Removing malware threats from your PC is the simplest way to keep it safe from the attentions of hackers. But what happens when you can’t delete it?

Anti-malware software is fantastic at providing you with a means of removing malware from a PC. It can quickly scan your PC for threats and delete them with the minimum of fuss. But the ease with which malware can be removed has provided hackers with an appetizing challenge. What if they could create a strain of malware which couldn’t be deleted? It’s been the holy grail for malware developers since the first virus was created. And it’s a quest which has now been achieved.

A form of malware that cannot be deleted presents many problems for PC users, so let’s take a look at what it consists of.

The Invincible Malware

The unnamed malware was recently discovered by security giants Kaspersky and has left even them scratching their heads at its origin and construction. What they do know is that it’s a highly persistent threat and one that has been designed to resist deletion. It succeeds with this strategy as, rather than targeting a PC’s hard drive, it focuses its attack on a PCs motherboard. In particular, this new malware targets PC’s Unified Extensible Firmware Interface (UEFI). The approach of exploiting the UEFI is novel as it is involved in booting up a PC. Therefore, it is separate from your hard drive and will remain untouched by any operating system reinstalls.

Once the UEFI malware is in place it acts much like any conventional malware. Its first task is to create a Trojan file in the Startup folder under the name of IntelUpdate.exe. Without some in-depth investigation, the average PC user is unlikely to know this is even present. But even if it is noticed, and a user decides to delete it, the IntelUpdate app will simply reinstall once the PC is rebooted. And it’s an app which will cause your PC further troubles. IntelUpdate will not only install further malware, but it will spy on your PC activity and transmit data and files back to a command and control server which appears to be located in China.

How Do You Defeat the Undeletable?

The prospect of a malware strain which cannot be deleted may leave you wondering how you can ever be protected from it. Thankfully, it can be deleted, but not by conventional means. Security tools are now available from firms such as Kaspersky and Microsoft which scan firmware on PCs. It’s recommended that you upgrade your anti-malware tools to include this option to counter this new attack strategy. The means by which this latest malware is spread is currently unknown, but it’s recommended that you follow these security tips to maximize your defenses:

· Install all updates and patches as soon as your PC prompts you to do so · Practice vigilance when dealing with incoming emails which contain attachments and links · Make sure that your workforce understand how to create strong passwords

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Microsoft may be one of the leading names in PC technology, but hackers have recently exposed their Zerologon vulnerability.

A vulnerability is a flaw within a PC which can be exploited and used to gain access to the PC in question. These vulnerabilities can be found in both software and hardware, so pretty much everything on your PC is at risk. Thankfully, the majority of your PC’s apps and components will be secure. But PCs are complex pieces of machinery. The sheer amount of coding involved means that it’s inevitable that mistakes will be made and gaps not plugged. And this is what hackers spend half their lives looking for.

Protecting your PCs is a crucial part of any organization’s security, so we’re going to take a closer look at the Zerologon vulnerability.

What is Zerologon?

Zerologon is not an app or piece of hardware that you will find in your PC, it’s simply the name that has been assigned to this new vulnerability. To understand what the Zerologon flaw is would require degree-level knowledge of how PC software works. But we can describe it in layman’s terms. If a PC is logging on to a specific type of server – one that uses NT LAN Manager – then it performs a specific logon process. But where part of the code behind this logon should contain a random number it actually contains four zeros. And it’s these four zeros that give the vulnerability its name.

How is Zerologon Exploited?

Hackers can exploit the Zerologon flaw within seconds as the number of encryption keys needed to decipher the four zero text is relatively small. With access to a PC account secured, the hacker is then able to begin changing passwords within the network. It’s a strategy which, as well as being quick, also grants full control of the PC. This means that a hacker with unauthorized access has the potential to start injecting malware – such as ransomware – onto the network. And this is where your problems will really begin.

Can You Patch Zerologon?

The good news is that Microsoft has quickly released a patch to address the Zerologon vulnerability. Installing this patch should be labeled a priority to protect your organization’s network. The average time taken on install a patch is between 60 – 150 days which is far too slow. All it takes to install the Zerologon patch is a few seconds, so there are few excuses for delaying it. The best rule of thumb, when it comes to patches, is to install them immediately to nullify any threats.

Final Thoughts

As long as software and hardware is being designed then there will be flaws in their build. Designers are only human and mistakes will happen. Vulnerabilities may be inevitable, but your networks don’t need to fall foul of them. While a PC user will be the last party to know about the emergence of a threat such as Zerologon, they can help their case by installing any patches as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


We live in a high speed age which allows us to be more productive than ever, but if anything can throw a wrench in the works it’s a slow PC.

The experience of a slow and sluggish PC is one that everyone is familiar with. And dealing with this frustration never gets easier. In fact, a PC which regularly slows down can have a serious impact on your job productivity. The complexities of the inner workings of a PC mean that identifying the exact cause is difficult. But this doesn’t mean you need to continue struggling.
It’s possible, with relative ease, to employ a number of methods and practices that will help restore your PCs speed.

5 Steps Towards a Faster PC

If you want to start ramping your productivity back up then make sure you look at the following:

  1. Defragment Your Hard Drive: A PC is, essentially, a data storage device. But the data stored on a PC needs to be retrieved every time it’s required. And the more data you store on your PC the more uneven this data distribution is. The end result is fragmented data that becomes increasingly harder to piece together. Naturally, this means that processes take longer to complete. Performing a disk defragmentation will help to reorganize your data and can easily be achieved with the Microsoft Drive Optimizer app.
  2. Browser Add-Ons: Installing add-ons to your web browser can help to maximize your online productivity, but too many can start to slow down your browsing experience. It’s common, however, to install add-ons that soon fall into disuse and no longer serve any purpose. Therefore, if your speed issues are only apparent when you’re using your browser, it may be worth evaluating your active add-ons and disabling any you don’t need.
  3. Start-up Programs: When a PC loads up it will automatically load up a long list of programs that are listed in your System Configuration. The more programs that are listed in System Configuration then the longer your PC will take to load up. Many of these programs, though, are not necessary during the start-up process e.g. a messaging app that you don’t use regularly. To avoid a bloated start-up experience just head into MSConfig and check what’s included in your start-up.
  4. Hard Drive Space: Your hard drive may, for example, have a capacity of 500GB but it’s not recommended to fill it to breaking point. The operating system on your PC needs a certain amount of hard drive space to carry out essential tasks such as creating temporary files. And if this space isn’t available then your PC will struggle to operate correctly. Regularly evaluating what is on your PC and what can be removed is crucial to avoid this.
  5. Malware: Hackers are keen to take control of PCs through the use of resource-heavy malware. Depending on the nature of the malware, such as a DDoS attack, your PCs memory can soon become overloaded and grind to a halt. Accordingly, you need to maintain good security practices to prevent the impact of malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


We all use ATMs on a regular basis and are well aware of the need for security when using them. But what happens when the manufacturer gets hacked?
The number of malware attacks and infections in 2020 are, as ever, exceptionally high. With Kaspersky blocking 726,536,269 attacks alone in the first three months it would be surprising if any PC has avoided the attentions of hackers. With a strong set of defenses, however, your PC should have remained safe and secure. But the same cannot be said for NCR Corporation, a manufacturer of ATMs. A lapse in security allowed their network to be breached by a piece of malware known as Lethic.

The fact that a major corporation’s defenses were breached is concerning enough, but what’s most troubling is that it’s located in the personal finance sector. Let’s take a look at what happened and see what we can learn.

How Did Lethic Attack NCR?

A series of computers located in a non-production lab, located outside of the US, owned by NCR have been found to be infected with the Lethic malware. Far from being a new form of malware, Lethic has been out in the digital wild since 2008. You may be wondering how such an old piece of malware can deceive modern defense systems and it’s a good question. To avoid detection, hackers simply alter the code of existing malware to change the structure detected by security systems. It’s a relatively quick method of coding which essentially gives the hacker a new piece of malware.

Lethic has, in the past, generally been used to wage spam campaigns. But it’s capable of much more thanks to its arsenal of trojan tools. These include the ability to download additional malware, data logging and remote access. This is the last thing that any company, especially one involved in ATM manufacturing, wants to leave itself open to. At the moment it’s not clear how Lethic breached NCR, but security firm Prevailion has confirmed that unauthorized data transmissions were detected for over six months. Thankfully, NCR have confirmed that the infected PCs were completely separate from any networks involved in developing ATM software or storing customer details.

Avoiding Malware Attacks

If Lethic had managed to find its way into the operating software for ATMs then NCR would have had a huge disaster on their hands. Nonetheless, all breaches need to be avoided. So, make sure that your organization always follows these best practices:

Install Anti-Malware Software: While these systems can never claim to be effective against 100% of malware, a strong anti-malware app will stop the majority of malware in its tracks. This prevents data loss and network damage quickly and automatically.

Think Before Clicking: Social engineering is a significant factor in deploying malware and this means that emails and the links they contain may not be what they seem. Therefore, always take the time to double check an email to confirm it is genuine.

Always Update: Vulnerabilities in software provide the simplest route into a PC for a hacker. But you can shut off these routes by keeping on top of any software updates/patches. Always install these updates immediately to eliminate any vulnerabilities.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The importance of installing updates and patches should never be underestimated. However, did you know that even these are not 100% secure?

Microsoft knows a thing or two about computers, but this doesn’t mean they are immune from mistakes and flaws. Accordingly, they regularly release patches and updates to address any vulnerabilities in their software.  A recent investigation, though, has discovered that these updates aren’t quite the safeguard consumers would expect. And, when you consider the amount of applications that Microsoft bundle with their systems, this is a matter of major concern.

Given the number of patches you are prompted to install each and every week, it’s important to understand what has happened on this occasion.

A Vulnerable Patch

The initial vulnerability in question relates to a flaw which was discovered in Windows printing services. Your first thought may be that printers are far from a security risk, but this couldn’t be further from the truth. If a device or application has any form of access to your network then it needs strong defenses. And this is why Microsoft was keen to patch a vulnerability which offered hackers a route into PC networks through print spooler software. This patch was issued in May and Microsoft believed this was the end of the story. But this story was due to run a little longer.

Researchers discovered that the impact of this initial patch could be negated by simply bypassing it. By modifying .SHD files (better known as Shadow), the researchers were able to add them into the spooler folder. This particular type of folder allows commands to be sent between a PC and a printer. Usually this is the preserve of printing documents, but the modified Shadow files allowed the researchers to send all manner of commands. It’s a scenario which had the potential to give hackers full access to a network.

How Can You Defend Against Weak Patches?

The vulnerability in question is no longer in present in systems which have since been updated, but it paints a worrying picture for PC users. If you are unable to rely on patches to give you full protection then what hope do you have?

First of all, you must, no matter what, always install all security patches. They are a crucial aspect of security and are all programmed with an objective of preventing an attack. This printer spooler fiasco demonstrates they are not perfect, but the majority are capable of fulfilling their aims. Nonetheless, being overcautious with IT security is always a good idea. Therefore, make sure you follow these simple steps:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More