Category Archives: Trojan

  • 0

“The Travelers Guide To Wi-Fi Hacking”

Dear Blast Reader,

Do you stay at hotels when you travel? Do you ever use the hotel internet? Did you know that there may be someone spying on you while you are in your hotel? Did you know that hackers target hotel Wi-fi? Did you know that the hackers that target hotel wi-fi also target traveling business professionals?

 

Hotel wi-fi is targeted and compromised to assist in the delivering of the malicious payload to the selected victims. A ­payload is the part of the malware that performs the malicious action. Those behind the attack continually evolve the malware’s tactics and payload. It is believed that the attackers are exploiting the vulnerabilities in the server software, either by:

  • Gaining remote access.
  • Physically gaining access to the hotel and the hotel’s servers.

 

Now, attackers are using a new form of malware known as the “Inexsmar Attack”. This attack starts with a phishing email.  To make the email look real, the message is tailored to you. This email address you by name, and has real looking documents attached.

 

But, looks can be deceiving. Within this email there is a self-extracting archive package. This is a package that begins the trojan downloader process. A trojan downloader process is a malicious program, usually installed through an exploit or some other deceptive means. Using email attachments the malware is installed onto your computer. Once you are convinced to open the attachment, hackers will then initiate their malware attack.

 

How does the malware go un-detected?

To prevent being detected, the malware is downloaded in stages. These stages include:

  1. Hiding malicious codes and strings by linking malicious code to otherwise unrelated code.
  2. The malware then runs an operation to download the second part of the payload, the trojan malware.

 

So, as your defences improve, it is believed that the multi-stage download for the trojan malware is an evolutionary way to keep the trojan viable.

So, how do you protect yourself?

To protect yourself against this new form of advanced and evolutionary trojan malware, here are a few tips:

  1. Use public wi-fi as little as possible. Hackers exploit public wi-fi in places like coffee shops, restaurants, and hotels.
  2. Use a Virtual Private Network, also known as a VPN. VPNs are encrypted web browsers that hide your IP addresses & your location.

 

If you have any questions about Hacking, Malware, Cyber Security, or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit out website at www.FDS.Global.


  • 6

“Beware RATs”

Dear Blast Readers,

In recent days leading up to our most contentious election in modern history, there has been news outlets discussing a possible hacking of voting locations. The news has thrown around words such as RAT, back door, and remote access. The modern media has a tendency for the beware-ratsdramatic, but it is important to understand the terminology being thrown around. A RAT, or Remote Access Trojan, is a piece of malware (Malware is a term used to describe many forms of hostile and/or intrusive software). What makes RATs special is that this form of malicious program comes with a backdoor. A backdoor in this context is an opening in which the RAT program allows an unauthorized individual to secretly access the infected computer and gain administrative control.

 

It can be difficult to detect RATs. Why? Because usually they don’t show up on the list of tasks and running programs. The actions that are performed can be very similar to the actions of the legitimate programs. (The intruder will, more times than not, manage the resource use level so the user is not alerted by the drop in performance.)

Usually RATs are invisibly downloaded alongside a user requested program. Some examples of user requested programs include:

·       Games

·       Email Attachments

 

Once the targeted system is compromised, the intruder is able to issue RATs to other computers that are vulnerable on the same network, as well as establishing botnets. (A Botnet is a network of private computers that are infected with malware, and are controlled as a group without the knowledge of the owners.)

 

By enabling Administrative control, the RAT makes it possible for the intruder to do almost anything on the computer that has been targeted. Including:

·       Using Keyloggers and/or spyware to watch user behavior

·       Access confidential information (Examples: Credit Cards & Social Security Numbers)

·       Taking Screenshots

·       Distributing malware and other viruses

·       Formatting Drives

·       Deleting, altering or downloading file systems and files

 

So, how are you supposed to protect your system from RATs? You can do this by following the same procedures you would use to prevent other forms on malware infections. These procedures are as followed:

o  Keep your anti-virus software up to  date

o  Refrain from downloading unknown programs from unknown sources

o  Be cautious when opening attachments that are not from trusted and known sources

 

When it comes to protection at the administrative level, you are able to:

o  Block unused ports

o  Turn off unused services

o  Monitor outgoing traffic

 

If you have any questions about Remote Access Trojans feel free to visit our website at www.FDS.Global, or give our office a call at (954)727-1957.