The Hidden Dangers of the GlassRAT Trojan

Security, Uncategorized, ,
13
Jan 2016

glassrat trojan

We all know that trojan viruses are the masters of stealth when infecting systems, but the GlassRAT Trojan may just be the stealthiest trojan yet.

We’re constantly advised to be on our guard against ‘zero day vulnerabilities’ which are brand new viruses that attack software before the vendor is aware of a breach. However, what many of us aren’t aware of is the threat of zero detection malware threats.

In the case of the GlassRAT Trojan, it’s been stealthily operating since 2012, so that’s over three years of security carnage it’s been able to quietly carry out. Obviously, this new form of security threat is something you need to be aware of, so let’s take a look at it.

What is GlassRAT?

The GlassRAT Trojan appears to be undetectable by most antivirus programs and this is due to it being signed with a seemingly legit digital certificate. However, the digital certificate is far from legit as it looks as though it’s been ‘borrowed’ from a separate Chinese software company.

The Trojan seems to have been targeting Chinese nationals working at multinational companies and infiltrates security systems with its digital certificate. The ‘dropper’, which delivers the Trojan via a fake Flash installation, erases itself from the system once it has installed its malware.

The malware is then clever enough to avoid detection by standard security scans and proceeds to carry out the following cybercrimes:

  • Transfer unauthorized files
  • Steal data
  • Transmit information about the victim’s system

Given that GlassRAT has been operating for three years without trace it represents a significant threat to data security.

Who’s Behind  the GlassRAT Trojan?

It’s suspected that GlassRAT originated in China due to its targeting of Chinese nationals and the stolen Chinese digital certificate, but this is purely speculation at present and, perhaps, seems a little too obvious.

From the limited information available, it may be possible to link the GlassRAT activities with previous malware attacks. Previous cyber-attacks on Mongolian and Philippine authorities used two domains which are also connected with GlassRAT, so investigations continue to look into this as a possibility.

However, at present, the creators of GlassRAT are still at large and it’s fair to say they have had plenty of time to cover their tracks.

How Do You Combat Threats Such as GlassRAT?

18312140_l

The enigmatic nature of the GlassRAT trojan certainly makes it a difficult beast to protect against. However, businesses can help their security efforts by ensuring they follow basic security procedures such as:

  • Monitoring all incoming files
  • Training staff on the dangers of unknown attachments.

Although GlassRAT is very difficult to detect, it’s not impossible. By arranging detailed network forensics to be carried out on your systems, zero detection malware threats can be uncovered. This approach will highlight any suspicious activity to identify any particularly deceptive malware.

The question, though, that remains is: just what else is stealthily lurking on our systems and putting vast quantities of data at risk?

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

San Jose to Welcome Google Fiber into California

Uncategorized
04
Dec 2015

Google-Fiber

Google Fiber promises super fast broadband, but it remains out of reach for many people. However, it now looks as though it will shortly debut in San Jose.

The days of conducting business over a 56k dial up modem seem like a lifetime ago and in the last decade the speed offered by broadband has rapidly increased. It may seem as though it can’t get any quicker, but believe me it can! And it’s all thanks to ‘gigabit internet’ services.

Google, always at the forefront of internet technology, has been working on Google Fiber for the last 5 years and it promises a huge connection speed of 1,000 megabits per second. Despite first launching in 2011 expansion has been slow, but it’s strongly rumored that it’s debut in California will be in San Jose.

Let’s take a look at exactly what’s known about this launch and what it means for your business!

The Rumors Behind San Jose’s Launch

GoogleFiber

Despite there being no official announcement over Google Fiber’s expansion into San Jose there remains many indicators that it’s almost a done deal.

Perhaps the biggest shred of evidence is that Google has already got the ball rolling by applying for planning permission to construct two ‘Fiber Huts’ – these buildings house all the fiber optic equipment necessary to provide the regional network with gigabit access. And there are also proposals to build a further 8 in the city which would indicate a very strong drive to make Google Fiber a viable option.

Google has been discussing their plans for Google Fiber with city officials for some time now, but it had been difficult to reach a compromise. As a result, the discussions had broken down on at least two occasions leaving the move in jeopardy. However, it appears that progress has been made and the noises from City Hall point towards an announcement towards the end of November.

Why Will Google Fiber Be a Big Deal?

kQSlvYr

Google Fiber, then, seems to be on its way to San Jose, but what benefits is this going to bring to businesses in the city?

  • It will far outstrip the services currently provided in the area. At present the quickest internet service offered in San Jose is 250 megabits through Comcast.
  • The speed offered by Google Fiber will make cloud computing more viable due to the increases in accessibility and speed of available cloud services.
  • Video conferencing will become more accessible and will increase the potential for workers to work from home and connect with geographically separated colleagues like never before.

Google Fiber Is Only a Matter of Time

Google Fiber in San Jose feels as though it’s only a matter of time and I wouldn’t be surprised to see it launch in 2016. And if it does then it’s going to be incredibly exciting for the residents and businesses in the city. The potential to improve their digital lives is huge and promises to make dramatic changes to the way we do business.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Malware Helps Protect Infected Routers

Security,
02
Dec 2015

larger-15-ROUTERS-WiFi-generic2

Malware is generally viewed as a nasty virus which causes nothing but chaos. However, a new piece of malware called Linux.Wifatch seems to improve security.

Usually the preserve of security breaches and data privacy concerns, malware is mostly in the news for disrupting commercial and domestic PC activity. Naturally, it’s an area where everyone needs to be on their guard to protect their data.

However, what if there were a new type of malware which bucked the trend and actually protected you from other forms of malware? It would be pretty special, right? And, it looks like it’s already here in the form of Linux.Wifatch, so let’s take a look at exactly how it works.

How Has Linux.Wifatch Found a Niche?

Internet routers are wonderful little devices, but the majority of users are notoriously sloppy when it comes to safeguarding them. You see, people are eager to get it out of the box and connected to the net as soon as possible, so they don’t even consider adjusting the default password or admin settings.

And it’s this neglect towards security that has allowed hackers easy access to countless networks in the past. In fact, November 2014 saw a huge security breach in Vietnam where millions of broadband routers had their traffic hijacked to mask online cyber crime being carried out by hackers.

Linux.Wifatch, however, looks to be a unique remedy to this potential threat.

What is Linux.Wifatch?

virus-de-computador

Linux.Wifatch is an intriguing piece of code which – as per most malware – sneaks into your system in a rather underhand manner. In the case of Linux.Wifatch it’s believed that it breaches your router by way of the telnet protocol – this software helps test connections to servers.

However, once it’s made its way into your router, it does the decent thing and closes the connection it’s got through on to prevent any more malware sneaking in. Not content with closing the doors, Linux.Wifatch will then prompt the router administrator to then change the router password. And it’s final chivalrous act is to set off in search of other malware in the router to destroy.

Is Linux.Wifatch All Good?

It may sound like a friendly virus, but don’t forget that Linux.Wifatch is still malware and the ‘mal’ stands for malicious! Sure, it provides some protection to your router, but it simply shouldn’t be there in the first place.

1afca28

And Linux.Wifatch itself actually has a number of backdoors built into it to allow the author of the virus to use your router as they please.

With the virus spreading globally and affecting tens of thousands of users, it’s creating a lot of panic that this seemingly ‘white hat’ piece of software could suddenly turn nasty. So, in my opinion, the uncertainty surrounding Linux.Wifatch means a much better solution is to take your router security seriously from day 1 to prevent any security breaches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Microsoft Downloading Windows 10 To Your Machine Anyway

Network, ,
09
Nov 2015

c

By now you will have seen the ‘Get Windows 10’ popup on your PC, but did you know that it’s being downloaded to your system even if you haven’t opted in?

Microsoft has decided to start installing Window 10 on systems and this, of course, is eating into people’s broadband usage, so it’s riled many consumers. It’s not the first time that Microsoft has ‘borrowed’ peoples broadband, so let’s take a look at this latest scandal in a little more detail.

Pushing Windows 10

Many users of previous Windows are more than happy with their current operating systems; after the criticism of Windows 8 it’s no surprise that consumers are a little reticent to trust Microsoft’s software.

windows-10-upgrade-notification

Even though Microsoft is working hard to shout “IT’S FREE!” from every available rooftop, some people are still refusing the upgrade. However, it’s been discovered that Windows is prepping your system to accept the upgrade.

Microsoft is so confident that users will want Windows 10 eventually that they’re downloading it to a hidden folder on people’s systems. The folder – labelled ‘$Windows.~BT’ – is around 3.5GB to 6GB, so counts for a significant section of your hard drive.

It’s an intrusive move on Microsoft’s part and, given the recent spate of Windows 10 security concerns, highlights the software giant as being somewhat arrogant and out of touch.

Microsoft Responds

When questioned about this latest accusation, Microsoft has been keen to point out this being for the customer’s benefit:

“For individuals who have chosen to receive automatic updates through Windows Update, we help upgradable devices get ready for Windows 10 by downloading the files they’ll need if they decide to upgrade.”

Now, of course, almost all of us sign up to the automatic updates as we’re advised it’s the best way to protect the security of our systems. However, it feels as though Microsoft is exploiting this need for security to push their own products at the expense of their users’ choice.

How Do You Remove Windows 10?

Understandably, many users are unhappy with Microsoft’s underhanded tactics, so are intent on removing Windows 10 for good and taking back control of their system.

Remove-Upgrade-to-Windows-10

It’s not as simple as just deleting the ‘$Windows.~BT’ folder as it will just keep re-populating and using up more of your broadband allowance. However, it is possible by going through the following steps:

  1. Go to Windows Updates and click on Installed Updates
  2. Locate update KB3035583 as this is the update which downloaded Windows 10
  3. Windows 7 users need to delete and hide this update along with KB2952664, whilst Windows 8 users should delete KB3035583 and KB2976978
  4. Head to the root directory where your current Windows OS is installed and delete $Windows.~BT
  5. Run ‘Disk Cleanup’ on your system and delete all ‘Temporary Windows installation Files’

Final Thoughts

Is it right to sneak a product onto everyone’s system through the patch management interface?

Despite most Windows updates installing new files on our systems the size has never been an issue. In this instance, however, Microsoft may have forced some users into unknowingly exceeding their broadband limits.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

More Pre-Loaded Lenovo Spyware

Security,
28
Oct 2015

Lenovo-Yoga-658x370-2212b47ff38e685e

Several weeks ago, Lenovo was found to be preloading spyware onto their laptops; now it’s been discovered they’re loading spyware onto their Thinkpads.

Yes, Lenovo has certainly disgruntled a whole new sector of customers. And what with the Thinkpad range being marketed as a business laptop it’s particularly worrying for business customers.

After all, which business wants to get caught up in any type of security threat which could potentially distribute their customers details to third party sources?

Let’s take a quick look at exactly what’s happening.

The Spyware Scandal

spionage_w492_h312

The Thinkpad range was purchase by Lenovo from IBM and these refurbished models are being packaged with a piece of software called ‘Lenovo Customer Feedback Program 64’ which is causing the latest controversy.

But what exactly does this spyware do?

Well, it’s there to send customer feedback back to Lenovo’s servers to help improve their products and service. There’s not anything particularly nefarious about that. However, it’s also been discovered that this piece of software contains the following files:

  1. TVT.CustomerFeedback.OmnitureSiteCatalyst.dll
  2. TVT.CustomerFeedback.InnovApps.dll
  3. TVT.CustomerFeedback.Agent.exe.config

It’s the first file which is interesting as it relates to Omniture who are an online marketing and web analytics company. What they do is monitor people’s behaviour online to help build a snapshot of how internet traffic is moving across the web.

Now, although Lenovo do disclose in their EULA (End User Licence Agreement) that software will be transmitting customer feedback to the Lenovo servers it is buried away amongst a lot of text. Additionally, there is no mention that internet usage will be monitored and passed on to Omniture for what is surely financial profit.

Just imagine the security risks this could have with your business if hackers are able to find a loophole in this spyware and can piggyback onto your internet connection? It could spell serious security issues for the security of yours and your customers’ data.

Removing the Spyware

Virus-Removal

Thankfully, it’s not a mammoth task when it comes to removing the spyware, so just follow these steps:

  1. Download ‘Task Scheduler View’ which is a useful piece of software which displays all the tasks running in Windows
  2. Within Task Scheduler View you will want to disable anything which is related to Lenovo customer feedback and/or Omniture
  3. It’s also recommended to rename the folder “C:\Program Files (x86)\Lenovo” e.g. “:\Program Files (x86)\Lenovo-test” to help prevent any other dubious files being activated or installed

This should that your Thinkpad and your confidential data remain secure and are not at risk of being exploited.

When Will Lenovo Stop?

This is the third security scandal to hit Lenovo this year after the Superfish and BIOS modifying controversies, so consumers are understandably losing their patience with Lenovo.

Although Lenovo claims on their website that “Lenovo takes customer privacy very seriously and the only purpose for collecting this data is to improve Lenovo software applications” it remains to be seen when they will follow through on this pledge.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 89 90 91 92 93 125