What is a Computer Torjan?

In a world when daily internet access is part and parcel of life, it is hard to avoid the many threats that are out there lurking in the ‘wild’. And with so many type of malware out their its hard to know the difference.
Each type of malware has its own purpose and threats associated with it, while hopefully most people us an Anti-Virus program there are still a number whom don’t.

A Trojan virus lends its name from the greek myth of the trojan Horse, while these days the delivery package is not a giant wooden horse it does has as devastating of an effect. The premise of a Trojan virus is to alow a remote user or attacker access to your system, or allowing them the ability to make changes on the system.

There are 14 Main types of trojans, each with very similar fundamentals but their over all goal can differ. When a system is infected with a Trojan an attacker can execute actions without the owner of the systems permissions. And in many cases without them even knowing.

Although initially it was mainly windows PC’s affected by Trojan’s in recent years the number on Android devices has increased at an exponential rate. Due to the unauthorised applications that can be installed on Android devices has opened them up to these type of attacks.

Notable Trojan Viruses

  • Shedun
    • The Shedun virus come from a family of malware, its primary platform is Android devices and was originally discovered in 2015. The virus would then redesign legitimately installed applications and flood them with ads. It is very difficult to remove and in many cases cannot be removed unless the device is rooted and them flash with a custom ROM.
  • Blackhole exploit Kit
    • The Blackhole exploit was one of the most effective and wide-spread viruses during 2012. Sophos stated that 29% of all web threats were caused by the Blackhole exploit kit. When this virus was active on a system it recorded huge amounts of data, including the victims county, browser type and the operating system they where using.
  • Tiny Banker Trojan
    • The Tiny Banker Trojan’s target of choice was financial organisations websites. The attack vector in use is a man-in-the-browser. This means that it intercepts the data between the user and the web server.
      The Tiny Banker Trojan is based on the Banker Trojan but has been reduced in size and been made more powerful.
      Once the Virus has been deployed on a site any information such as login details or bank details can be stolen and then used for malicious or illegal purposes.
  • Gh0st RAT
    • The Gh0st RAT targeted Windows systems as was able to infect a number of very sensitive systems. The RAT or Remote Access Terminal also for the attacker to take complete control of the infected system. This can be used to perform keylogging activity, provide recording of webcams and also displaye user input to name a few.
  • MiniPanzer and MegaPanzer
    • MiniPanzer and MegaPanzer are variants from Bundestrojaner (German for state-sponcered Trojan Horse) It was designed for the swiss government and then later used to capture information.

As long as your system has a anti-virus application and your careful about how you use the internet, your changes of being infected by a Trojan is reduced massively. And with new malware appearing everyday there could be numerous Trojan’s out their in the wild that are yet to be detected by anti-virus companies and then added to their database.

And in many cases you may be unaware that your system has been infected as the attacker could simply be collecting data on you to used at a later date.


PLA Unit 61398 – Who are they?

PLA Unit 61389 are the chinese cyber-warfare unit, although there is very little published about their clandestine operations. In a county as secretive as China, it is to be expected that they would keep this group relativity secretive.

In 2013 an american security firm Mandiant released a report highlighting PLA Unit 61398, and suspects them for launching attacks on the US. Their targets are not only governmental and federal organisations, but also private sector businesses.

The types of attacks carried out by this group range from advanced persistent threats to the deployment of malware. It is hard to find an accurate figure on the numbers of attacks carried out by this group, as they wish to remain secretive. It is understandable that China’s offensive cyber unit does not want to take credit for every attack they have carried out.

That being said they have been accused of a number of attacks over the years. There is speculation around the groups involvement in Operation Shady Rat, this attack is said to have affected more than 70 organisations including the United Nations and US Government.
There are also other reports that suggest that the number of organisations that had been attacked by this group is in the thousands. Through further investigation it appeared as if most of these attack are carried out during working hours in Beijing’s time zone, although this is not concrete evidence it allows for further speculation of the attackers location. And due to the sum what regimented hours these attackers are carried out in, lead me to believe that although it could be a well structure group of hackers it is much more likely that this organisation if official or governmental.

Will anymore of the activities carried out by this group hit the head lines or will it all mealy remain speculation and accusations?



Why WannaCry Killed Ransomware

When WannaCry hit the affect it had on such a wide range of individuals was almost unprecedented. And the aftermath as a result has had a detrimental effect on future ransomware.

An attack on this scale not only brought a huge amount of media attention, but unlike many other virus attacks WannaCry became a house hold name. Not only was it effecting ATM machines and the NHS but other companies were forced to send staff home as they were unable to operation do to the virus.

Although the total amount paid to the attacker is still unclear, it is much less than it should have been. Due to security researchers speedy response many users effected were able to avoid paying the hefty ransom. Unfortunately for any would be cyber criminals, WannaCry appears to have killed ransomware as a viable option of attack.

Because of the publicity received by WannaCry, people were made aware of these types of attacks. And security vendors such as Bitdefender soon implemented an anti-ransomware feature into their products. This features stops unauthorised applications making changes to the computer in areas they have not been given permission to.

I personally feel that if WannaCry had not have effected so many across the globe then ransomware would still be a relatively effective method of cyber-crime. But due to people’s awareness becoming greater and security vendors taking action. There are numerous sites on the internet offering guides of how to ‘defend’ against a ransomware attack, and the most common tip is to make regular backups. This method relays on the back up remains unaffected by the virus, but ultimately would alow for the user to restore their system and avoid paying the fee.

Another solution that I have seen online is to use cloud based services such as OneDrive and Google Drive. If a users personal data is backed up to a cloud service then in the event of a ransomware attack it will agin remain unaffected.

Granted the solutions mentioned are not the best method for a larger organisation as a cloud based services could potentially be unviable depending on the size of the organisation. And to have a complete back up of every system within a large business is again not the easier thing to achieve.

While there maybe be future ransomware attacks, hopefully the number affected this time around will be significantly less than WannaCry. And my hope would be that with the increased publicity around ransomware individuals and organisation have taken the steps and precautions to protect them self and their systems from an attack of these natures.

Bureau 121 – Who are they?

The Bureau 121 took the lime light recently after accusations that they where behind the WannaCry attacks that affected multiple countries. Although it was never confirmed by the North Korean government, a number of reports have pointed towards North Korea.

They are said to have around 1,800 members that are hand-picked from university and then trained for an additional 5 years before being given their assignment. These assignments could be across the globe, as an incentive they are promised that their family’s will receive greater privileges.

They have been accused of a number of significant and high-profile cyber attacks, these include the WannaCry virus and the attack on Sony.

Just after the WannaCry virus took the world by storm I speculated that there could have been North Korean involvement. This was later confirmed by both the UK and US government. Although the North Korean government have never officially taken credit for the attack.
The hacks that affected Sony Pictures before the release of the movie The Interview were also alleged to have been carried out by North Korea. This was later backed up by security researchers who reported that some of the code used in the hack was written in Korean. Although it was again never officially confirmed it is quite easy to see the connection.

They are also said to conduct regular cyber-attacks aimed at South Korea, this has affected a number of different sectors including banking and broadcasting companies. During 2013 it was alleged that an infected smart phone application was the result of Bureau 121.

While Bureau 121 are not a hacktivist or cyber crime group, they have been causing havoc across the globe and raging cyber-warfare. I find it almost baffling that in a country with such poor human rights and such a poor quality of life that there is a division of the Korean Government who have the ability and skill set to disrupt and damage computer systems across the globe.

Source: CNN, Business Insider, The Market Mogul, BBCNews Week