Cyberpolice informs about the spread of a new virus

Cyberpolice informs about the spread of a new virus

Ukrainian cyberpolice recorded cases of the spread of a new virus disguised as a message from state institutions. Malicious software is aimed at users who are private notaries of Ukraine, and work on PCs running MS Windows.

For the transfer of malicious software offenders used postal services of Ukrainian companies www.ukr.net and www.i.ua. The message with harmful applications came allegedly on behalf of government agencies, including courts of various instances. To infect users’ computers, attackers used several types of viruses that have similar functionality. At the same time, various methods of their distribution were used, for example, users received archive files that externally looked like PDF files, reports the Department of Cyber ​​Police.

The criminals even falsified the contents of these files – outwardly they looked like a scanned document created on behalf of a state institution. In other cases, the spread of the virus occurred with the help of documents of the DOCX format with an embedded malicious “OLE” object. After the user opened the document, the malicious software was launched and an entry was automatically added to the registry of the operating system for its automatic loading.

During the in-depth analysis, the cyber police experts installed: each time the virus was launched from the system disk folder by the link: \ ProgramData \ Microtik \ winserv.exe. After that, the malicious software went into a hidden connection standby mode and provided full access to the victim’s computer resources.

According to the analysis, this virus is a modified version of TektonIT’s legal RMS software (RMS is a professional computer remote control product)

The Department of Cyber ​​Police, in order to avoid infecting their computers, advises users to adhere to the following tips:

First, in no case do not open letters from dubious recipients with dubious content. Before opening it is better to receive confirmation from the sender of such a letter by other possible means of communication.

Second, install licensed operating system software and use anti-virus software.

Third, systematically update the operating system and software products.

Fourth, do not allow access by unauthorized persons to the personal computer.

Also, users can independently prevent the automatic launch of such a virus, for which the following steps should be performed:

• Start the registry editor (to do this, press the “Start” key and enter the “regedit” entry for the search);

• Locate the following registry branch – HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

• Personally delete the found entry with the following content – “Microtik”

• On the system disk of the operating system, delete the folder -: \ ProgramData \ Microtik

• Restart computer

Leading global information security companies such as Trend Micro and F-Secure always recommend users to be careful with open links and attachments, as well as with the files you install on your computer. It is worth remembering that the majority of viruses, phishing and malware come to corporate networks via mail or a web browser, so you should carefully pay attention to which links you click and download on your PC. The presence of anti-virus, anti-spam solutions significantly minimizes the risk of “catching” the virus in corporate networks. That is why solutions (antiviruses, antispam) for safe work with PC from Trend Micro and F-Secure help to level the threat of virus penetration on PCs, experts of AXOFT recommend.

More information about Trend Micro and F-Secure software solutions can be obtained from AXOFT managers by phone at +38 044 201 03 03 or by e-mail: axoft@axoft.ua