Troyan only for Russians (New Trojan infects computers of Russian users only)

Experts have discovered a new Trojan horse that affects computers only Russian users. Why do hackers targeted the Russians and those facing new malware - in the article “Gazety.Ru”.

How do I find specialists, “Yandex” and “Doctors of the Web,” Trojan called Trojan.MulDrop6.44482 gets on your computer in the form of the installer. First, it checks to see if the computer antivirus software, and if the computer is “clean”, the operating system verifies the location.

If the operating system is not a Russian, a Trojan deletes itself.

However, if malicious software “sniff out” the Windows Russians, begins active work on the infection. It saves to disk as a 7z-password-protected archive. Gradually he unpacked one file, among which are other Trojans. One of them - Trojan.Inject2.24412 - embedded in the run on the infected computer malware processes libraries. However, the most dangerous trojan keylogger is among other Trojan.PWS.Spy.19338. It is capable of intercepting data entered via the keyboard in certain programs and fields. According to the “Doctors of the Web”, among these programs appear 1C, Skype, VLSI, as well as programs from the Microsoft Office package.

As told “to the Newspaper” analyst “Doctor Web” Pavel Shalin, trojans act together, because they are not viruses, and can not spread by itself.

The analyst added that the examined sample attackers compile June 4, 2016, but like the first sample was detected in May of 2015.

Typically, these Trojans users download from the Internet themselves under the guise of various “useful” programs, such as Adobe Flash Player, or something like that, or receive as attachments to e-mail messages.

This is the most common channels of delivering Trojans to users’ computers.

More Trojan principle of experts described in the technical report. In short,

Trojan can be stored in a special register and send criminals keystrokes in windows of a number of programs that send data about cybercriminals operating on the infected machine and download and run other programs.

In other words, this Trojan spying on the user’s actions in the programs used to work, collect important information, such as usernames and passwords. And the ability to download and run any program is that through this Trojan can be obtained any other Trojan or virus.

For example, at the end of his espionage activity attacker can always lock your computer or run it for cryptographer extra income or simply to slow response to unauthorized activity, such as the transfer of funds from the corporate account.

In addition, the analyst noted that the cases of computers infected by “national” basis rather common practice.

“There Trojans extortionists, demonstrating their claims on any particular foreign language Sometimes the developers of malware organize special.” Affiliate programs “, involving the spread of viruses and Trojans other intruders”, - the analyst said.

In this case, the purpose of the Trojan - to gather information from local accounting software, so foreign to the creators of malicious software are not interested.

The company Group-IB, specializing in the prevention and investigation of cyber crime, also responded to the Trojan keylogger. According to the deputy head of the computer forensics laboratory of the company Sergei Nikitin, like Trojans, acting only on the operating system with a specific localization, it appeared in 2009.

“There is nothing fundamentally new in this situation. There are also alternatives, when the virus is not strictly works ru-zone. As a rule, this is due to pragmatic rather than political things. For example, because the hacker has cashing scheme only through Russia or, conversely, hackers know that they will pursue only because of theft in the country “, - said Nikitin.

In this case the noticeable focus on companies 1C, which is widely represented in the CIS countries. Sifting for Russian language OS allows hackers do not spend time and attention on those customers through which they can not commit fraud.

However, senior analyst ESET Russia Artem Baranov believes that the Trojans targeted at residents of a certain region, appear infrequently. In his view, this approach limits the number of potential victims, and thus reduces the income intruders.

As Internet users “pick up” most malware in the same way, the recommendation for the protection of their traditional enough. Analysts agree that the safety of personal or corporate data first need to follow a few basic rules: to use a reliable and modern anti-virus, anti-virus database update in time, inspect drive and with caution to download applications from the network.

5 July 2016

Operators offer go directly to the big data technology (storage of large volumes of unstructured data) for security: it is more effective and cheaper than storing conversations
“MoyOfis” was the only importozameschёnnym software for e-mail

• App Store has undergone the first major attack by hackers »»»
Hackers have changed the approach to their activities. For the first time cybercriminals have struck not by users but by the developers.
• Infection sites grows into an epidemic. Among the victims of malicious actions were sites of such major media as the Wall Street Journal and the Jerusalem Post. »»»
Net criminals use websites to spread malicious code. These attacks are becoming bigger: infection sites - one of the most popular tools for criminals criminal activities in the network.
• 32% of protected PCs infected with antivirus »»»
The statistics report of the company SurfRight support the widespread belief that in our time of one anti-virus solution is not enough to protect.
• Spanish police have defused a huge botnet! (13 million infected компов in 190 countries) »»»
Spanish police have uncovered possibly the world’s largest hacker network.
• Windows 10 was the demand to remove the program without user »»»
10 Windows users complained that the system was operating illegally remove applications, without asking the views of the owner of the PC.

Copyright © 2009
IT-Новости / Dig-Life