Web Dandy Web Design Articles
Web Dandy Web Design Articles

Malwarebytes (Anti-Malware & Anti-Exploit)

by Web Dandy on June 2, 2017

Your Online Defence?

It's rare that we recommend a product but in the case of Malwarebytes we're happy to make an exception.

Both personally and professionally we've been using Malwarebytes products (Anti-Malware and Anti-Exploit) for a number of years now. We recently noted with interest that Malwarebytes had been updated to incorporate the Anti-Exploit module into the Anti-Malware module and the company also state the new Malwarebytes 3.0 can replace your Anti-Virus software too!

In an email titled Announcing Malwarebytes 3.0, a next-generation antivirus replacement Malwarebytes explained that "Malwarebytes 3.0 had been built to provide comprehensive protection against today's threat landscape so that you can finally replace your traditional antivirus."

They went onto say "Malwarebytes 3.0 is a next-generation antivirus replacement. It is the first of its kind for home users, employing four independent technology modules-anti-malware, anti-ransomware, anti-exploit, and malicious website protection-to block and remove both known and unknown threats. Our engineers have spent the last year building this product from the ground up and have combined our Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies all into a single product. And it scans your computer 4 times faster!"

What is Malware, Exploits and Ransomware?

Malware is software that's built to be malicious (hence the name). It's designed to disrupt, damage, or gain access to a computer, as well as record and steal your information.

Exploits take advantage of a bug or vulnerability in a computer system in order to cause unexpected behaviour to occur. Such behaviour frequently includes gaining control of the system (video/5m 35s) or a denial of service (DoS) attack. A denial of service attack floods a network with requests that tie up its resources which in turn temporarily or indefinitely disrupts the system causing outages and preventing legitimate users from using the service.

Ransomware is a type of malicious software designed to block access to a computer's files until a sum of money is paid. Advanced malware uses a technique called cryptoviral extortion, in which it encrypts files, making them unreadable. Security experts have warned that ransomware is the fastest growing form of computer virus. Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it.

WanaCrypt0r Ransomware Attack

With the recent WanaCrypt0r malware attack (video/1m 21s) hitting 99 countries and numerous companies, locking up thousands of hospital, telecommunications, and utilities systems, the threat is very real. The National Health Service (NHS), FedEx and Telefónica, one of the largest telecom providers in the world, each gave out statements indicating that their systems have been compromised by ransomware. The ransomware also hit companies in the UK, Russia, India, China, Italy, Egypt, Spain, Ukraine, Taiwan and the US.

The attack used data stolen from the NSA to exploit vulnerability (MS17-010) in Microsoft Windows (if devices hadn't been kept up to date with the latest Microsoft Windows security patches) to deliver the WanaCrypt0r ransomware. The encryption was done with RSA-2048 which means that decryption will be next to impossible without the key.

Not the First Ransomware, Won't be the Last

WanaCrypt0r isn't the first ransomware to hit companies. Ransomware has been doing the rounds for some time and is likely to be the biggest online threat there is for some time to come.

In fact in January 2017, 37 new ransomware variants appeared and updates were released for 22 old samples. In February, a relatively slow in terms of ransomware activity, as reported by Tripwire, 26 new strains of ransomware emerged and 15 old ones were updated. In March that number went up to 46 new strains and 20 updated existing ones. In April 41 new strains appeared and 22 old ransomware samples were updated. In a period of 4 months there has been 150 new ransonware strains!

Statistics gathered by McAfee suggest that as of the 4th quarter of 2016 there were over 450,000 malicious programs aimed at Macs, a 3.5 fold increase from around 130,000 in the 3rd quarter of 2016.

Simtech Computer Systems who deliver IT support to businesses, schools and home users said "Malware has been busy in Europe where we saw 20 per cent more infections than in North America and 17 times more than Oceania, with France, the UK and Spain ranking as the worst hit countries. Ransomware, which we speak about more often than the weather, increased by a massive 267 per cent over the last 12 months. Email posed a dangerous and efficient threat to users: one in 131 emails contained malware, the highest rate in over five years.

A combination of PowerShell, a common scripting language installed on PCs, and Microsoft Office files was an effective weapon. Cyber criminals used the two to leave a lighter footprint and hide in plain sight. Last year, 95 percent of PowerShell files seen by Security companies in the wild were malicious.

This year the security industry reports that MacOS users should be concerned now more than ever as they have seen a significant increase of over 744% of malware and ransomware attacks targeted at them specifically.

This year alone we have had to respond to five companies across different industries and over 15 home users that have been inadvertently affected by ransomware which has cost them overall in excess of £8,000 to date.

It's defintiely true 'Prevention is far better than cure'."

Taking Action

With the ever growing risk of malware the web can be a dangerous place to visit without the right protection. Keep your Anti-Virus software (if you want to) but install that extra layer of protection with Malwarebytes.

And don't forget to keep your software up to date by applying Windows updates!

Note: the release of WanaCrypt0r and subsequent worldwide infection was a big enough incident that Microsoft created a special patch for Windows XP users, three years after it had stopped supporting the Windows XP operating system.

Addendum

#1 On the 13 June, 2017 the BBC reported that there are new variants of malware that have been created specifically to target Apple computers.

Aamir Lakhani, cyber security expert from Fortinet, stated "Mac ransomware is definitely becoming bigger. Although market share is still small, hackers know that there is valuable data on the Mac. This has led to development of more Mac hacking tools."

#2 On the 27 June, 2017 Malwarebytes issued a Special Bulletin regarding a new strain of ransomware, a Petya-esque variant being called Petya/NotPetya (video/3m 23s) which is impacting users around the world, shutting down firms in Ukraine, Britain, and Spain.

Malwarebytes Labs said "More powerful, professional, and dangerous than last month's WanaCrypt0r attack, the Petya-esque ransomware uses the same EternalBlue exploit to target vulnerabilities in Microsoft's operating system. However, unlike WanaCrypt0r, this ransomware instructs you to reboot your computer and then locks up your entire system. Long story short: if you get this infection, you're hosed.

Petya/NotPetya utilizes the same EternalBlue SMB exploit that was used in the outbreak that occurred more than a month ago. There are also currently reports that this attack uses email spam to distribute infected Office documents in efforts to rapidly spread and distribute the ransomware. This malware also includes the ability to use PSExec on a system it has administrative credentials on, allowing it to execute duplicates of the malware on any system on the network."

Malwarebytes detected this ransomware in the zero hour as either Ransom.Petya or Ransom.Petya.EB, meaning those that have the latest version of Malwarebytes Premium or the standalone anti-ransomware technology are protected.

#3 On 7 August, 2017 Malwarebytes released a video called 6 Things You Probably Didn't Know About WannaCry and NotPetya (video/13m 39s) . In the video Malwarebytes Director of Malware Intelligence Adam Kujawa discusses the lesser-known facts about the two major ransomware outbreaks of 2017, WannaCry and NotPetya.

#4 On 30 August, 2017 new Malwarebytes for Mac was released. According to Malwarebytes data, Mac malware has increased by 230% over the past year. In 2016, Macs even attracted their very own ransomware (KeRanger). Macs don't get viruses? Urban legend.