Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (70)
  • add to favourites
    Add to Bookmarks

Gremlins attack

Read: 23737 Comments: 2 Rating: 10

Tuesday, June 27, 2017

In the Anti-virus Times we talk about severe threats and discuss such security issues as data leaks, vulnerabilities, malware, and interference on the part of secret services and their contracted assistants who often behave carelessly. Take WannaCry for example. It would never have appeared if it hadn't been for the negligence of NSA employees which made their tools available to the general public.

But vulnerabilities differ. Who is responsible for Windows working so slowly? Is it WannaCry, which encrypts files so swiftly that it impresses even our researchers? Or is it that so many unnecessary applications and processes have accumulated in the system that the RAM can’t cope with anything else being stuffed into it? Or could it be that ALL these things are to blame?

Under its Vault 7 project, Wikileaks published two more CIA-made hacking tools, namely, AfterMidnight and Assassin, as well as the documentation for these exploits.

According to the description of AfterMidnight, the framework was designed to cause minor inconveniences to users. This backdoor (it appears to be a downloader) is installed into a system as a DLL file. It downloads such modules as Gremlins and Gremlinware onto infected machines.

Similarly to normal gremlins, these modules disrupt the normal operation of installed programs to cause users all sorts of annoyances.

The description of the malicious framework states that "the Process Gremlin has the capability to subvert the execution of existing or started processes in a few annoying ways by either temporarily delaying the execution of a process, killing an existing process, or “locking up” a process permanently, requiring the user to manually kill the process".

An operator can define the interval for such attacks as well as the number of processes that will be targeted by the Gremlin.

The documentation contains two examples of how the Gremlin can be used. In one of them, an operator can make it extremely difficult to work with Microsoft PowerPoint ("because, face it, they deserve it for using PP).” "This example includes configurations on how to lock up 50% of PowerPoint resources every 10 minutes, or how to delay the start of PowerPoint slides by 30 seconds".

In the second example, operators are shown how to shut down browser processes (Internet Explorer and Mozilla Firefox) every 30 seconds. The goal is to prevent users from getting distracted on the Internet and have them spend more time using the applications they need for their work. There is a practical rationale: the more time users spend working, the more data can be harvested by spyware. It should be noted that in addition to the nuisance Gremlin payload, AfterMidnight can also download malicious code that will facilitate data theft.

There is also a third type of Gremlin payload which maintains the operation of the other two types.

http://safe.cnews.ru/news/top/2017-05-17_novyj_troyan_tsru_meshaet_rabotat_polzovatelyam

So if nothing seems to be working for you, surely gremlins are responsible. You can say it to your boss just like that.

But let's get serious…

#Windows #anti-virus_scan #myth #Infection_symptoms #Trojan

The Anti-virus Times recommends

Downloader malware is used to acquire other malicious programs and their components. Many of them can have an adverse impact on system performance, and dealing with the consequences of their work can require considerable effort. So don't lay blame on gremlins—instead regularly conduct an anti-virus cleaning (a full system scan)!

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments