06.28.20176 min read

What You Need to Know About Today’s Malware Threats

Malware and cybersecurity have been top-of-mind for many business owners recently with the launch of the WannaCry malware. An attack of this kind can have devastating results, including loss of funds or data, and potentially both. And, as soon as one threat is gone, it seems another follows suit.

RELATED ARTICLE:

Malware: What You Need to Know for Your Small Business

Just because you're a small business doesn't mean you won't be a target for...

Here’s what you need to know about the current cybersecurity threats:

Fireball malware

The security firm Check Point Software Technologies recently stated that it has found a malware infection of overwhelming scope and destructive potential. The “Fireball” malware infection, which originated in China, is believed to have infected more than 250 million computers worldwide and is currently present on 20 percent of all corporate networks, with major infections occurring in Asia and South America. Check Point informally calls it "possibly the largest infection operation in history."

The malicious software appears to be mainly intended to generate bogus clicks and traffic for its originator, a Beijing China marketing and advertising firm called Rafotech. Once installed, the worm forwards a user’s browser to websites that impersonate the look and feel of Google or Yahoo search homepages. The fake pages secretly gather private information on the user using what is referred to as “tracking pixels.”

A tracking pixel is a 1x1 pixel image on a webpage that contains java code designed to send data back to its creator. These images are invisible and can be placed anywhere on a page.

Fireball also has the ability to execute commands remotely. This includes the downloading of additional malicious software. Fireball’s creators, or others who find a way to exploit it, could theoretically transition from an ad scam scheme to selling collected data, or even connect infected machines into a global botnet of massive destructive power.

Many botnets, much smaller than Fireball’s assemblage of 250 million compromised machines, have been involved in a major denial of service scams or other destructive operations. The Mirai botnet, which knocked out the internet service of millions of people in December of 2016, was estimated to have been comprised of as few as 120,000 devices. Those were mostly connected cameras and routers with far less computing power than the systems targeted by the Fireball malware.

According to Check Point, another scenario could basically see Rafotech mass-gather data from infected systems and sell it to interested criminal elements. This data could range from credit card numbers to business plans and patents—all to be provided to the highest bidder.

Check Point describes Fireball as "a pesticide armed with a nuclear bomb." Rafotech, Check Point warns, "holds the power to initiate a global catastrophe." It also adds "The potential loss is indescribable."

According to the California firm, the Fireball package is covertly inserted into free software downloads and installed without the knowledge or consent of the user. A couple of examples of software found to contain the Fireball package include Soso Desktop and FVP Image Viewer. The clearest sign of an infection is learning that your browser has been forwarded to a new homepage. There are websites available that provide detailed instructions for detecting and eliminating infections.

"According to our analysis, Rafotech’s distribution methods appear to be illegitimate and don’t follow the criteria which would allow these actions to be considered naïve or legal," Check Point states.

The malware and the counterfeit search engines don’t carry any indicators that connect them to Rafotech, as well as concealing their true nature. The removal typically requires professional assistance. 

NotPetya ransomware

On the heels of last month’s massive WannaCry outbreak, a major ransomware incident is currently underway by a new variant called “NotPetya.” Researchers believe the ransomware to be a variant of the Petya work, but Kaspersky Internet Security and other firms are reporting that, though it has similarities, it’s actually not Petya. Regardless of its name, here’s what you should know:

This attack doesn’t just encrypt data for a ransom, but instead hijacks computers and renders them completely inaccessible by encrypting their Master Boot Record.

NotPetya is another rapidly spreading attack which, like WannaCry, uses the same NSA exploit ENTERNALBLUE and PsExec. A few things about this new malware:

  • It doesn’t have a kill switch like WannaCry does
  • It is far more sophisticated—it has a variety of automated ways to spread, unlike WannaCry which required human interaction

The scope of the infection is not yet known, but reports continue to filter in across systems worldwide. Once a single system is infected, the worm spreads peer-to-peer to other Windows-based client and server systems.

Once on a machine, NotPetya waits for 90 minutes before performing any attack, likely to give time for more machines to be affected, and to confuse the point of entry.

After the time expires, it then encrypts the Master Boot Table of local drives, copies itself to the Master Boot Record, forces a reboot to lock out users, and then displays the ransom demand screen.

Prior to infection, the systems should be patched with MS17-010 to plug the same hole that WannaCry exploited.

The best way to ensure that systems are back up and running quickly after an infection and without having to pay the ransom is to have a system imaging and restore process in place.

Ongoing prevention is key in protecting you and your business from malware. The bottom line in preventing any infection is employee education as well as processes and procedures in place to mitigate or prevent the risk.

RELATED ARTICLE:

How to Educate Your Employees About Cybersecurity Threats

Cybersecurity threats are real for small businesses. Be sure to educate your employees so...

Ron Smith is an Infusionsoft Sr. Quality/Security Engineer. Having served in the USAF as a security specialist, he became passionate about security. During his 20 year career, he has worked for very large companies such as Microsoft, Intel, and Pearson, but his love for small business carried him to Infusionsoft. He is also the father of five boys and an avid Harley Davidson rider and home brewer.

2017 Strategic Planning Kit - Download Now
Was this post helpful?
Created with Sketch.
Infusionsoft cornerstone spinner
close button
Subscribe to our weekly newsletter!

5 Reasons to Subscribe:

1. Weekly tips to dominate sales and marketing

At our core, we're focused on helping you become a sales and marketing machine. We tap into the genius of the best salesfolks and marketers out there to give you daily tips to grow your leads, make more sales, and keep more customers.

2. Expert small business resources that cost you zero dollars

Want to go deep? We have you covered with free guides, webinars, and tools on a range of topics from marketing automation, CRM, and digital marketing to building sales and marketing strategies from the ground up. All for free. All for you.

3. We're focused 100 percent on small business success

We exist for one reason: helping small businesses succeed. We give you the ideas and insights you need to blow the competition out of the water. We serve business owners who are hungry to put in the hard work to grow their business and own the market.

4. We do the work for you

Running a small business is a 110 percent endeavor. You don't have time to surf Internet for the best small business insights and ideas out there. We'll do that for you with the best original content from our team and from industry experts and small business owners.

5. But wait, there's more!

Small business success means more than just sales and marketing, so we also hit on a range of topics to help your small business thrive, including personal and business growth, customer service, and business management.

6. Righteous GIFs

OK, we said five reasons, but we like to overdeliver...and GIFs. We really like GIFs. You're bound to see some righteous ones.

GIF of Ferris Bueler principal's assistant

P.S. We'll never give out your information. We'll only use it to send you awesome content and resources, if you're cool with that.