Category Archives: Malware

  • 0

“The Travelers Guide To Wi-Fi Hacking”

Dear Blast Reader,

Do you stay at hotels when you travel? Do you ever use the hotel internet? Did you know that there may be someone spying on you while you are in your hotel? Did you know that hackers target hotel Wi-fi? Did you know that the hackers that target hotel wi-fi also target traveling business professionals?


Hotel wi-fi is targeted and compromised to assist in the delivering of the malicious payload to the selected victims. A ­payload is the part of the malware that performs the malicious action. Those behind the attack continually evolve the malware’s tactics and payload. It is believed that the attackers are exploiting the vulnerabilities in the server software, either by:

  • Gaining remote access.
  • Physically gaining access to the hotel and the hotel’s servers.


Now, attackers are using a new form of malware known as the “Inexsmar Attack”. This attack starts with a phishing email.  To make the email look real, the message is tailored to you. This email address you by name, and has real looking documents attached.


But, looks can be deceiving. Within this email there is a self-extracting archive package. This is a package that begins the trojan downloader process. A trojan downloader process is a malicious program, usually installed through an exploit or some other deceptive means. Using email attachments the malware is installed onto your computer. Once you are convinced to open the attachment, hackers will then initiate their malware attack.


How does the malware go un-detected?

To prevent being detected, the malware is downloaded in stages. These stages include:

  1. Hiding malicious codes and strings by linking malicious code to otherwise unrelated code.
  2. The malware then runs an operation to download the second part of the payload, the trojan malware.


So, as your defences improve, it is believed that the multi-stage download for the trojan malware is an evolutionary way to keep the trojan viable.

So, how do you protect yourself?

To protect yourself against this new form of advanced and evolutionary trojan malware, here are a few tips:

  1. Use public wi-fi as little as possible. Hackers exploit public wi-fi in places like coffee shops, restaurants, and hotels.
  2. Use a Virtual Private Network, also known as a VPN. VPNs are encrypted web browsers that hide your IP addresses & your location.


If you have any questions about Hacking, Malware, Cyber Security, or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit out website at www.FDS.Global.

  • 6

“IoT Devices Beware: The BrickerBot”

Dear Blast Readers,


Do you leave your IoT (Internet of Things) Devices connected to the internet? Did you know that if you leave you IoT devices connected to the internet, even when you are not using them, it opens doors allowing hackers more time to gain control of your devices? Did you know that there is a form of malware that leaves your device impossible to use once infected?


A BrickerBot is a form of malware that has been created to infect a collection of devices. The “Bricker” in “BrickerBot” is referring to rendering a device, or devices, completely useless or inoperable, like a brick used as a paperweight. This is accomplished when the BrickerBot corrupts the device’s storage capabilities.


The way in which BrickerBots behave do not always match up with the behavior of traditional botnets. A botnet is a network of devices that have been infected. Their purpose is to keep the infected devices around for as long as possible.


Most botnets can be used for:

  • Sending out spam.
  • DDoS Attacks (also known as “Distributed Denial of Service Attacks”).
  • Phishing Attacks.


BrickerBot Malware uses a “Permanent Denial of Service” attack or PDDoS attack. This is when the BrickerBot physically disables the device.




The device is physically disabled when the BrickerBot corrupts the firmware on the devices. Usually the only way to fix this is to replace the device, or if possible re-install the firmware.


BrickerBots use a set of commands to help accomplish their end goal of “Bricking” your smart devices. These commands will:

  • Render Flash storage useless by writing random bits to the storage drives on the devices.
  • Disabling TCP Time stamps, leaving connectivity vulnerable.
  • Limiting the processes that the devices can run at once.


How are you supposed to protect yourself from a BrickBot?

To protect yourself and your IoT Devices from BrickBots, you should:

  • Change your login information (BrickBots come with a dictionary containing default login information).
  • Limit the internet connectivity your device has. (Leaving your IoT devices connected, especially when you are not using them, gives hackers more time to take control and infect your devices.)
  • Install updates as frequently as they become available.


It is important to remember:

  • Every device that is smart and/or has internet connectivity should have STRONG PASSWORDS.
  • Take security into your own hands, do not rely on default security from the manufactures. (Remember: BrickBots come with a dictionary that contains default login information. Changing your login information should make your devices harder to hack.)


If you have any questions relating to IoT Devices, IoT Security, Hacking, Cyber Security or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.

  • 13

“Printers Beware”

Dear Blast Readers,


Did you know that 54% of employee’s say that they do not always follow the security policies put into place by their company’s Information Technology departments? * Did you know that about 51% of employees who have a printer, copier, or a multi functioning printer (MFP) at their work place say that they have copied, printed, and/or scanned confidential documents at work before? *


With cyber threats on the rise, it is not a shock that even printers are not safe from cyber attacks and data breaches. If a printer is connected to a wireless network and is unsecure, then it is open to hacking. Once compromised, other devices connected to the same network are left vulnerable.


How can a hacker gain access to a network using an unsecure printer?


One way a hacker can gain access to your unsecured printer is if the firmware is out-of-date. This allows the system to accept malicious lines of code. The hacker can then use the code to gain access to:

  • Print Jobs.
  • The user’s computer.


Another way a hacker can gain access to your unsecured printer is using a drone. Along with a drone the hacker would need a mobile phone and two applications. The two applications would do the following:

  • The first application identifies all wireless printers
  • The second application deploys malware into the printers.


So how does this type of drone attack occur?


Firstly, the hacker would fly a drone using a smart phone into position outside of an office building. Once into position, the hacker activates the two applications. Once the first application scans for open Wi-Fi printers, the second application establishes a fake access point (one that mimics the real device). Once established, the fake access point is then able to intercept documents that have been sent to the real device. With network access gained, the hacker can then in-bed malware into the company’s network.


When malware is installed within the network, hackers can gain access to your servers and documents by:

  • Accessing sensitive and/or confidential information.
  • Changing the printer’s settings or LCD readout.
  • Launching DoS attacks (Denial-of-service attacks).
  • Using the printer to receive and transmit faxes.
  • To send unauthorized print jobs.
  • Retrieving saved copies of documents.
  • Eavesdropping on network printer traffic.


To take preventative measures against attacks on your printers Some typical prevention procedures include, but are not imited to:

  • Educating Employees on the importance of security
  • Defining what constitutes a secure password
  • User identification (with PINs and other verification) for printer usage.
  • Data encryption protocols (to prevent interception of data across the network).


If you any questions relating to Firmware, Network Security, Printer Security, Cyber Security or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.



*(The statistics represented in this blast were identified from: Network, C. (2013, February 07). The Hidden IT Security Threat: Multifunction Printers. Retrieved April 25, 2017, from )*