IT Security active threats for Windows
The objectives pursued by criminals involved in the spread of malware for Windows, have long been known, and, in general, have changed slightly:
- Turning on the computer in a botnet, that is, turning it into a zombie machine that will do all the team attacks, such as injection of additional modules in the system and installation of new malware, the substitution of search queries, sending spam (backdoors, trojans).
- Stealing usernames, passwords for different accounts, theft of credit card data, what do the so-called Password stealers (PWS) and banking Trojans.
- Blocking the user’s computer (or encryption of its files) for ransom (ransomware).
- Malicious scripts that redirect the user to a different set of exploits (exploit packs), they have shown in the last year of rapid growth. Exploit kits are used to deliver all kinds of Trojans.
From a technological point of view, we highlight the following trends for Windows:
- Use bootkit technologies to hide malicious code activity in the system (Olmasco, Rovnix, Carberp).
- More widespread in the past year received encryption system and repackage the code to achieve the zero-detection, as a rule, on the server side and then spread through the systems exploit (ransomware, Sinowal).
- Increasing the number of extortionists (ransomware), which now use a variety of cover and are able to upload your text, depending on the location of the blocked computer.
- There is still a small number of threats to the families who have in their arsenal native x64 modules (Ursnif, Olmasco, Sirefef).