anti malware Archives - Page 2 of 3

New Form of Malware is Sneakily Avoiding Detection

anti malware, Cyber Security, malware, OpenSUpdater, Ophtek, PC Security, PhishingAnti- malware, Cyber Security, malware, Ophtek, OpthSUpdater, PC Security, phishingOphtek, LLC

Sep 2021

Anti-malware tools provide a firm level of defense against hackers, but what happens when the malware can bypass detection tools?

Around 300,000 new pieces of malware are created daily, so it’s important that we can protect ourselves against this constant threat. Anti-malware tools such as Kaspersky and even in-built Windows security systems are crucial for providing this protection. Accordingly, you should find that your systems remain protected for most of the time. However, hackers are industrious individuals and are constantly looking to evolve their techniques. As a result of this ongoing adaptation, it appears that hackers have found a way around current detection methods.

The threat comes in the form of the OpenSUpdater and is one that you need to take seriously.

What is OpenSUpdater?

Digital signatures are used online to demonstrate that code is legitimate and accepted by Windows security checks. They are an important part of online security, but this has made them a viable target for hackers. In the case of OpenSUpdater, their online code samples are carrying manipulated security certificates which, despite these manipulations, are passed as authentic by Windows. More importantly, security tools which use OpenSSL decoding are unable to detect these malicious changes.

OpenSUpdater is free to bypass security measures and avoid being labelled as malware which is quarantined and deleted. The malware’s main method of attack is through riskware campaigns. This involves injecting malicious ads into the browsers of those infected and downloading further malware. The majority of targets so far have been found in the US and the malware typically bundled in with illegal downloads such as cracked software.

How Can You Protect Against OpenSUpdater?

This latest malware threat was detected by Google’s security researchers and has since been reported to Microsoft. A specific fix has not been announced yet, but hopefully something will be implemented shortly. In the meantime, however, it’s vital that you take steps to protect yourself. In particular, make sure you focus on the following:

Minimize User Privileges: There’s no real need for employees to be downloading software onto their workstations. All the tools they need should be readily available. However, some employees are likely to be tempted by things they see online, particularly the promise of quick fixes. The best way to reduce the risk of downloading malware is by eliminating download privileges for all but the IT team.

Educate on Phishing Techniques: Phishing is a dangerous hacking technique which uses email to push social engineering attacks. By instilling a threat of urgency to act upon an email’s call to action – such as ‘click here to download a vital security tool’ – hackers are able to deceive victims into downloading all kinds of malware. Thankfully, through continued training, your employees should be able to recognize phishing emails quickly and hit the delete button even quicker.

Do Not Abandon Detection Tools: Despite the ability of OpenSUpdater to bypass detection tools, this does not mean that these tools should be resigned to the scrapheap. They still play an essential role in providing digital security options and should remain in place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What Do You Need in Good Antivirus Software?

anti malware, Antivirus, Cyber Security, Data Security, email security, firewall, Ophtekantivirus, Cyber Security, Data Security, email security, firewall, OphtekOphtek, LLC

Jul 2021

Antivirus software is a sure-fire way to keep your PC protected against malware. But you need to make sure it has the right features for your organization.

No two pieces of antivirus software are the same. And there are a lot of different antivirus tools available. In fact, if you google the term “antivirus software” you will be faced with 175 million search results. Not surprisingly, the sheer range of options available can make choosing one a daunting task. But it doesn’t need to be this difficult. All you need to do is understand what the most important features are in antivirus software.

The Essential Antivirus Software Features

As I advised earlier, there are many different antivirus tools trying to get your attention. And they all contain a collection of different features. The most essential ones that you should be looking for are:

Malware Scans: The biggest threat to your organization’s IT infrastructure will come from malware. And it’s a threat which can easily lurk undetected on your network. However, thanks to the power of collective databases, most of this malicious software can quickly be identified by its code. Good antivirus software will connect to these databases and use the inventory to verify every file on your network. Anything identified as malicious can then be quarantined and investigated before being deleted.

Firewall Availability: Many antivirus software packages will include a firewall and this feature can prove invaluable. It’s a tool which is employed to monitor all incoming and outgoing connections to your network. Essentially a barrier between your organization and the internet, a firewall allows you to restrict access to any unidentified connections while recognized and permitted connections can operate freely.

Email Scans: One of the best ways for a hacker to gain access to your organization’s network is via email. It’s a venture which typically succeeds when an infected email attachment or malicious link is activated by the recipient. And these infections can be very powerful. Ransomware is easily spread through malicious emails and phishing scams, of course, are particularly prevalent. Thankfully, many pieces of antivirus software can scan all incoming emails to evaluate the danger contained within.

Download Protection: Most files that you download from the internet will be fine e.g. software installation packages or even plain old spreadsheets. But there’s always a chance that you may download some malicious software. And, in many cases, it’s easy to find yourself fooled by authentic looking websites. A good antivirus suite, however, should be able to scan all downloaded files in real time to verify if they are safe. Often, if the file is hosted on a malicious website, antivirus software will not even allow you access to the site in the first place.

Final Thoughts

Basic antivirus software is available for free and, despite some limitations in its functionality, can provide you with powerful protection. However, when you start paying for antivirus software you can expect to gain even more features and some much-needed technical support. Regardless of which option you go for, though, antivirus software should be an essential part of any organization’s fight against cyber-crime.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What’s a Keylogger? And How Do You Beat One?

anti malware, Cyber Security, keylogger, malware, Ophtek, spywareCyber Security, keylogger, malware, Ophtek, spywareOphtek, LLC

Mar 2021

One of the simplest forms of spyware you can run into is a keylogger. Capable of stealing large amounts of data, a keylogger is simple yet dangerous.

In the world of cyber-security, keyloggers are a frequently mentioned hacking device. But what exactly are they? And what should you do if you fall victim to one? These are important questions as keyloggers can cause immense damage. The main interest of a keylogger is data. In particular, keyloggers have an intense hunger for personal data. Login credentials, banking details and social security information are all at risk. Therefore, it’s critical that you know what a keylogger is, how it works and how to protect yourself.

Luckily, we’ve put together a quick guide to give you the lowdown on keyloggers.

A Beginner’s Guide to Keyloggers

As we have established, keyloggers thrive upon harvesting data from their victims. The simplest way that a keylogger can do this is by monitoring and recording the keystrokes that are made on an infected PC. The software behind a keylogger is simple and can quickly be installed on a PC either manually, through an infected website or as part of a malware package. Once it’s installed, the keylogger will work silently in the background as it records data. The harvested data will then be routinely transmitted to a remote server.

A keylogger can quickly harvest data that puts both organizations and their customers at risk. Not only can personal details be stolen and used for criminal means, but financial accounts can also be compromised. Almost all modern malware will contain some form of keylogger; this is unlikely to change while users continue to use their keyboards to enter data into PCs. But you don’t need to fear keyloggers. As long as you know how to protect your PC then you should be able to benefit from peace of mind.

Beating Keyloggers

It’s impossible to provide 100% protection against keyloggers, but it’s possible to strengthen your defenses to their maximum. And you can do this by carrying out the following:

Anti-Spyware Software: Most malware protection suites will contain some form of anti-key logging tool, but these are also available as standalone apps. By comparing the files present on a PC against a database of malicious tools, anti-spyware software can identify keyloggers and safely remove them.

Two-Factor Authentication: One of the best methods for thwarting hackers is by using two-factor authentication. Organizations can easily generate unique authorization codes that are forwarded to an individual’s phone/personal device. These one-off codes ensure that employees can gain access to their network, but, even if this code is harvested, it is useless.

Monitor Network Activity: A keylogger will need to contact its remote server to transmit its stolen data. But, to do this, it will need to leave your network. And this network activity can easily be monitored at your end. Any unusual traffic or external destinations should be investigated immediately and blocked if any malicious activity is suspected.

Install all Patches: Keyloggers are often able to make their way onto a PC due to vulnerabilities created by outdated software. Thankfully, as long as you regularly install all updates as soon as possible, you should significantly slash your chances of falling victim to a keylogger.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Return of the Trickbot Malware

anti malware, malware, Ophtek, trickbot, two-factor authenticationmalware, Ophtek, safety, TrickBot, two-factor, updateOphtek, LLC

Feb 2021

Some malware is incredibly difficult to remove, but it is removable. However, that very same malware could come back stronger than ever before.

We first reported on the Trickbot malware back in 2017 when it was being used to target banks in the US. Back then it was using web-injection techniques to infect users and steal login credentials. But much can change in three and a half years. Trickbot has steadily evolved to become a much stronger strain of malware. And this, naturally, means that its more dangerous. Therefore, even if you managed to beat Trickbot before, it’s going to require an even stronger battle this time around.

The good news is that we’re going to give you a lowdown on the latest variant of Trickbot and, more importantly, how to beat it.

What is Trickbot?

Trickbot has changed significantly since we last encountered it, so it’s crucial that we take a comprehensive look at it. Since its early days as a banking trojan, Trickbot has evolved several times. Enhancements to its design has allowed it to spread through networks rapidly and with stealth on its side. Trickbot has also been re-engineered to become a malware loader meaning that it can download even more malware to an infected system. It had appeared, last year, that a collection of tech companies had managed to take the Trickbot network down. But it appears that Trickbot is still active.

The latest Trickbot attack uses a social engineering approach to unleash its payload and is targeting legal and insurance companies in the US. Phishing emails are being distributed which inform the recipient that they are responsible for a traffic violation. A link contained within the email promises to deliver proof of this violation. But the true destination of this link is a website which will download an infected ZIP file. This infected file will then connect the user’s PC to a remote server and completes the infection by downloading further malware.

How to Beat Trickbot

Good security practices are essential when it comes to beating malware such as Trickbot. Protect yourself by carrying out the following:

Install Your Updates: Vulnerabilities in your hardware and software allow malware such as Trickbot easy access into your system. Plug this gap by installing all updates when prompted to and, where possible, set these to automatic installs.

Teach Email Safety: The busy pressures of the working day mean that we can sometimes switch to automatic when checking our emails. However, by taking a few moments to carry out some basic checks you can make sure you don’t fall victim to malicious emails.

Two-Factor Authentication: Trickbot is well known for being able to spread through networks like wildfire, but you can limit this spread. By installing a method of two-factor authentication on your network you can make this spread much harder.

Use Anti-Malware Software: A wide range of anti-malware software is available – much of it at no cost – that can protect your PCs from malware. Windows itself has Windows Defender built into it as standard, so make sure you have something in place. And, don’t forget, make sure the software is turned on.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Government Websites Compromised in Armenia

anti malware, Cyber Attack, Cyber Security, Hackers, malicious websites, Plugins, Security Threatshacking, malware, Ophtek, security, vulnerabilityOphtek, LLC

Apr 2020

You would like to think that governments know a thing or two about cyber security. But a recent hack in Armenia has proved otherwise.

European security experts ESET have confirmed that numerous websites belonging to the Armenian government have been targeted and compromised by hackers. The compromised websites have been infected with malware and pose a nasty security risk to visitors. It’s suspected that the hackers behind this attack are Turla, a Russian hacking group.

We’ve discussed malicious websites before, but this latest attack is a little different. Therefore, it’s crucial that you understand the unique methods behind the infection.

What’s the Story?

The suspected hackers have targeted several websites that come under the control of the Armenian government, but the same fingerprints have also been found on a few non-government websites. Regardless of which website is infected, the methods employed are the same. However, where this attack differs from normal is its selective nature. Rather than attacking every visitor that accesses the infected websites, the malware only targets high-ranking visitors. So, for example, a civilian visitor is likely to remain uninfected, but a government official will not be so lucky.

It’s intriguing that the malware is only interested in high-ranking officials and indicates that there could be a political angle to the attack. Speculation aside, what is known for certain is how the attack unfolds. Once a visitor has been established as ‘high-value’ a command-and-control server generates a malicious JavaScript code. This code is used to deliver a popup window prompting the user to download a Flash update. But while this does, in fact, install a genuine version of Flash, it also contains PyFlash. And this backdoor application allows hackers to gain full access to the infected PC.

How Do You Protect Yourself?

Naturally, the security risk of compromised government PCs is considered high. And, while it is unlikely to affect smaller organizations at present, the selective nature of the attack is troubling. Therefore, it’s important that you safeguard your business against similar attacks. This can be achieved by following these best practices:

Use Website Filters: One of the best ways to protect your organization from infected websites is by integrating website filters into your IT setup. These filters are backed up by huge databases, which are regularly updated, and will prevent your users from accessing websites considered a security risk.

Prevent Software Installation: The majority of applications that your employees will want to install are likely to be genuine and safe. But, as with fake Flash updates, this is not always the case. And this is why it makes sense to enforce a complete blanket ban on unauthorized installs. Accordingly, any install requests should be submitted to an IT professional who can evaluate the risk of each proposition.

Block Popup Adverts: It’s rare that any PC user welcomes the appearance of a popup advert. And, with the risk of malicious popups so prevalent, it’s the last thing that an IT professional wants to see as well. Therefore, it makes sense to minimize this risk by installing a popup blocker. Not only will this reduce the risk of malware being installed, but it will also provide your PC users with an enhanced experience.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 2 3 Next »

Category Archives: anti malware

What’s the Story?

How Do You Protect Yourself?