Old-School Malware Tricks Still Work

“The oldest trick in the book is pulling the head off a dead goose and then restoring it” — Daniel Radcliffe. This is true today, especially on the issue of cybersecurity. Thanks to the Internet, we all have access to entertainment, shopping, our own personal financial transactions, email and other information, 24 hours a day. This unprecedented access to information is greater than earlier generations could have ever imagined. The Internet has unlimited information available to you upon demand. For most people, most of the time, the Internet is a positive place. However, the Internet is not without hazards. The Internet and the anonymity it affords can give online scammers, hackers, and identity thieves access to your computer, personal information, finances and more.

To fully understand the dangers out there in the Internet world, it’s important to dispel the myth that successful computer attacks are the deeds of brilliant masterminds. The truth is most attackers are there to earn income, to profit at the expense of their victims. Information about the vulnerabilities of all types of devices is widely available on the Internet, as are instructions and software tools for launching attacks. Many successful attackers today are highly motivated individuals able to earn a lot of money through exploits; they take advantage of well-known vulnerabilities with tools they usually single-handedly developed for themselves.

We are living in the age of modern computer malware such as ransomwares, bank trojan and cryptominers. However, the old styles of infecting vulnerable computers are still there. Virus authors continue to produce malformed MS Office documents, which when double-clicked will trigger an exploit through the use of the unpatched vulnerabilities of the victim’s computer.

Remote access trojans pretending to be legitimate documents such as .doc, .docx, .xls, .xlsx and even MS Publisher documents continue to be embedded with unsolicited emails and instant messages. Some of them are even long-running, just like FlawedAmmyy RAT (Remote Access Trojan) which has been infecting computers since 2016, taking advantage of users not updating their PDF reader quick enough.

With the popularity of Microsoft Office and the Adobe PDF format, virus authors always have the motivation to improve their craft of developing malware-pretending to be under those mentioned formats. Some of them are benign, running on the computer without harming the user until it is triggered due to a condition. One such condition that the malware watches for is when a user visits a banking website. The moment they attempt to visit the site, the malware will trigger its keylogging functions, sending the user credentials to its authors.

Software is no different from any other product – flaws can show up long after it has been produced. Most car owners, for example, have at one time, or another announced a manufacturer recall notice to address a quality defect. Software products have defects, too. Unlike cars, however, software has never been recalled and fixed by the developer. Instead, the developer releases software “patches” that, when applied, will correct defects. Software owners are expected to discover the availability of these patches on their own and apply them themselves. When software patches designed to correct, security-related flaws are not applied, the computer running that software remains vulnerable. Most of the vulnerabilities discovered over the past few years have been in a computer operating system software, like Windows. Fortunately, the most recent operating system versions allow the patching process to be automated. The bottom line, never delay an update if it is available.