Hackers are keeping busier than ever and evolving their strategies almost daily; their latest method for attack is to target the humble resume.

Ask any HR professional to tell you how many resumes they receive in a week and they will be able to show you a mountain of them. Even in a business landscape which has changed dramatically over the last 20 years, a resume remains a crucial calling card for employment. And this is why hackers are keen to exploit them. It’s not just that a resume can easily be loaded with malware, it’s more that organizations are so familiar with them they are unlikely to suspect them.

Hackers, of course, thrive on complacency, so it’s time to take a look at what could be lurking inside that next resume.

Malware Laced Resumes

Resume themed scams are on the rise in the US and this latest installment centers around the use of the ZLoader malware. As with many strains of malware, ZLoader is designed to steal credentials. These credentials can include stored passwords and browsing histories, but also banking credentials. And what’s most concerning is that many of these infected resumes are being sent to financial institutions.

But what exactly do these compromised resumes look like? And how are they activated? Well, this is what happens:

  1. Recipient receives an email with a title along the lines of “Job Application” or “Advertised Job”.
  1. Upon opening the email, the recipient is encouraged to open an attached Excel document which claims to be a resume.
  1. If the Excel document is opened, the recipient is then prompted to activate a macro to enable the content.
  1. Unfortunately, activating the macro will only enable a download of the ZLoader malware to the recipient’s PC.
  1. One of ZLoader’s main attack strategies is to infect systems with a malicious app called Zeus which can record keystrokes and steal banking information.

How to Tackle Suspicious Resumes

ZLoader is a form of malware which has been around for several years now. And, thankfully, this means that many anti-malware tools are effective at identifying it and eliminating it. However, if ZLoader is only active for a few minutes it can steal valuable and damaging information. Therefore, it’s always advisable to practice the following:

  • Be Wary of Attachments: Even the most trusted source can be compromised and at the mercy of digital attacks. Say, for example, you receive a resume from a friend – does this mean you should open it without a second thought? The answer is no and this is because your friend’s email address could easily have been hacked. All email attachments should, as a result, be scanned with anti-virus software or checked by an IT professional. 
  • Never Enable Macros: A macro can be very useful for automating certain processes and features in an Office document. But this also makes them perfect for launching malware attacks. If you are ever prompted to enable a macro within an Office document you should verify that it is safe to run. And, again, this should be verified by an IT professional who will have more experience with malicious macros.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


We’ve all had to boot into safe mode on our PCs at some point and you would assume it’s a safe environment. But the Snatch malware is proving otherwise.

Safe mode is a configuration mode that you can request your PC to boot into at startup. In safe mode, your PC will only execute essential applications. The functions of your PC will be limited, but it’s the perfect environment for fixing problems and removing various forms of malware. But it appears that Snatch is a brand of malware which can thrive in safe mode.

Snatch is a multi-factor threat which can cause real damage to your business, so it’s a slice of malware that you need to be protecting yourself against. To give you a head start, we’ve put together a quick lowdown on Snatch.

What is Snatch?

Snatch is a newly discovered malware variant which contains two key threats: a ransomware function and the ability to log and steal user data. It’s not the first piece of malware to come loaded with these threats, but its infection strategies are unique. Using brute force attacks, Snatch is targeting the PCs of various organizations. So far, this sounds far from unusual as brute force attacks are a fairly conventional form of hacking. But Snatch has a unique strategy.

Following the initial infection, Snatch forces the PC to reboot. And it’s at this point that Snatch informs the PC to boot into safe mode. It’s believed that this unusual, yet clever, step is initiated in order to avoid anti-virus software which is often disabled in safe mode. From here it can execute its malicious payload. Snatch will then begin encrypting files and demanding ransoms that have been as high as $35,000. There is also evidence that surveillance threats are present in Snatch, so data harvesting is likely to start once the infection is unleashed.

Protecting Yourself from Snatch

The Snatch malware has the capability to cause extensive damage to your organization in terms of both finances and credibility. It’s also disturbingly efficient as it deletes any volume shadow copies of the files it encrypts. By deleting these volume shadow copies, Snatch is ensuring that it’s impossible to restore the encrypted files. Therefore, it’s crucial that you protect your PCs from Snatch by:

  • Practice Good IT Security: The backbone of any secure network is based upon the actions of those using it. And this is why it’s important that all your users understand the basics of IT security. By embracing these practices it’s possible to keep your PCs protected from the majority of majority of malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The Titanium malware has been released into the wild and is already making plenty of headlines. But what’s the full story behind this backdoor malware?

New malware is released every day, but certain strains are more dangerous than others. And Titanium certainly stands out. It’s a piece of malware which is highly advanced in terms of technology and pushes the boundaries of hacking. Any organization which values its privacy and security, therefore, needs to be aware of Titanium. Hacking, after all, hits productivity hard and this is magnified when it’s an advanced hack.

So, to help protect your computer network and maintain productivity, we’re going to tell you all you need to know about the Titanium malware.

Where Did Titanium Come From?

A major hack needs a major ‘talent’ behind it and Titanium certainly satisfies this condition. The perpetrator is believed to be the hacking group known as Platinum. And, in the last few years, Platinum has gained notoriety for developing persistent threats in the Asia-Pacific area. Believed to be state-sponsored, Platinum has access to funds and technology to develop advanced hacking tools. And this is exactly what Titanium is.

Titanium spreads from PC to PC in a number of different ways:

  • Vulnerable intranets that have already been exploited by malware allow Titanium to get a foothold before infecting multiple workstations
  • Stealthily infecting Windows installation tasks and installing itself at the same time as legitimate software
  • Using a shellcode which is activated as part of the Windows logon process to ensure it’s active from startup

What Does Titanium Do?

Titanium is advanced malware and is able to infect computers in a number of different ways. It’s a combination which marks it out as a major threat, but what does Titanium actually do? Well, once it’s unleashed, it can do the following:

  • Read, send and delete any file contained within the infected PC
  • Edit configuration settings on the PC
  • Receive commands from a remote server

Titanium is particularly virulent due to its emphasis on stealth. The potential for mimicry within Titanium is strong as it can imitate a wide range of legitimate software. And it’s this skill for imitation which enhances Titanium’s ability to deceive and spread.

How Do You Tackle Titanium?

With its combination of multiple infection threats, ability to imitate and connection to remote servers, Titanium is a slice of malware you want to avoid. While it may be dangerous, it isn’t impossible to avoid. To keep one step ahead of Titanium make sure you practice the following:

  • Only install software that comes from a legitimate source e.g. purchased products and not illegal torrents
  • Make sure that network activity is continuously monitored to detect any unusual traffic
  • Double check all requests for software upgrades/firmware as these could easily be compromised by Titanium
  • Use a firewall at all times to help prevent unauthorized connections in and out of your network

Titanium may be very quiet at the moment – Kaspersky are yet to detect any current activity – but vigilance is recommended due to the forces behind it. By understanding the threat of Titanium you can ensure that your network is protected from yet another pressing threat.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


We use the internet on a daily basis and visit countless websites along the way. But they’re not always the real deal. And sometimes they can be malicious.

The internet is a wonderful place and the websites that make it up can make a real difference to your business. Sadly, this opportunity is often subverted by criminals and hackers to be much more dangerous.  And, with each new step the internet takes, there are even more chances for these criminals to take advantage of. For example, online payment sites such as PayPal have allowed businesses to work closely with their customers to deliver hassle free payment methods. But, with a financial element at play, these sites have been heavily targeted.

Hackers have developed sophisticated techniques for setting up fake and scam websites, so it’s difficult to identify these fraudulent sites. However, by learning a little more about these techniques you can learn how to identify fake and scam websites.

What Do You Need to Look Out For?

There are a number of tell-tale signs adopted by fake and scam websites, so make sure you take note of the following when browsing online:

  • Always Check the URL: The address bar of your browser is one of the most important tools at your disposal when trying to identifying a fake website. The URL listed in the address bar may look genuine, but it’s crucial that you always look a little closer. A URL may read, for example, bankofamerica.com.authorization-process.com and look genuine due to the first part of the URL. But, on this occasion, bankofamerica.com is only acting as the sub-domain. The domain that you have actually visited is authorization-process.com. 
  • Secure Connections: You should only ever visit websites that have secure connections. This security is indicated by either a HTTPS prefix on a URL or the presence of a padlock image next to the URL. Without these indicators then the connection will be unsecured and your data can easily be viewed. Naturally, a genuine website will always deliver these security indicators, so if these are not present then leave the website immediately. 
  • Search Out Trust Seals: Websites that are secure pride themselves on this achievement. And this hard work is rewarded in the form of trust seals which can take the form of Google Trusted Store, Norton Secured and GeoTrust logos. A website with these, and similar, logos is trustworthy. But it’s very easy for a hacker to copy one of these logos on to any website they want. Thankfully, most trust seals can be clicked on to display verified certificate information. If this does not appear then assume that the trust seals are faked. 
  • Check the Grammar: A genuine website will have been written and proofread by professionals. But a fake website will often be designed in a rush and by people whose first language is not English. And the result is a website full of spelling mistakes. So, if you believe you’re on PayPal, but see it mistakenly spelled as PayPal then you can rest assured you’re not on the genuine site. 
  • Too Many Ads: Online ads are part and parcel of life now. But sometimes it may seem as though there are too many on a website. And this is the calling card of a fake or scam website. The excess adverts popping up are often malicious in themselves, so if you experience more than two when loading up a new page you should tread carefully and begin analyzing the web page further.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Each time that malware evolves it becomes more dangerous. And our data becomes less secure. A case in point is the Reductor malware.

We’re used to malware being used to download malicious files and open up remote access to infected PCs, but Reductor is different. It’s new and it does things differently. And it’s this unfamiliarity which makes it all the more dangerous. Focusing its target on web traffic, Reductor brings a new threat to data security. Combating it is crucial, but to do this you need to understand how Reductor works.

It’s not easy to understand how a new piece of malware operates, so let’s drill down into its core and see what we can discover.

The Basics behind Reductor

Reductor, which has only recently been uncovered by Kaspersky, is a sophisticated piece of malware. Its main objective is to compromise encrypted web traffic. But what does this mean? And how does Reductor achieve this? Well, when a website is secure it will use Hypertext Transfer Protocol Secure (HTTPS) to securely transmit data. And this allows sensitive data such as login and credit card details to be encrypted into nonsensical code. Anyone attempting to view this encrypted data will be unable to make use of it.

But Reductor allows hackers to view all of this sensitive data before it’s encrypted. It does this by compromising the Transport Layer Security (TLS) and manipulating the associated security certificates. Reductor also patches the pseudo random number generator (PRNG) to establish how the corresponding data will be encrypted. It’s then possible to decrypt any resulting data with ease. And, despite all this activity taking place, the web traffic does not exhibit any signs of having been altered. Therefore, Reductor is unlikely to arouse the suspicious of any infected users.

Staying Safe from Reductor

Web traffic contains such an immense amount of data that concealing it from prying eyes is crucial. Reductor aims to remove these barriers and exploit as much data as it can. But you can protect yourself by taking note of the following:

  • Run any downloaded files through anti-malware software to limit the risk of executing carefully concealed malware.

Thankfully, following the discovery of Reductor, the majority of anti-malware manufacturers now offer protection against Reductor and the ability to block it.

Final Thoughts

Privacy concerns have become a major issue over the last decade with malware being at the forefront of this rise. And Reductor is only going to fan these flames further. It’s likely that malware will evolve into something even more sophisticated over the next couple of years, so it’s important to take note of any developments in malware. As ever, proceed with caution online and, most importantly, if something looks suspicious do not click it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More