Your browser is obsolete!

The page may not load correctly.

The price tag

Ценник

Other issues in this category (11)
  • add to favourites
    Add to Bookmarks

The price of altered data

Read: 733 Comments: 3 Rating: 9

Hackers have a sufficiently narrow focus. As a rule, they are interested in passwords (which can be sold or added to a vast collection), videos and music, and photos (which, if they contain any nudity, can also be sold or used to blackmail the owner). All in all, hackers are after things that can be quickly downloaded and sold. Analysing the contents of the documents (especially right in the infected system) on a random target can yield some benefits, but looking for information that may interest someone is somewhat tedious, and ultimately one can end up with no buyers.

As a rule, documents are downloaded and deleted.

BackDoor.Apper.1 steals documents in infected systems. Once an entry for its application is added to the Windows Registry so that it launches automatically, the backdoor removes its source file

https://news.drweb.com/show/?c=5&i=9953&lng=en

Modifying documents in a compromised system is more characteristic of banking Trojans which analyse and replace forms on webpages.

Trojan.Bolik.1 is primarily designed to steal valuable personal information. The malware can accomplish this in several ways. For example, it can monitor data that is being transmitted by Internet Explorer, Chrome, Opera, and Mozilla Firefox.

https://news.drweb.com/show/?i=9999

So does this mean that if information hasn't been deleted from a hard drive, its integrity is intact? If only that were true…

Wikileaks revealed another exploit for Windows which was called Athena. This tool is designed to provide access to any OS from Microsoft starting from Windows XP and up to Windows 10. It enables attackers to gain full control over the targeted system.

Athena can download malware to perform specific tasks on an infected computer and add/obtain files from specified directories.

http://www.securitylab.ru/news/486209.php

WikiLeaks published information about another hack tool from the CIA's arsenal. The Pandemic malware is used to compromise computers that have shared folders which are accessed over SMB.

According to WikiLeaks, the program is installed in an attacked system as a file system filter driver. It monitors SMB traffic and detects when users attempt to download shared files from an infected machine. Pandemic intercepts download requests, responds on behalf of the compromised system and provides users with malicious files instead of legitimate ones.

When a user sends a request to an infected device in order to download something from a shared folder, Pandemic intercepts the SMB query and responds in the attacked computer’s stead. As a result, instead of the requested file, the user will download malware that was kindly provided by Pandemic.

#drweb

https://xakep.ru/2017/06/02/pandemic
http://www.securitylab.ru/news/486465.php

This means that you will receive an entirely different document, and your screen will display information the attackers want you to see.

Files don’t even need to be replaced. Instead, documents can be modified on the fly. Traditionally, this behaviour is typical of macro viruses. For example, MS Word makes use of VBA (Visual Basic for Application). Using the language to replace text in a document is dead easy. We won't use the old macro virus, which replaced commas and full stops with rough language, as an example. Just take our word for it: it really is simple to do.

Dr.Web recommends

It is very unlikely that an ordinary user will be targeted by special services, but the computer of a high-ranking company official is a whole different story. Having data altered on a machine belonging to someone like that can incur significant costs. And this means that it is imperative to install anti-virus software and updates and prevent unknown applications from being installed.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments