals are now targeting smartphone users with new malware. After-all it is on operating systems that smartphones run on; and the more the features, the increased are the vulnerabilities. Moreover, you can’t deal with unwanted files and folders or afford installing a security solution easily in a smartphone, like in case of a computer. In the present scenario it is not easy prevent, check for or get rid of malware in your smartphones. You connect yourselves to Internet (which is a wild-west today) with these vulnerabilities, thereby increasing the chances of your mobile being affected.

A recent report from McAfee shows that mobile malware threats increased by 46% in 2010, from the year before. The Zeus genre Trojan Zitmo (Zeus In The Mobile) is on the stands for the smartphone users. This was created on basis of an old spyware commercial package but is very potent in terms of cyber crime activities. Android/Gemini, created for Google Android users, is another such malware inserted into legitimate mobile applications and games and is often spread to infect.

Many popular companies like Kaspersky, Symantec, McAfee, Eset have already evolved with mobile security solutions. Even the updates of virus definitions are available regularly. The installation is little complex to handle for non-tech savvy people. Must say that the security solutions for mobile segment are not as rapid in terms of evolution as it is in case of malware. Lack of awareness on malware and security solutions is the major weakness among smartphone users and helping attackers to exploit smartphones much easily.

So, if you think using smartphone for accessing Internet, emails and downloading applications is cool, beware of the threat lurking in and make it a point to install a suitable security solution. And if you are planning to buy one, you must consider the feasibility of installing a security solution in it.

(more…)