Wednesday, December 30, 2020

Scary new malware can survive even if you erase and reinstall Windows

From Komando.com (Oct. 7):

Cyberattacks these days are nothing to scoff at. In 2020 alone, we saw a huge spike in cybercrime — and with more businesses moving operations online, threats like ransomware and phishing will only get worse.

Thankfully, PC users have powerful tools to protect ourselves. Some of the best anti-malware programs you can get are totally free to use.

Most security software can handle viruses and Trojans no problem. But researchers have found a new kind of Trojan that keeps reappearing no matter how many times you delete it. It’s so strong, in fact, that not even a full system reset can get rid of it.

Superbug or cyber weapon?

Tough malware calls for tough solutions — and one of the harshest things a person can do with an infected computer is to completely erase it. This means backing up files, reinstalling the operating system and starting over from scratch. It’s a time-consuming process, but it’s sometimes the only way to deal with certain viruses.

But a full reset may not be enough to stop a new strain of malware coming from China. Kaspersky Labs has detected a virus that attaches itself to Windows 10’s startup system. This makes it immune to full system wipes since the malware can’t be found on the hard drive like a normal file.

Instead, the newly discovered malware hides on a computer’s motherboard — which can’t be accessed by the operating system. It also creates a Trojan file called IntelUpdate.exe that reinstalls the malware if you try to remove it.

Once it’s on your system, it spies on your activity, scans for documents and sends them to an unknown host. Worst of all, it’s spread just like thousands of other viruses: through malicious email attachments.

Kaspersky concluded that state-sponsored hackers backed by China or North Korea are behind the malware. They found traces of the Chinese language in the program’s code, but all of the malware’s targets appeared to be enemies of the North Korean government.

In other words, this might not even be a run-of-the-mill virus but a state-sponsored cyberweapon. [read more]

No comments: