The Malware That Cannot Be Deleted

Kaspersky, malware, Ophtek, Security, Trojans, , ,
27
Oct 2020

Removing malware threats from your PC is the simplest way to keep it safe from the attentions of hackers. But what happens when you can’t delete it?

Anti-malware software is fantastic at providing you with a means of removing malware from a PC. It can quickly scan your PC for threats and delete them with the minimum of fuss. But the ease with which malware can be removed has provided hackers with an appetizing challenge. What if they could create a strain of malware which couldn’t be deleted? It’s been the holy grail for malware developers since the first virus was created. And it’s a quest which has now been achieved.

A form of malware that cannot be deleted presents many problems for PC users, so let’s take a look at what it consists of.

The Invincible Malware

The unnamed malware was recently discovered by security giants Kaspersky and has left even them scratching their heads at its origin and construction. What they do know is that it’s a highly persistent threat and one that has been designed to resist deletion. It succeeds with this strategy as, rather than targeting a PC’s hard drive, it focuses its attack on a PCs motherboard. In particular, this new malware targets PC’s Unified Extensible Firmware Interface (UEFI). The approach of exploiting the UEFI is novel as it is involved in booting up a PC. Therefore, it is separate from your hard drive and will remain untouched by any operating system reinstalls.

Once the UEFI malware is in place it acts much like any conventional malware. Its first task is to create a Trojan file in the Startup folder under the name of IntelUpdate.exe. Without some in-depth investigation, the average PC user is unlikely to know this is even present. But even if it is noticed, and a user decides to delete it, the IntelUpdate app will simply reinstall once the PC is rebooted. And it’s an app which will cause your PC further troubles. IntelUpdate will not only install further malware, but it will spy on your PC activity and transmit data and files back to a command and control server which appears to be located in China.

How Do You Defeat the Undeletable?

The prospect of a malware strain which cannot be deleted may leave you wondering how you can ever be protected from it. Thankfully, it can be deleted, but not by conventional means. Security tools are now available from firms such as Kaspersky and Microsoft which scan firmware on PCs. It’s recommended that you upgrade your anti-malware tools to include this option to counter this new attack strategy. The means by which this latest malware is spread is currently unknown, but it’s recommended that you follow these security tips to maximize your defenses:

· Install all updates and patches as soon as your PC prompts you to do so · Practice vigilance when dealing with incoming emails which contain attachments and links · Make sure that your workforce understand how to create strong passwords

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Just How Safe is Your Data with Kaspersky?

Data Security, Javascript, Kaspersky, Online Security, Ophtek, , ,
01
Oct 2019

Cyber-security providers should be able to guarantee you one thing: security. However, it appears that Kaspersky isn’t as secure as you would imagine.

It’s fair to say that, with revenue hitting $726 million in 2018, Kaspersky is a major player in the cyber-security world. And it’s this success that has cultivated the high levels of trust placed in their products. Many would say that going without Kaspersky products in the 21st century is a foolhardy move. And they certainly are effective at preventing security breaches when it comes to PCs. But stories are now emerging that your data isn’t necessarily safe when it’s in their hands.

We live in an age where it’s important to stay safe online and, accordingly, many people reading this will be using Kaspersky products. It’s crucial to be aware of any potential data risks, so we’re going to examine this story a little closer.

What’s happening with Kaspersky?

Malicious websites can be a nightmare when it comes to protecting your data. Kaspersky understands this threat and has designed software which can identify whether a website is malicious or not. It achieves this by injecting your internet browser with a Javascript code that evaluates the safety of every website you visit. If the evaluation flags a website as unsafe then Kaspersky will prevent you from visiting it. This is all well and good, but the Javascript code employed has a major flaw.

The code injected into your browser is unique. And it can be read by any website. This means that your online activity can be tracked. For example, if your unique code shows up on ophtek.com and avg.com then online marketers would be able to identify a specific interest of yours: internet security. It’s known as cross site tracking and is a method used to tailor online advertisements that are likely to appeal to those viewing them. While this is nothing new, especially when you consider how cookies are used online, it’s unheard of to hear of a cyber-security provider facilitating this.

Avoiding the Security Risks of Kaspersky

Kaspersky has been keen to reduce the concerns of worried consumers and has advised that any data breaches are highly unlikely. Naturally, this is very easy for a multi-million pound corporation to say and has all the hallmarks of a damage limitation exercises.

What has been more useful is the patch released which removes the unique ID associated with the Javascript code. The cross-site tracking issue should, therefore, be remedied with this patch. However, this updated version will still identify users as using Kaspersky – a valuable piece of information that can easily provide a hacker with an insight into your defenses. The only way to truly protect yourself while working with Kaspersky is to go into the settings and untick the ‘Inject script into web traffic to interact with web pages’

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More