Understanding malware attacks

It is almost impossible to completely protect the modern operating system from malware. Programs such as the Trojan horse and vulnerabilities in software provide hackers a wide field of activity.

Computer infection occurs in traditional ways:

• Compromised sites containing malicious code: There is usually a trust relationship between users and the web services used. Users connect to sites to use the services they provide (from internet maps and news to weather forecasts), allowing their browsers to display pages appropriately. Nevertheless, recently the number of compromised sites has grown significantly. The compromise of the site, as a result of which malicious content is downloaded on the pages, serves as a subtle means of achieving the hackers’ goals. Malicious code is a new kind of threat which cannot be blocked by anti-virus software alone. Usually, the victim is ignorant of a malicious code attack, making it virtually impossible to even recognize an assault until it is too late. Unlike viruses, the full payload has already been delivered by the time the actual malicious code program is identified. To make matters worse, the nature of the code makes it an ideal tool for people trying to target a particular user. Someone can send the code as an email attachment or place it on a website visited by the user. Therefore, any protection against malicious code needs to be proactive and needs to be able to cope with new, unknown code.

• Emails containing attachments with malicious code: Most computer viruses are spread via email attachments. Email containing malicious programs is still the most effective vector of attack. The use of spam and phishing for the distribution of malware is the best proof of this, and in fact, can be defined as the logical evolution of cybercrime.

• Use of vulnerabilities: Some websites are vulnerable to hacking due to errors in the program code, incorrect settings of the management system (CMS) and the operating system of the web server. Companies spend huge sums of money each year to find and fix vulnerabilities in their web projects, and for good reason. The site code almost always has vulnerabilities. At the moment, a huge number of vulnerabilities are classified, and this is not counting the detected 0-day vulnerabilities.

EternalBlue exploits a vulnerability in Microsoft’s implementation of the Protocol Server Message Block (SMB).  This vulnerability is indicated by the entry CVE – 2017-0144 in the Common Vulnerability and Exposure (CVE) catalog. The vulnerability exists because the SMB version 1 server (SMBv1) in different versions of Microsoft Windows incorrectly handles specially created packets from remote attackers, allowing them to execute arbitrary code on the target computer.

To reduce the likelihood of a virus infecting a computer, and to minimize the damage from infection with a virus, you must follow simple security rules. If the infection of the computer with viruses still can not be avoided, then there is no need to panic. Specialists of our team will promptly help to neutralize.