CIH Virus (1998)

This virus was created by a student from Taiwan, whose initials were CIH. It began spreading on April 26 – the day of the Chernobyl nuclear power plant accident, which is why many users simply call it “Chernobyl”. This virus is dangerous because it not only overwrites data on a computer’s hard drive, rendering it unusable, but it could even overwrite the host system’s BIOS – after that, the PC wouldn’t be able to boot. No one expected such cunning in 1998. CIH or Chernobyl infected almost half a million computers worldwide. Impressive, isn’t it?

Morris Worm (1998)

Morris Worm became famous worldwide and gained significant attention through the media. Its creator was the first person (!) convicted in the United States under the Computer Fraud and Abuse Act. Today, this might seem like a common occurrence, but in 1998, no one could expect imprisonment for “some” virtual fraud. November 1998 is remembered as the month when one virus paralyzed the entire Internet, causing $96 million in damages. Quite impressive for one of the first viruses. Due to a minor mistake in its “code,” it continued to install itself an unlimited number of times on one PC, completely disrupting computers worldwide.

Melissa Virus (1999)

This virus is memorable for spreading through email. On Friday, March 26, 1999, people around the world received an email with only one offer: “Here is that document you asked for… don’t show it to anyone. ” with an attached Word document. Nowadays, we all understand that it’s a virus, but in 1999, it was something new. Moreover, on the final day before the weekend, a tired mind couldn’t immediately recognize the threat. Those who opened the .doc file (and there were thousands who did) allowed the virus to infect their system and send this email to all the contacts in their account, using their name. Worst of all, this virus modified all the Word documents in the system with quotes from “The Simpsons” TV show. The author of this virus was caught and sentenced to 20 months in prison.

Iloveyou Virus (2000)

The most romantic virus in our list – the ILOVEYOU virus. Perhaps because of its cute name or its cunning strategy, it infected 45 million users within just two days! How does this virus work? A user receives an email with a file named “LOVE-LETTER-FOR-YOU” with a .vbs (Visual Basic) extension. When it enters the system, it changes all your files, images, music, and then spreads itself to all your contacts through the same email. The damage from this virus was enormous – not the kind of love letter we expect to receive. The creator of the virus was found, but their identity was not disclosed. At the time, the Philippines had no laws against cybercriminals. Lucky, one might say .

Code Red (2001)

The Code Red virus didn’t need to send emails to infect the Internet. To get infected with Code Red or Bady, you should have been connected to the Internet and opened an infected website displaying the text “Hacked by Chinese!” It spread instantly – in less than a week, almost 400,000 servers and nearly a million PCs were infected. The Chinese indeed put in some effort .

MyDoom Virus (2004)

The MyDoom virus emerged on January 26, 2004. This epidemic managed to infect nearly 2 million PC users. The virus was attached to an email that claimed to be about a shipment error (Ошибка почтовой транзакции). When you clicked the attachment, it duplicated this email to all the addresses present in your contact lists. Stopping it was genuinely difficult because the virus blocked access to the websites of the most popular antivirus programs, as well as Microsoft’s update services. They thought of everything!

Sasser Virus (2004)

The Sasser virus made it to the headlines as it managed to interrupt satellite broadcasts of French television and even affected a few Delta Airlines flights. To infiltrate systems, the virus used a vulnerability in unpatched Windows 2000 and Windows XP systems, instead of traditional email spam. Once the virus infected a computer, it would start searching for other vulnerable systems. Infected PCs would crash and operate unstably. This virus was created by a student who released it on his 18th birthday. He was indeed fortunate to have written the code as a minor, as he received only a suspended sentence. What can you say – a teenager .

Bagle Virus (2004)

In early 2004, a new virus emerged – the Bagle worm. The Bagle virus infected PC users through email messages. This virus was one of the first to be created for profit, as it gained access to financial, personal, and other information. This marked the beginning of profit-driven malicious software, and it remains a significant problem for many users and antivirus companies today.

Conficker Virus (2008)

The Win32/Conficker worm, or simply Conficker, is a very cunning virus specifically designed to target Windows. By exploiting vulnerabilities in the operating system, Conficker could discreetly bypass antivirus checks and, more importantly, block access to OS updates. It replaced the names of all services and registered itself in various parts of the system, making it practically impossible to find and eliminate all its fragments. It infected over 12 million computers worldwide, prompting antivirus companies and OS providers to enhance their security.

Stuxnet (2010)

In 2010, the Stuxnet virus caused significant harm to global security. It was designed for large industrial facilities, including power plants, dams, waste processing systems, chemical and even nuclear installations. This allowed hackers to control all critical control system elements without being detected. It was the first attack that enabled cybercriminals to manipulate real-world equipment and cause massive damage to global security. Iran was the hardest hit, with 60% of the total damage attributed to the country.

The post TOP 10 Most Dangerous Computer Viruses In History appeared first on Gridinsoft Blog.

Background of PDF Virus

First things first, so let’s see the definitions – just to be sure we have the same things. Under PDF viruses, people most commonly mean any kind of malicious payload embedded into a PDF file. Viruses as a malware type were one of the most massive ones in the mid-00s, which made their name a common noun for any malware. In years to come, viruses were pushed out from a scene with more advanced and self-sufficient malware. Spyware, stealers, dropper malware, and sometimes even ransomware – that’s what’s expected from infected PDFs.

Using legitimate files as a carrier to malicious things is more common for infection continuation rather than initial access. Hackers tend to use PDF (along with JPEG and PNG images) as a disguise for a data package needed to send new guidance to the malware. For users, the file will look like something legit or a nonsense item they got by mistake. Still, nothing stops hackers from using PDF files to spread viruses directly. Let’s check out the main causes of such an occasion.

PDF Virus: Technical details

I pointed out that PDFs can be used for malware distribution. However, they differ from, say, MS Office documents armed with infected macros. Key attack surfaces in PDF documents are related to JavaScript applets and reader applications. While JS is a pretty classic story, vulnerable readers are less common. These days, people tend to use web browsers as PDF readers – and OS use this setting by default. However, some users prefer stand-alone applications, which receive fewer updates, and may contain security vulnerabilities.

JScript

JavaScript, or JScript/JS for short, is a script programming language used massively in web applications and (obviously) scripting. It is overall used in cyberattacks as a way to leak information about the users or redirect them to another page. But having things that reside in the computer’s memory, it is possible to prepare a completely different treat.

Hackers embed a malicious JS script into the PDF file. By design, JS is attachable to PDF files to make their contents dynamic. That may be used when these documents are displaying the current instructions, but the latter depends on the weekday or other circumstances. However, a malicious instance of the JavaScript applet will run as soon as you open the file. If there is no antimalware software running in your system, the script will flawlessly run and download whatever the hacker asked it to.

Vulnerabilities in the reader application

PDF readers, as I mentioned before, are used less often these days. That actually works against them – seeing less popularity, developers tend to spend less time and effort on making them better. And they have enough things to change, as with time more and more vulnerabilities are getting uncovered.

The content needed to trigger the exploit and give the hackers what they need is commonly embedded in the document’s editable elements. They require your device to run the code that displays the corresponding information. Normally, the code executed in the document should remain in the specific execution environment, called the sandbox. Bypassing it, however, is not a big deal, and hackers are always ready to do that trick and start acting in a live system. Actually, the very essence of the exploitation is quite similar to JScript’s case: a part that stores the active content gets a malicious filling.

Malicious links in the text

Same as the previous two things, malicious links are also related to the active content. However, instead of relying on code execution, links try to trick the victim into sharing sensitive data. It is a classic example of phishing – but embedded into a PDF file instead of an email message. The key problem (for hackers) here is the fact it does not work automatically – the victim should click the link to make it run. Though after opening the link, it will most likely see a malicious copy of a login page of a website related to the PDF topic.

Risks of PDF Viruses

The risks related to PDF viruses mostly rely on what exactly is happening. When a malicious JScript runs, it most likely contacts the command server to retrieve the payload – i.e. act as a downloader. As an outcome, any kind of malicious program is possible. However, the most common types of malware, in that case, are spyware or stealers. Ransomware, vandal malware, APTs and other things are possible though, but there are no documented cases of these threats being spread in that way.

Vulnerabilities in the reader can be used to both deploy the initial payload and boost the existing one. Same as with JScript applets, they can be the source for any malware – everything depends on the choice of hackers. When it comes to boosting the already running payload, everything depends heavily on the type of a used exploit. Privileges escalation breaches may be used to make malware run; arbitrary code execution vulnerabilities can initiate the connection to a command server to get additional instructions.

Phishing threats are less likely to be related to malware infection. The key thing most phishing operations aim at is the victim’s personal information. The aforementioned malicious link will try to resemble a website you know, and will likely ask you to type login credentials or certain info about yourself. The reasons to follow the instructions will be mentioned in the PDF body.

How to avoid infected PDF files?

Preventive, and the most effective way to avoid facing malicious PDF files is to avoid interacting with questionable things at all. PDFs that contain viruses are unlikely to appear on official websites, genuine emails, and stuff like that. Strange emails sent by a stranger rather than a company, that ask you to open the attached file or a link to a third-party website – that is what you should look for and avoid. For both individuals and companies, being aware of what attacks to expect is essential.

Obviously, it may not be an easy task when you have to deal with dozens and hundreds of emails each day. That case requires a counteraction of another kind – reactive. If you cannot prevent a malicious file from making its way to your system, then it is vital to be able to stop one when it appears. There are several types of software solutions that suit that case.

Content Disarm and Reconstruction (or CDR) will fit organizations that have extensive networks. CDR solutions control the launched files and excise the active content which can be malicious. They may apply that blindly to all files, as well as have a detection system that distinguishes good from bad.

Anti-malware software is a more all-encompassing solution that can effectively detect and stop the execution of malicious code. PDF, however, is a bit troublesome, as some antivirus software considers it safe and ignores it completely. GridinSoft Anti-Malware is a different story – it offers a top protection rate against any kind of threats – even cunning things like a PDF virus.

The post Can PDFs Have Virus? Exploring the Risks of Downloading PDF Files appeared first on Gridinsoft Blog.

What is a computer virus?

The computer virus is a piece of code or self-replicating malware that aims to penetrate the user’s device and damage the system. Most viruses have a purely destructive structure and aim to take over your computer. The virus itself can make copies of itself, making its destructive effects even more serious. It is important to note that the virus term is not synonymous with malware. Actually, it is just a malware class – same as spyware or ransomware.

How Do Computer Viruses Work?

In operation, I can divide computer viruses into two types. Those ones get on your device to multiply themselves and the ones that are waiting for the user to activate them.

Viruses have four phases:

• Dormant phase: In this phase, the virus is in standby mode, it lurks for the user and remains hidden.
• Propagation phase: At that point, the virus begins to replicate itself and hide its copies in programs, files, or other parts of your disk. This process will continue until you remove the virus and its copies from the device. The clones themselves can be slightly altered to avoid detection, but this will not prevent them from further attempts at self-replication.
• Triggering phase: to activate a virus that only waits for it, the user must, for example, click on the icon or open the application that is needed for the pest. However it does happen that some viruses have a certain amount of time to revive. For example, a certain number of computer reboots.
• Execution phase: At this moment, the virus begins its full-scale activity. He releases his malicious code into the system and starts destroying what he needs.

How Do Computer Viruses Spread?

Viruses can spread through the Internet through various infection mechanisms. Here are some common options through which this can happen:

• Emails: This is one of the most common methods of intruders. As crooks can attach any malicious thing to the letter, they are very potent carriers for malware. Sometimes the email itself may contain an infection in its HTML.
• Downloads: Intruders can hide their viruses in various documents, plugins, apps, and other places that are available for download. Note: In addition, we recommend our recent article on “How to Legally Get Spam Email Revenge“.
• Messaging services: Distributing the virus via SMS is also not the most difficult option. It is possible to do this through WhatsApp Facebook Messenger and Instagram. There they hide like in emails.
• Old software: If you forget or just don’t want to update your operating system, then your device is full of vulnerabilities and may be subject to attack from computer viruses.
• Malvertising: Advertising banners on websites and any pop-up windows can also be an option to infect your device. It is so sophisticated that it can be hidden even on legitimate and reliable websites. We recommend an interesting study about malware VS ransomware, the difference, and the facts that are worth remembering.

Types of computer viruses

Although we mentioned earlier that the virus is just a kind of malware, this fact does not prevent the virus itself from manifesting itself differently and thus having several types. Today, several computer viruses are active on the Internet.

• Direct action virus: It is the most common among others and is also the easiest to create. It works by joining a large number of COM or EXE files, after which they delete themselves.
• Boot sector virus: It infiltrates your boot sector, which is responsible for booting your operating system when you start your device to easily infect that device. These viruses are spread mainly through CDs, floppies, and USB drives. But because these are already obsolete methods of distribution, the virus itself is already gradually disappearing from its position.
• Resident virus: It is aimed at damaging your device’s RAM. Its privilege is that even if you remove it from your RAM, it can still be saved. The list of its destruction can also add the destruction of tons of files, motherboard memory, and the ability to write you rude emails.
• Multipartite virus: these viruses aim to infect your files, boot space, and more. The problem is that they are hard to root out, as they can settle inside your files and downloads.
• Polymorphic virus: These beauties hide under the guise of a modified form. When they create their clones, they change slightly, which helps them avoid detection.
• Macro virus: The purpose of such viruses is to hide in your Word document files? namely DOC and DOCX. After the user downloads the file, he will be asked to enable the macros, and if the user agrees, he will automatically download the virus.

Avoiding the latest computer virus threats

To protect yourself and your data, we suggest you make a habit of a few rules. This way you will be able to prevent all the above. This will be a pleasant experience for you, after which you will not have to be afraid to visit any site or another network.

• Have a healthy sense of skepticism: Do not press everything you see in unfamiliar emails. Do not fall for what you did not expect to get.
• Go legit: try not to copy media from platforms you don’t know where to share files. Be careful with what you load, it may carry a malicious compound.
• Be careful even in established stores: Before downloading any application, make sure it is secure. In turn, the Apple Store and the Play Store are trying to keep infected apps out, but some manage to slip in and remove some devices before they are removed.
• Steer clear of ads and pop-ups: Do not pay attention to pop-ups and banners when visiting websites. Because they are often infected and carry malicious code. If you are interested in the product offered in the advertisement, then go directly to the site and see what you need.
• Install updates: don’t forget to update your operating system. All new updates are designed to bypass and prevent new viruses from being installed on your device. That way, the system will have no vulnerabilities that viruses can exploit.
• Add an extra layer of protection: Most importantly, no matter how well-thought-out the steps of using the Internet are, you can not 100 percent protect yourself from pests. Therefore, we suggest that you take advantage of the right protection, which will not only remove the already existing virus but can prevent them from getting to your device.

We offer you Gridinsoft Anti-Malware – an excellent scanner, virus removal detector, 100% effective. You will definitely save your money and peace of mind by dealing with the consequences of malware activity. When in doubt, explore the full review list of 15 reasons and benefits to choose this product.

The post The Essential Guide to Computer Viruses appeared first on Gridinsoft Blog.

The term was created by David Jevans in February 2005 when he mentioned the word in his response to the FDIC article “Putting an End to Account-Hijacking Identity Theft”. The article to which Jevans made a response was published on December 14, 2004.

How Does Crimeware Work

The typical victims of crimeware usually become companies and users who store some valuable and important information. For example, health care providers have become one of the main targets of crimeware in recent years and largely due to the COVID-19 pandemic the number of this kind of cyber attacks has risen.

Crimeware also doesn’t mean a specific kind of software or viruses but rather it employs a wide range of different malicious programs and software to facilitate cybercrimes. Crimeware can use adware, spyware, worms, Trojan horse programs or viruses to spread and perpetrate crime like stealing proprietary information, money or personal identities.

Among the various techniques cybercriminals can implement and thus successfully conduct their cyber attacks are the next kinds of methods:

• Cybercriminals encrypt all the data on victim’s computer and then will try to extort some sum of money demanding ransom payment to be paid (Ransomware);
• Get a hold of remote access into applications that should later allow cybercriminals to get an access to networks for further malicious actions;
• Break into a user’s session at some financial institution to completely drain the available funds without users knowledge for that;
• Steal all available passwords on that is cached on a user’s system;
• Pharming — a method when cybercriminals with intent redirect user’s search in a web browser for a specific domain in an address bar to their counterfeit one that is also controlled by them;
• Install keystroke loggers in order to try to collect sensitive and valuable information like login and password information for bank accounts. Once the malicious program has done the job it will report the results back to the cybercriminal.

How Crimeware Spreads

To install crimeware on victim’s computer cybercriminals can use the next possible delivery vectors:

• Remote exploit vulnerabilities found in clients and servers. RCE vulnerabilities allow cybercriminals to execute their own arbitrary code on a remote device;
• Social engineering via email. In this delivery vector cyber criminals specifically tailor their malicious emails so that there will be high chance that a victim might click on malicious attachment or link and allow crimeware to be executed;
• Vulnerabilities that are found in different web applications. For example, it is known that cybercriminals have exploited one of such vulnerabilities, the Bankash.G Trojan that allowed them to monitor user’s input in webmail and online commerce sites also stealing passwords.

What Are Consequences Of Crimeware Attack

In particular cases crimeware attacks can have serious results both for companies and individuals. More likely victims will lose money, valuable information, intellectual property. In other cases the consequences might also be:

• Identity theft. This cybercrime involves the stealing of someone’s personal information to further commit some type of fraud;
• Loss of productivity. If a user gets infected with crimeware they will experience not only its direct infection consequences but also their computer will suffer on its part. User’s device may experience system slowdowns, numerous errors in operating system and other kinds of productivity loss;
• The potential loss of data. When, for example, cybercriminals use ransomware to conduct their malicious actions then one of several possibilities a victim may experience from this kind of crimeware attack is the loss of data.
  This is especially true if victim refuses to pay and it’s what many law enforcement agencies advise to do because ransom payments only add reimbursement to now ever growing ecosystem of cybercrime and so allow cybercriminals to further conduct crimes;
• Financial loss because of stolen passwords. If a cyber criminals manage to get password, for example, to your bank account you risk that your money will be stolen or cybercriminals may use the stolen credentials to some of your shopping websites’ accounts and make an order but changing address;
• Data theft. In another way it is called information theft and this kind of crimeware attack usually happens on corporate servers, devices, databases. Data theft is particularly dangerous for businesses of all sizes and it can come both from within and outside a company;
• Intrusion of privacy. In the cyber security field the words refer to an unauthorized activity on a digital network. In the cyber crime attack criminals try to steal various valuable network resources and as a result the security of the whole network and the data is at risk.

How To Prevent Crimeware Attacks

It would be impossible to stop cybercriminals from attacking you but you can actually take several steps to make the risks lower and chances of being attacked as well:

• Update your software regularly. The main vector by which cybercriminals can attack you is various vulnerabilities that can be found either in software you use or your device. Applying patches as soon as they get available significantly lowers the chances that you will be the next victim of crimeware;
• Don’t use an administrator account if there’s no need. Crimeware often tries to exploit such accounts because in case of a success it will give cybercriminals an immense range of rights to perform whatever they need to accomplish their malicious actions on your device;
• Enable email security and spam protection. Being the main communication channel for various businesses across the globe it is actively exploited by crimaware. Set a special settings that will ensure spam email filtering, scan for viruses and malware, limit access only to beforehand links, email addresses and messages;
• Enable secure authentication methods. Security authentication methods that should ensure no one could get unauthorized access to your device and data. These methods will include multi factor authentication, different biometrics tools, strong passwords and password manager;
• Use antivirus and antimalware software. They will scan your device to identify and remove any malware present thus ensuring you won’t leave cybercriminals with a chance to finish their malicious probe. Immediately attend to any malware detected and deal with it. Also, don’t forget to regularly run scans so that you will detect a threat in time.

The post How to Prevent Crimeware Attacks: Users` Guide appeared first on Gridinsoft Blog.