Category: Malicious Software

January 18, 2023

Rubber Ducking

A USB drive (also called USB thumb drive or USB stick) may look innocuous but may contain malware and if you are tricked into attaching it to your computer then that malware will attack your computer.

This scam was invented around 2010 with a hacker selling rubber duck USB drives and there has recently been an upgrade to the methods it uses.

These cost around $50 each so you wont find thousands of them spread around. Instead, they are typically used to target high value individuals.

The rubber duck typically uses pop up login boxes to capture the targets credentials, but it can search for confidential information, financial details etc.

Also, some are setup to be able to infect windows devices, Apple devices and others by determining the operating system of the device and adjusting accordingly.

If you are offered a free USB drive or someone asks to plug one into your device, think twice on how much you trust them and understand that if the device infects your computer you’re unlikely to notice any difference until it’s too late and your bank account has been emptied.

If you have any experiences with these scams do let me know, by email.

February 17, 2021

Zeus Malware

Zeus Virus or Zeus Trojan malware (also called Zbot) is a form of malicious software that targets computers running Microsoft Windows, although some versions have been created for other devices and operating systems. It is most commonly used for trying to steal financial data.

It was first detected in 2007 and has infected millions of computers across the world.

The creator of Zeus malware published source code in 2011, which made it possible for many other criminals to create their own versions.

How Zeus Works

Step1. It creates a botnet – this is a network of infected computers that are secretly controlled by a Zeus command server.

Step 2. The controlled computers then send information to the command server which can collate that for the criminals or can carry out various types of attacks on those computers.

Step 3. Zeus can also steal banking credentials from the machines it infects, by means of keylogging and other methods.

Zeus infects computers typically be means of

Spam emails
Social media campaigns
Drive-by website downloads

How to Protect Against Zeus Malware

The means of protection are basically the same as against malware generally, including:

Up to date anti-virus and anti-malware
Regular backups of all important information and data
Use of strong passwords
All software updated as specified by the supplier
Consider the use of two factor authentication where appropriate

If you have any experiences with these scams do let me know, by email.

September 10, 2020

File Type Malware

Scammers send all sorts of messages with attachments and those attachments can contain malware.

Everyone should know that’s it’s potentially dangerous to run a programme supplied by an unknown person or company without being able to verify it is safe, but the scammers attach all sorts of file types in their messages in the hope of coning you into opening them.

Numerous file types can be used by scammers to infect your devices, including-

Compressed files. Most commonly compressed into TAR or gzip format but any other compression can be equally dangerous as the scammer attempts to get around malware scanners.
Microsoft Office documents containing macros
Executable programmes in any computer language e.g. javascript
PDF files
Disk images in ISO or IMG formats
Web pages – asp, html, php etc.
Scripting languages e.g. shell

There are many more less commonly used file types that scammers also try to send out.

Make sure you have up to date anti-malware on your devices and if warned that a file may be unsafe to open – do not take risks.

If you have any experiences with phishing scams do let me know, by email.

March 13, 2019

What is Scareware?

Scareware is a form of online fraud that threatens the user in order to force them into paying to prevent release of sensitive information or private videos or confidential business information or to stop a virus attack etc.

Scareware is similar to software that damages your PC or accesses confidential information but does not do what is threatened – it is just an empty threat.

The scareware may be a pop-up on a website to warn of a virus attack or may be a threatening email pushing you to pay for software you don’t need or a message demanding you make payment to prevent confidential information being released.

This is called scareware, as it’s aim is to scare the user into doing something the scammer wants them to do that is against their own interest. It is often a matter of luck whether the scammer hits upon something by accident that the user may believe sufficiently that they make a payment.

The name scareware can also apply to software that makes exaggerated claims about potential damage. E.g. Registry cleaner software that claims your PC cannot run properly unless the registry is cleaned of all errors. This is not true.

Sometimes the pop-up messages are designed to look to look as if from one of the most popular anti virus or malware products or a major company such as Microsoft.

Can you identify Scareware?

Experts can tell the difference between scareware and genuine malware but for the rest of us it can be difficult.

You can do the following if you are attacked

If the threat is that your device has a virus or other malware then close the browser (Alt-F4 usually works) or close the email programme.
Shut downthe device and reboot it.
Run anti-virus and anti-malware sweeps of the device.
If the results are clear then you should be safe and it was an empty threat, but if a problem is found then you many need a computer professional to sort it out for you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 2, 2017

PDFs Are Not as Safe As You Think

We are all used to having to be careful opening certain emails, zipped files, WORD, EXCEL and other types of files in case they contain some kind of malware – virus, ransomware, Trojan etc.

But most people feel safe opening PDF documents.

However, scammers are using PDFs more and more as attachments in email or malicious downloads on websites.

PDFs can contain javascript programming which can have malicious intent and they can contain links which of course could go to any website.

Microsoft Malware Protection Center released a list of PDF filenames that are commonly used in malicious emails and websites. Scammers keep making new names of course.

pdf_new.pdf
auhtjseubpazbo5.pdf
avjudtcobzimxnj2.pdf
pricelist.pdf
couple_saying_lucky.pdf
5661f.pdf 7927
9fbe0.pdf 7065
pdf_old.pdf

Q. How can you protect yourself against malicious content?

Most of the PDF exploits use Javascript so if you disable that then a large part of the problem is blocked.

However, common sense goes a long way in protecting you.

Do not open an email or download anything that is sent to you by someone you don’t know
Make sure your email settings are on high protection and your anti-virus and anti-malware programmes are working
If there’s a file on email you really want to open but aren’t sure then save it and then scan it (usually you right mouse click and select scan – depending on which anti-malware solutions you use)

Of course, you should run regular scans of your computer to ensure no malware has been installed.

How to Turn Off Javascript in PDFs

If you use a programme other than ADOBE for opening PDFs then you’ll need to check how to disable Javascript. If you use ADOBE then see below:-

Start Acrobat or ADOBE
Select EDIT then PREFERENCES
Select the Javascript category
Uncheck the Enable Acrobat Javascript option
Save and exit

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

June 15, 2017

Mobile Device Malware “Judy”

The Korean company Kikiwini published 41 Android APPS under the name ENISTUDIO Corp.

These could have infected up to 36.5 million Android devices by hidden malware that produced fake advert clicks.

Security firm Check Point identified these apps and realised these infected devices could be used to generate large amounts of fraudulent clicks on advertisements, generating revenues for the creators of the malware.

The malware was dubbed “Judy” by Check Point after the title character in Kiniwini’s apps. Chef Judy: Picnic Lunch Maker, for example, encourages players to “create delicious food with Judy

Google removed the apps from Google Play once it had informed of the problem.

How does Judy infect your device?

Hackers create a harmless app that can get around Google’s security screening and it is added to the app store.

Once it has been downloaded by users, it silently registers with the makers servers for update. That update is not just latest software, content and adverts etc. It contains the code and list of web addresses. The APP then opens a browser window and starts to make clicks on the listed websites on the selected adverts. These clicks are registered by networks such as Google Ads and in time will produce payments to the makers.

This kind of cheating has been used in the past but this is one of the worst such examples and it circumvents Google APP security which they will not be pleased about.

Kiniwini also develop APPS for Apple devices but so far there are no reports of problems with those APPS.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.