Top 5 Viruses of 2019

Top 5 Viruses of 2019

Top 5 Viruses of 2019

Top 5 Viruses of 2019

Viruses come in many shapes and sizes with varying goals. This article is going to look at some different types, what their objectives are and what you can do to protect yourself.
As technology becomes more prevalent and as we come to rely on it more and more, at work and at home, viruses are a greater threat now than they have ever been.

Zeus/Zeus Panda/Zbot/Zeus Gameover

General Information

While there are a lot of differences between all of these viruses they are all based on the original code of Zeus and all operate in a similar manner.

Zeus is a Trojan Malware Bot. A Trojan virus is a virus that looks like a legitimate file to get you to install it.

And what’s Malware?

It’s a type of malicious software that does something nefarious on your computer.

And finally, Bot refers to the creation of a botnet.

Essentially this is group of linked computers, all with the virus, that can be controlled by the owner of the virus.

These grouped computers can be used for large scale attacks.

So when Zeus infects your computer by coming up as what appears to be a legitimate message either from a company or person you know. Once you open any attachments Zeus installs itself.

So how does it work? The first thing it does is to connect to the network of computers already infected to join the botnet. Then it will run website monitoring and key logging in an attempt to steal details and passing these details back to the Command & Control (C&C) computer.

When did Zeus originate? Zeus was originally detected in 2007 and the code was released in 2011.

This release spawned many of the knock-off versions of the virus. Originally the virus only targeted Windows based systems but recent versions will target Apple and Linux based systems as well.

It also has anti-malware detection so it will hide itself if it finds anti-malware software on the device.

It also has an interesting feature to avoid attacking people in Russia.
On install it checks to see the language setup for the keyboard and if a Russian setup is detected it will delete itself.

How can you protect yourself?

You can protect yourself by not opening any emails or attachments that do not appear legitimate.
Look for typos and completely disregard messages from places you have never heard of.
Another way to check is to hover – not click – over the link in the message or to the attachment and if it is going somewhere weird do not open it.

Thanatos Ransomware

 

 

General Information

What is Ransomware? Ransomware is a program that does something to stop you accessing files or being able to use your computer normally without – you guessed it – paying a ransom.

Thanatos achieves this by encrypting almost all the files on your computer into an unusable format. Once the encryption is complete the virus writes a text file that will open every time you turn on the computer telling you that your computer has been encrypted and where you can pay the ransom.

The idea is that once you pay the ransom the C&C will send you the encryption key. This is where Thanatos is particularly bad. When security professionals analysed Thanatos’ operation they realised that it did not install an encryption key as it encrypted files. This means that even if you pay the ransom you would be unable to unencrypt your files.

What also made Thanatos stand out is it was the first Ransomware that allowed payment of the ransom into Bit Cash – a spin off from Bitcoin.

When did Thanatos first occur? Thanatos was first detected in 2017 and it continues to be an issue today. Once your computer is encrypted there is no solution.

How do you protect yourself?

Thanatos spreads itself in a similar way to Zeus so you just have to be careful when opening emails or files on the internet. An easy fix for Thanatos is to have backups done regularly. So essentially you restore your system back to the point prior to Thanatos encrypting everything.

Emotet Malware

General Information

Emotet is a worm malware. What’s a worm? It’s a program that spreads itself via spam messaging using an infect computer’s contact list. Once installed it contacts the C&C to update itself to the latest version.

So what does it do? Emotet tracks internet traffic to steal bank account details and send them back to the C&C. It also has evasion abilities and will go dormant when scanning operations are in progress.

There is a technique that internet security technicians use called sandboxing. Essentially this is where the computer is running in a locked down environment and it allows the technician to see how the virus operates. Emotet has the ability to realise when this is happening and will go dormant when this happens.

When was it first detected? The malware was first detected in 2014 and continues to cause havoc today. It is estimated that each incident costs around $1Million to clean up. It is such an issue that the Australian Signals Directorate have issued warnings about this virus as recently as November 2019. More details here: Emotet Warning.

How can you protect yourself?

You protect yourself from this one by being vigilant about emails again. For companies the signals directorate recommends various measures including additional scanning of incoming traffic and partitioning segments of their organisation so that if one portion becomes infected the virus cannot move to others.

Mirai Botnet

General Information

Mirai operates in a similar way to Zeus in the way it creates a botnet – connection of linked devices that are all infected under the control of the viruses owner. Originally the virus was designed to target Linux systems only.

What devices it targets is what makes this virus stand out from the crowd. It targets any device connected to the internet. There is a term for these devices – the Internet of Things (IoT). So this virus has the potential to infect itself on any device with an internet connect from TVs to routers. So how many devices are connected to the internet? In 2017 it was estimated that there were 8.4 Billion devices that fell into the category of IoT.

So how does it work? It gains access to these devices via brute force attack the device using default settings. Many devices in the IoT still use their default settings which is why Mirai is able to gain such a foothold.

Who is safe? There are some devices that Mirai will not attack and these are based on their IP addresses. They include the US Postal Service and The US Defence Force.

Once Mirai has control of a device it can change the default settings of the device. The owners of the virus have caused widespread havoc – most notably in 2016 an attack from this virus left much of the internet on the US East coast inaccessible.

So when did this appear? It was first discovered in 2016 and the code has since been openly published. This has allowed for many different variations of the virus to emerge. Current versions include: Hakai; Yowai and SpeakUp.

So what damage has it caused? This virus and its offspring have been responsible for major attacks on GitHub; Twitter; Reddit; Netflix; and AirBnB.

How can you protect yourself?

To protect yourself you simply need to change the default settings of your devices from their factory settings. Thus denying the virus access to the device in the first place.

Kuik Adware

General Information

This virus masks itself by pretending to be an update or download of a legitimate program – most commonly an Adobe Flash Player update. Once installed it communicates to the C&C and begins installing adware.
So what does it do? This virus displays ads onto websites as a user is browsing and also collects personal data and sends it back to the C&C.
And can it protect itself? It has sophisticated self protection and can even install security certificates for itself to evade virus and malware scanners.

How can you protect yourself?

The best way to protect yourself is to ensure your software and apps are up-to-date. You also shouldn’t install software from the web that you don’t trust.

Share This