A new variant of Malware which targets Indian Internet users using Windows have been discovered by eScan Security research team called Gen: Heur.MSIL.Krypt. In addition to it more than two aliases or pseudo-identities of the Malware have been found.
How does the Malware enter system?
It propagates as a Trojan that enters the system through spam emails having zipped archives or Microsoft Office document. This could be in form of a receipt for a payment or a delivery. It also enters when infected removable drives such as USB Pen Drives, External Hard Drives are plugged in to the system or by browsing a Compromised or Untrustworthy Website.
How does the Trojan Work?
Firstly after entering the system it gathers information about the victim such as system information which includes computer name, Local date and time, Internet Protocol Address (IP Address) and installed anti-virus solution. Secondly it kills the following processes Task Manager (taskmgr.exe), Command Prompt (cmd.exe), System Configuration (msconfig.exe) and Registry Editor (regedit.exe), which makes it difficult for the user to inspect and fix the problem. Thirdly the Trojan performs the following actions i.e. Log key strokes, capture screenshots, scrap web browsers for saved passwords, browsing history and more. Afterwards the Malware steals banking and financial transactions such as Credit Card Number belonging to the victim. In addition to it, Social networking credentials, Email accounts are also stolen.
What could a computer user do?
- Update your antivirus software (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.
- Configure your firewall to default configuration, i.e. deny all incoming connections and only allow services which you explicitly want to offer to outside world.
- Make use of strong passwords.
- Turn off file sharing if not needed.
- Implement a three dimensional security policy in your organization, i.e. firstly understand your requirement based on which IT Security policy would be prepared accordingly. Secondly, educate your staff about the policy and finally enforce the policy.
- Make sure you either implement Mailscan at gateway level or enable Mail Anti-virus on endpoint in order to block extensions such as *.EXE, *.SCR, *.JS, *.VBE etc. These attachments would infect your system.
- Open emails only if you are positive about the source.
- Disable Auto-play to stop automatic launching of files from the network and removable drives.