A surge of new attack methods has emerged recently, with the most dangerous being “ransomware” and viruses spreading through “fake” antivirus applications.
In its latest report published on May 16, the Finjan Malware Research Center confirmed that “fake spyware protection software” is one of the two most rapidly emerging threats today. The other trend is hackers attempting to steal sensitive corporate data and then demanding “ransom”.
Additionally, rootkit viruses continue to pose one of the most significant obstacles for IT administrators, according to Finjan.
 |
| Source: NewsFactor |
The Threat of “Fake” Software
Mirroring a model that appeared a few years ago, fake spyware removal software has quickly proliferated, preying on users’ fear of spyware.
In this attack method, hackers disguise their malware with an appealing facade: free spyware removal applications that are heavily advertised online. Once users download these applications, they will automatically download harmful codes or “open the door” for additional attacks.
In some cases, the fake tools even run a fake spyware scanning program, notifying users that they have detected spyware on their machines and directing them to a website. There, users are urged to purchase a “full version” of the fake tool.
“Malicious actors have exploited users’ vigilance towards spyware. There are numerous underground networks on the web where such code is freely sold to anyone willing to pay. I don’t know who is willing to spend money on these, but it’s clear they are rampant on the Internet,” commented a Finjan expert.
The ability of hackers to create seemingly legitimate spyware removal tools is evidence that the spyware industry has evolved to an extremely sophisticated, professional, and advanced level.
Ransomware Attacks
Another indicator supporting this assertion is the increasing frequency of “ransomware” attacks. In these attacks, the perpetrator uses ransomware to seize important files on a computer and sends an ultimatum to the user, threatening to permanently lock the files if they do not pay.
Typically, ransomware will scan the infected computer’s hard drive, searching for a pre-set string of keywords to identify documents containing sensitive personal or financial data.
Finjan’s report details a recent incident in which a hacker used spyware named CryZip to lock an infected computer with a password, demanding a ransom of $300. They left a message on the machine explaining what had happened and warning the victim not to inform the police. The victim would receive the password to access the locked files only after paying the ransom.
Another version of ransomware installs very annoying pop-up messages on the computer. Every time the computer starts, these messages appear, demanding payment from the user if they want the hacker to remove them.
“For professional tech users, ransomware can be easily removed. But for ordinary users, especially in households or small businesses, this is truly a headache,” noted analyst Ben-Itzhak.
“In the past, hackers simply wanted to shut down your computer, but now cybercriminals want the computer to remain operational, connected to the Web, so they can extract money.”
Tian Yi
