One wrong click and your computer is infected with viruses. We show the current dangers - and how you can protect yourself.
Despite highly developed antivirus programs and spam filters, millions of viruses still land on Windows users' PCs. You can only protect yourself if you know the current tricks of the virus spreaders. Here we show ten very current attack routes through which viruses can get on a PC. First and foremost, this still includes e-mail, but PC infections without user intervention are also possible.
1.
Office Files in Mails: The Main Route of Distribution
So far, most PC malware
has landed on users' computers via email. According to Candid Wüest, the
security expert at Symantec, most viruses will continue to spread
via email in 2021. In India, one in 352 emails is infected with malware or
contains a link to malicious code. The type of pest has changed, said
Wüest. 48 percent of malware is currently in Office files. Because
the willingness to open this type of mail attachment is very high. Malware
via EXE files only makes up around 20 percent. The rest of the dangerous
code comes to the Windows PC via Java file, Javascript, or PDF.
2.
Mining Goods via Plug-Ins for Music Software
Criminal
virus distributors are constantly on the lookout for attractants that can
induce users to voluntarily install malicious code. Malicious code with
such attractants is often referred to as a Trojan. Because like the trojan horse of Greek mythology, they look like something that you absolutely
want to have. Instead of a wooden horse, the virus distributors used a VST
(Virtual Studio Technology) plug-in for music programs in the summer of 2021. Such
plug-ins offer special sound effects for audio tools and are often very
expensive. Accordingly, some composers and DJs are looking for free
versions of the VST plug-ins. The pest called Loudminer takes advantage of
this. The infected VST plug-in is a pirated copy that was offered to its
victims for free on the Internet. Inside was a crypto miner that
calculates money for a cryptocurrency. Audio tools for music creation and
crypto miners each require PCs with a lot of computing power. The
computers are correspondingly attractive for virus spreaders.
3. Fake
System Cleaners Bring Viruses and Advertisements
System cleaners help
remove unnecessary files on computers to free up storage space and optimize
the device. But you should be careful which tool you use. Cyber
criminals are increasingly trying to spread contaminated cleaning tools. This
is reported by the antivirus manufacturer Kaspersky. According to the experts, the
number of users attacked via fake system cleaners more than doubled in the
first half of 2021 compared to the same period in the previous year - from
747,322 users in the first half of 2020 to 1,456,219 in 2021. Kaspersky's
security tools were used.
Some of the infected tools
are even offered for a fee. The programs often have no function at all. They
just fake the search and the removal of the garbage. In fact, however, they
often install adware, which then displays masses of unwanted advertising, as
well as PC viruses with all sorts of malicious functions.
4.
Illegal Video Streams: Gateway for Viruses and Fraud
There are quite a number of websites that offer the latest series
and films for free streaming. Most of them are illegal. And many of
the illegal sites try to get funding by spreading viruses. This is
reported by the antivirus specialist Symantec . Those
who want to use such an offer are usually asked to download their own streaming
player. This then contains a PC virus or consists entirely of malicious
code. In this case, the entire streaming website is usually fake, which
only serves to distribute the supposed player.
5.
Attacks via Telnet & Co. on IoT Devices in Your Network
A
large number of malicious code uses standard log-ins and suitable network
protocols as a gateway. Standard log-ins, such as “admin” for the user
name and “admin” for the password, are available as preconfigured log-in access
for several IoT devices. In its capacity as an IoT device, such as an
IP camera, the hardware can also be accessed from the Internet.
From June 2020, for example, the malware Silex
made the rounds and logged into IoT devices via Telnet that
were only protected with standard logins. If the log-in was successful,
Silex then tried to make the hijacked device unusable. The only remedy was
to reload the device firmware.
6.
Malware Disguises Itself as A System Doppelganger
Until 2017, the malware used a
very simple trick to hide from the eyes of the user: It was named like a
system file, such as svchost.exe, but started from a different directory. So
the virus could at least fool beginners. In 2017, security researchers
introduced a doppelganger trick that can also fool an antivirus program. Less
than a year later, the first virus also mastered the trick known as
"process doppelganging". The antivirus manufacturer Kaspersky reports on this on its blog. With process doppelganging a
fileless code injection is meant, so Kaspersky that uses a Windows-specific function and an
undocumented implementation of the Windows Process Loader. By manipulating
file handling under Windows, the attacker could carry out his harmful actions
under the guise of harmless, legitimate processes.
7.
Virus from The Managed Service Provider without User Action
The
So ransomware not only spreads via email but can also infect a PC without
the intervention of a Windows user. So succeeded in doing this with
users whose PCs were connected to a managed service provider (MSP).
The Sodin malware can be placed on the MSP server
via a security gap in
the Oracle Weblogic server
software and there gain higher access rights via another security gap. Once
this has happened, the attackers can install the additional Sodin code on
connected PCs by remote command. Here Sodin encrypts the user's files and
demands a ransom.
8.
Blackmail Works on The PC without A Virus
One of the largest and most successful waves of attacks in
recent months were blackmail emails that managed without virus code at all. The
criminals obtain login information from users on the Internet. This
information, consisting of email address and password, is available in the
millions on the Internet. They come from data theft from major Internet
services such as Adobe ,
Dropbox, Yahoo, Sony and many more.
The criminals use this data and write to their victims that they
have their password, and send the password with them as proof. Since the
password was actually used by the victim, many recipients are frightened. The
blackmailer also claims that he has brought the recipient's PC under his
control using a Trojan horse and can prove, for example, by video recording
that the victim has visited pornographic websites. In order for the
password and evidence of porn consumption to remain secret, the victim should
pay. According to experts, the willingness to pay is very high. It is
said to have already been paid $ 2.9 million. This was discovered by
researchers who tracked payments to the blackmailers' Bitcoin addresses. Symantec states that it blocked around 289
million such blackmail emails in the first five months of 2021.
9.
Android Users Are Not Spared Either
On Android smartphones, for example, the malware appears as a
supposed image editing app. This is how the antivirus manufacturer Kaspersky discovered
the Mobok malware. The
malware was hiding in apparently legitimate image editing apps on Google Play. At
the time of discovery, the affected apps were Pink Camera and Pink
Camera 2 has already been installed around 10,000 times. Their
purpose was to collect personal data from users and then use them to register
victims with paid subscription services. Those affected could only
discover the unwanted registrations with the next billing of their mobile phone
provider.
10.
Counterfeit Bitcoin Wallet Steals Deposited Amounts
You store your
cryptocurrency, such as bitcoins, in a wallet. The Windows tool Bitcoin Core is one of the most popular wallets
for Windows and Linux and comes from the website www.bitcoin.org himself. Criminals took advantage of the
name's popularity and published an app called “ Bitcoin Core - BTC Wallet ” on Google Play. It
also looked just like a legitimate wallet in the app store. Anyone who
installed the counterfeit would lose any money that they paid into the wallet,
as it always provided a third-party recipient address.
How to protect yourself: This attack technique is very advanced and was able to outsmart numerous antivirus programs in 2020. The security tools should currently detect such attacks. Recommended antivirus software is Protegent Total Security Software
Comments
Post a Comment