glassrat trojan

We all know that trojan viruses are the masters of stealth when infecting systems, but the GlassRAT Trojan may just be the stealthiest trojan yet.

We’re constantly advised to be on our guard against ‘zero day vulnerabilities’ which are brand new viruses that attack software before the vendor is aware of a breach. However, what many of us aren’t aware of is the threat of zero detection malware threats.

In the case of the GlassRAT Trojan, it’s been stealthily operating since 2012, so that’s over three years of security carnage it’s been able to quietly carry out. Obviously, this new form of security threat is something you need to be aware of, so let’s take a look at it.

What is GlassRAT?

The GlassRAT Trojan appears to be undetectable by most antivirus programs and this is due to it being signed with a seemingly legit digital certificate. However, the digital certificate is far from legit as it looks as though it’s been ‘borrowed’ from a separate Chinese software company.

The Trojan seems to have been targeting Chinese nationals working at multinational companies and infiltrates security systems with its digital certificate. The ‘dropper’, which delivers the Trojan via a fake Flash installation, erases itself from the system once it has installed its malware.

The malware is then clever enough to avoid detection by standard security scans and proceeds to carry out the following cybercrimes:

  • Transfer unauthorized files
  • Steal data
  • Transmit information about the victim’s system

Given that GlassRAT has been operating for three years without trace it represents a significant threat to data security.

Who’s Behind  the GlassRAT Trojan?

It’s suspected that GlassRAT originated in China due to its targeting of Chinese nationals and the stolen Chinese digital certificate, but this is purely speculation at present and, perhaps, seems a little too obvious.

From the limited information available, it may be possible to link the GlassRAT activities with previous malware attacks. Previous cyber-attacks on Mongolian and Philippine authorities used two domains which are also connected with GlassRAT, so investigations continue to look into this as a possibility.

However, at present, the creators of GlassRAT are still at large and it’s fair to say they have had plenty of time to cover their tracks.

How Do You Combat Threats Such as GlassRAT?

18312140_l

The enigmatic nature of the GlassRAT trojan certainly makes it a difficult beast to protect against. However, businesses can help their security efforts by ensuring they follow basic security procedures such as:

  • Monitoring all incoming files
  • Training staff on the dangers of unknown attachments.

Although GlassRAT is very difficult to detect, it’s not impossible. By arranging detailed network forensics to be carried out on your systems, zero detection malware threats can be uncovered. This approach will highlight any suspicious activity to identify any particularly deceptive malware.

The question, though, that remains is: just what else is stealthily lurking on our systems and putting vast quantities of data at risk?

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


larger-15-ROUTERS-WiFi-generic2

Malware is generally viewed as a nasty virus which causes nothing but chaos. However, a new piece of malware called Linux.Wifatch seems to improve security.

Usually the preserve of security breaches and data privacy concerns, malware is mostly in the news for disrupting commercial and domestic PC activity. Naturally, it’s an area where everyone needs to be on their guard to protect their data.

However, what if there were a new type of malware which bucked the trend and actually protected you from other forms of malware? It would be pretty special, right? And, it looks like it’s already here in the form of Linux.Wifatch, so let’s take a look at exactly how it works.

How Has Linux.Wifatch Found a Niche?

Internet routers are wonderful little devices, but the majority of users are notoriously sloppy when it comes to safeguarding them. You see, people are eager to get it out of the box and connected to the net as soon as possible, so they don’t even consider adjusting the default password or admin settings.

And it’s this neglect towards security that has allowed hackers easy access to countless networks in the past. In fact, November 2014 saw a huge security breach in Vietnam where millions of broadband routers had their traffic hijacked to mask online cyber crime being carried out by hackers.

Linux.Wifatch, however, looks to be a unique remedy to this potential threat.

What is Linux.Wifatch?

virus-de-computador

Linux.Wifatch is an intriguing piece of code which – as per most malware – sneaks into your system in a rather underhand manner. In the case of Linux.Wifatch it’s believed that it breaches your router by way of the telnet protocol – this software helps test connections to servers.

However, once it’s made its way into your router, it does the decent thing and closes the connection it’s got through on to prevent any more malware sneaking in. Not content with closing the doors, Linux.Wifatch will then prompt the router administrator to then change the router password. And it’s final chivalrous act is to set off in search of other malware in the router to destroy.

Is Linux.Wifatch All Good?

It may sound like a friendly virus, but don’t forget that Linux.Wifatch is still malware and the ‘mal’ stands for malicious! Sure, it provides some protection to your router, but it simply shouldn’t be there in the first place.

1afca28

And Linux.Wifatch itself actually has a number of backdoors built into it to allow the author of the virus to use your router as they please.

With the virus spreading globally and affecting tens of thousands of users, it’s creating a lot of panic that this seemingly ‘white hat’ piece of software could suddenly turn nasty. So, in my opinion, the uncertainty surrounding Linux.Wifatch means a much better solution is to take your router security seriously from day 1 to prevent any security breaches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Lenovo-Yoga-658x370-2212b47ff38e685e

Several weeks ago, Lenovo was found to be preloading spyware onto their laptops; now it’s been discovered they’re loading spyware onto their Thinkpads.

Yes, Lenovo has certainly disgruntled a whole new sector of customers. And what with the Thinkpad range being marketed as a business laptop it’s particularly worrying for business customers.

After all, which business wants to get caught up in any type of security threat which could potentially distribute their customers details to third party sources?

Let’s take a quick look at exactly what’s happening.

The Spyware Scandal

spionage_w492_h312

The Thinkpad range was purchase by Lenovo from IBM and these refurbished models are being packaged with a piece of software called ‘Lenovo Customer Feedback Program 64’ which is causing the latest controversy.

But what exactly does this spyware do?

Well, it’s there to send customer feedback back to Lenovo’s servers to help improve their products and service. There’s not anything particularly nefarious about that. However, it’s also been discovered that this piece of software contains the following files:

  1. TVT.CustomerFeedback.OmnitureSiteCatalyst.dll
  2. TVT.CustomerFeedback.InnovApps.dll
  3. TVT.CustomerFeedback.Agent.exe.config

It’s the first file which is interesting as it relates to Omniture who are an online marketing and web analytics company. What they do is monitor people’s behaviour online to help build a snapshot of how internet traffic is moving across the web.

Now, although Lenovo do disclose in their EULA (End User Licence Agreement) that software will be transmitting customer feedback to the Lenovo servers it is buried away amongst a lot of text. Additionally, there is no mention that internet usage will be monitored and passed on to Omniture for what is surely financial profit.

Just imagine the security risks this could have with your business if hackers are able to find a loophole in this spyware and can piggyback onto your internet connection? It could spell serious security issues for the security of yours and your customers’ data.

Removing the Spyware

Virus-Removal

Thankfully, it’s not a mammoth task when it comes to removing the spyware, so just follow these steps:

  1. Download ‘Task Scheduler View’ which is a useful piece of software which displays all the tasks running in Windows
  2. Within Task Scheduler View you will want to disable anything which is related to Lenovo customer feedback and/or Omniture
  3. It’s also recommended to rename the folder “C:\Program Files (x86)\Lenovo” e.g. “:\Program Files (x86)\Lenovo-test” to help prevent any other dubious files being activated or installed

This should that your Thinkpad and your confidential data remain secure and are not at risk of being exploited.

When Will Lenovo Stop?

This is the third security scandal to hit Lenovo this year after the Superfish and BIOS modifying controversies, so consumers are understandably losing their patience with Lenovo.

Although Lenovo claims on their website that “Lenovo takes customer privacy very seriously and the only purpose for collecting this data is to improve Lenovo software applications” it remains to be seen when they will follow through on this pledge.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


banner-05

It’s essential for businesses to protect their data assets from any potential security threat. Here are tips to help your business achieve this.

The world of IT security, however, can be an intimidating landscape and many business owners struggle to put a plan of action together. And this leaves them vulnerable to security attacks.

Thankfully, though, we’ve learned a thing or ten about protecting data from rogue elements and will be sharing these security best practices with you.

  1. Segment Your Networks
    ibwf_diagram_3

One of the best strategies to minimize data loss is by segmenting your networks. The use of firewalls between each network segment will prevent attackers gaining access to all of your data at once. It’s likely that this frustration will lead to attackers giving up and heading elsewhere.

  1. Visualize What You’re Securing

Data, in its purest form as binary code, isn’t something you can physically see. And it’s this lack of physical mass which means it’s difficult to assess the knock on effect of implementing new security policies. To prevent leaving your business open for attacks, keep detailed visibility records of your networks and their configurations. This allows you to make future changes which won’t compromise your security.

  1. Don’t Give Everyone Admin Rights
    1311_WindowsPromote2

There needs to be a level of control when it comes to your network, so you can’t issue everyone admin rights. Sure, it may save users a little time in sorting out network issues such as installing new hardware, but it also sets your network up for an attack by making admin rights less privileged.

  1. Keep Tabs

It’s vital that you create a ‘security knowledge’ database to help keep everyone on the same page as to who has specific access to which security features. This allows a hierarchy to be observed and easy to understand processes to be carried out when dealing with applications or even decommissioning them.

  1. Carry out Security Training

Everyone in your organization will need to undergo some form of security training. This allows your business, as a whole, to be more secure from attacks. And it doesn’t need to be intense training either, it may be as simple as going through the company IT policy with new starters or regular email updates about current viruses and malware.

  1. Regularly Patch your Systems
    3

The easiest security attack is one that targets a known vulnerability e.g. an opportunity to get into your system via a ‘back door’ in a piece of software. Therefore, always make sure you install every patch you’re offered as it could make a huge difference to your chances of staying secure.

  1. Analyze your Security Stats

The only way to confirm that your security efforts are working is to analyze their performance every month. This is why you will want to measure metrics such as number of attacks, user errors etc. to monitor exactly which direction your security is heading in.

  1. Communicate with Other Teams
    cross functional team

Communication needs to be clear and defined between your security team and other in-house teams to guarantee high levels of security. Any changes that are made in-house need to be communicated between security and the corresponding team to allow security provisions to be updated/implemented. Likewise, your security team has to inform all other teams of any upcoming security changes to keep everyone aware.

  1. Reduce Outbound Access

Many data thefts occur from within businesses, so it’s good practice to limit the amount of outbound access available. So, if, for example, your business has no need to use Google Docs then put a block on it and prevent any data leaking out via this avenue. Don’t forget: insider data theft can not only be disastrous, but also highly embarrassing.

  1. Automate Certain Security Tasks

It’s a tough job to monitor every single aspect of your data security, so why not automate some of the more basic tasks e.g. monitoring unauthorized attempts at bypassing firewalls. This gives your security team more time to concentrate on more complex security issues.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


trouver-et-suprimer-malware-keyraider-infoidevice

Users running Apple’s iOS software may have been exposed to a nasty piece of malware which threatens to steal user data and make unauthorized app purchases.

This malicious software has been dubbed ‘KeyRaider’ and has been responsible for uploading sensitive user information to a central server. This type of data theft is alarming enough, but affected users are also having to contend with KeyRaider purchasing apps without authorization.

The KeyRaider infection, so far, only appears to affect Apple devices which have gone through the ‘jailbreak’ process, but up to 225,000 accounts have been compromised as a result.

How did KeyRaider Start?

Jailbreaking an Apple device involves removing hardware restrictions enforced by iOS and is a fairly common practice for Apple users who are tech savvy. The aim of jailbreaking is to give more control over how the device runs and to enhance functionality.

9544245659_899baface2_z

Now, a whole industry has sprung up around jailbreaking in order to really highlight what an Apple device can do and to show off developers’ coding skills. And at least one amateur developer has decided to exploit this desire by creating jailbreak tweaks which hide a nasty surprise.

Once these tweaks are installed on an Apple device the system becomes compromised and puts the user at risk of a serious infringement of their security.

The Malicious Tweaks in Full

Two jailbreak tweaks in particular have been identified for putting users at risk of contracting the KeyRaider malware and they are:

  • iappstore – This jailbreak tweak promises to allow jailbroken devices to download paid apps from the App Store without spending a single cent.
  • iappinbuy – Many apps require users to make in-app purchases to enhance that app’s experience e.g. unlocking extra features in games. And this particular tweak pledges to circumnavigate the payment.

Despite many Apple users doubting the authenticity of these tweaks, they were downloaded over 20,000 times. And every single download puts users’ personal data at risk.

What Type of Data Is Being Stolen?

KeyRaider appears to be stealing three types of data from users under the following categories:

  • Usernames, passwords and the Apple devices ‘global unique identifier’
  • Push notification service certificates and private keys
  • App Store purchase logs

These three forms of data carry very powerful user information which is allowing KeyRaider to create high levels of panic particularly due to the financial edge.

How to Protect your Apple Device

sunset_ios_8_wallpaper-copy-1160x725

The simplest piece of advice we can give you is NOT to jailbreak your Apple device. They’re pretty amazing bits of kit as they are, so some things are better off left alone. However, I appreciate that many people want that little bit extra, so we advise the following:

  • Do NOT download the iappstore or iappinbuy app.
  • Avoid downloading anything from Cydia Substrate which is like the App Store, but for jailbroken devices – this is where the malicious tweaks first surfaced.
  • If something sounds too good to be true – such as not paying for paid apps – then it probably isn’t worth installing.

By following this advice you will safeguard your Apple device from disruptive malware such as KeyRaider.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More