The history of malware,Trojans and worms (part 3)

Thursday, March 17th, 2016

Two weeks ago we explored lesser known malware, Trojans and worms, after 1985. This time around, we look at more recent threats, starting with zombies…

2003 Zombie, Phishing
The Sobig worm gave control of the PC to hackers, so that it became a “zombie,” which could be used to send spam. The Mimail worm posed as an email from Paypal, asking users to confirm credit card information.

2004 IRC bots
Malicious IRC (Internet Relay Chat) bots were developed. Trojans could place the bot on a computer, where it would connect to an IRC channel without the user’s knowledge and give control of the computer to hackers.

2005 Rootkits
Sony’s DRM copy protection system, included on music CDs, installed a “rootkit” on users’ PCs, hiding files so that they could not be duplicated. Hackers wrote Trojans to exploit this security weakness and installed a hidden “back door.”

2006 Share price scams
Spam mail hyping shares in small companies (“pump-and-dump” spam) became common.

2006 Ransomware
The Zippo and Archiveus Trojan horse programs, which encrypted users’ files and demanded payment in exchange for the password, were early examples of ransomware.

2006 First advanced persistent threat (APT) identified 
First coined by the U.S. Air Force in 2006 and functionally defined by Alexandria, Virginia security firm Mandiant in 2008 as a group of sophisticated, determined and coordinated attackers. APTs are equipped with both the capability and the intent to persistently and effectively target a specific entity. Recognized attack vectors include infected media, supply chain compromise and social engineering.

2008 Fake antivirus software
Scaremongering tactics encourage people to hand over credit card details for fake antivirus products like AntiVirus 2008.

2008 First iPhone malware
The US Computer Emergency Response Team (US-CERT) issues a warning that a fraudulent iPhone upgrade, “iPhone firmware 1.1.3 prep,” is making its way around the Internet and users should not be fooled into installing it. When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed.

2009 Conficker hits the headlines
Conficker, a worm that initially infects via unpatched machines, creates a media storm across the world.

2009 Polymorphic viruses rise again
Complex viruses return with a vengeance, including Scribble, a virus which mutates its appearance on each infection and used multiple vectors of attack.

2009 First Android malware
Android FakePlayerAndroid/FakePlayer.A is a Trojan that sends SMS messages to premium rate phone numbers. The Trojan penetrates Android-based smartphones disguised as an ordinary application. Users are prompted to install a small file of around 13 KB that has the standard Android extension .APK. But once the “app” is installed on the device, the Trojan bundled with it begins texting premium rate phone numbers (those that charge). The criminals are the ones operating these numbers, so they end up collecting charges to the victims’ accounts.

2010 Stuxnet
Discovered in June 2010 the Stuxnet worm initially spreads indiscriminately, but is later found to contain a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems configured to control and monitor specific industrial processes. Stuxnet’s most prominent target is widely believed to be uranium enrichment infrastructure in Iran.

2012 First drive-by Android malware
The first Android drive-by malware is discovered, a Trojan called NotCompatible that poses as a system update but acts as a proxy redirect. The site checks the victim’s browser’s user-agent string to confirm that it is an Android visiting, then automatically installs the Trojan. A device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.

2013 Ransomware is back
Ransomware emerges as one of the top malware threats. With some variants using advanced encryption that makes recovering locked files nearly impossible, ransomware replaces fake antivirus as malicious actors’ money-soliciting threat of choice.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

First ransomware targeting Apple Mac users

Tuesday, March 8th, 2016

Ransomware, one of the fastest-growing cyber threats, encrypts data on infected machines, then asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data (more previous ramsomware articles on our blog).

The “KeRanger” ransomware, which appeared last week, was the first functioning ransomware attacking Apple’s Mac computers.

Read more on the new Mac ransomware.

If you have any enquiries or need assistance, please contact us at

Skype users targeted by ransomware

Friday, October 12th, 2012

Skype users are being targeted by a round of ransomware that is being sent around as a message from contacts.

The message reads  “lol is this your new profile pic?”, which is followed by a link. If the Skype users clicks on the link, a zip file containing an executable that infects the computer system.

The system is the locked down and displays a message demanding money.

More about the Skype ransomware.


What is ransomware?

Friday, October 12th, 2012

The term ransomware will leave most people flabbergasted. How can software hold something ransom or is technology becoming so clever it can take over anything?

However, this description isn’t as far-fetched as it seems. Ransomware forms part of a group of malicious computer software called malware,  which cunningly installs itself on your pc and then has t he audacity to demand data or money from you. This type of programme can be installed by means of an e-mail attachment, an infected programme or unsafe website with malware installed on it. Ransomware” is also known as a a cryptoviruscryptotrojan or cryptoworm.

The software indeed “kidnaps” your data by encrypting or limiting your access to it and then sending you a message demanding money to regain your access.  The only way access is possible again, is by acquiring an encryption key from the creator of the ransomware at a fee.

A more recent version of the software will not notify the user that ransomware has been installed, but will merely block all access to the data and depend on the victim to search the internet for information on their “problem”. This search will then lead them to legit websites selling software to remove the ransomware, which of course is sold by the creator of the original culprit.

Ransomware is nothing new. In 1996 security experts at Columbia University and IBM wrote an essay called “Cryptovirology: Extortion-Based Security Threats and Countermeasures” to describe the software. At that time businesses were the main targets of ransomware and not individuals.

In March 2006 ransomware called Crypzip of Zippo was sent to a group of internet users. Those who received the programme also received an e-mail demanding a ransom of $300 if they wanted to access their data again.

Most antivirus vendors have ways of detecting and blocking the most known ransomware. However, no data is 100% safe. To ensure you don’t find yourself in this tricky situation, try to back up data regularly, be cautious when browsing on the internet and under no circumstances open e-mail attachments from unknown sources.

More info on the latest ransomware targeting Skype users.

SOURCE: Wikipedia, Microsoft en Techtarget.


© 2013-2017 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.