These are quick first looks and trend and threats

Written by the security and AV professionals from team K7, meant for the general audience
These are usually articles that go into internals of a virus or deal with security issues
Senior managers speak on areas of interest to them, inside and outside the industry

Archive for the ‘Internet’ Category

(Frau)Duly Digi-Signed

Thursday, March 24th, 2016

This is the seventh part of our series on cyber security, and the second part on Digital Signing. This blog post aims to inform readers about the misuse and exploitation of digital signatures.

The previous installment on Digital Signing discussed the security role of digital signatures in today’s era of internet communication and computerisation. Though designed for authentication and tamper-proofing of digital content, digital signatures and certificates are also exploited and misused to a fair extent.

Consider the case of Stuxnet (2010) wherein the device drivers of the rootkit component were digitally signed, and were actually loaded without any notification on infected systems. These drivers were signed by certificates which were actually stolen, and which were ultimately revoked by the CA which issued them.

The signed malware trend has been on the rise since then. To give some insight on the scale of the issue, let us consider a scenario in our own K7TCL. We pulled out data that represents the total number of malware signatures released over certain discrete chunks of time.

Graph 1: Ratio between signed malware and unsigned malware

The above graph depicts that on average at least one-tenth of automated detections released are for files carrying a valid digital signature. The signing certificates could either have been stolen or legitimately acquired for mala fide purposes. Unwanted Programs/Applications/Adware are examples of those that use “legitimately acquired” certificates. It is widely acknowledged that the Potentially Unwanted Programs (PUP)/Potentially Unwanted Applications (PUA) have been posing a serious problem in the AV community for some time.

To understand this better we further refined our stats data and found that it is PUP/PUAs that dominate the number of digitally-signed-file detections at more than 90%.

Graph 2: Ratio between signed PUP/PUAs and signed malware

These PUP/PUAs can more easily circumvent the security policies of recent versions of Windows that restrict unsigned executables from loading into memory. Thus digital signatures, though they make it possible to keep tabs on what gets executed, they can also lend themselves to nagging PUP/PUAs. There has been a huge increase in signed PUP/PUAs over the past couple of years, indicating a potential dilemma faced by CAs. This is apart from the very serious issues that are caused by malware authors signing their creations with paid-up, as well as stolen, digital certificates. Thus the automatic trust factor associated with digital signatures is being eroded on a daily basis.

The CAs also feel the heat since they are required to revoke or blacklist certificates that have been misused. CAs update what is called a Certificate Revocation List (CRL), wherein revoked certificates are published on a regular basis, but the CRL method had its own shortcomings. Hence Online Certificate Status Protocol (OCSP) was deployed, such that it overcame the difficulties that the CRL scheme had with respect to PKI standards.

Nevertheless, Digital Signing, plays a major role in securing digital content, despite the above-described shortcomings.

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

IoT: What the Future Holds

Thursday, March 17th, 2016

Here is part six of the the blog series on the Internet of Things following on from IoT: How are We Going to Protect Ourselves? that concludes the blog series with a brief idea on how we, as a security company, foresee the future of IoT security.

The problems that an IoT consumer user might face is applicable to enterprises as well, on a large scale. The risks could be even higher in the case of enterprises because the devices in industry, e.g. in a nuclear power facility or water plant, cameras in data centres, medical devices in hospitals, etc., could very well also be part of IoT.

Data from millions of credit cards stolen…, hackers stealing passwords from billions of customers…, cyber-criminals stealing intellectual property from world famous XYZ company… these are the subjects of breaking security news over the last couple of years.

In the future it would be awful to hear news like  “Hackers stole billions of IoT data records”, “Cyber-criminals got access to trillion IoT devices”,  “Almost all the household appliances from XYZ country stopped working after a reported attack from ABC group”, etc. As a security company, we would consider such scenarios as possibilities but we would hate to see them manifest themselves.

The next generation of spam messages are not going to be based on assumption but will be purely and precisely based on the user’s IoT device usage and data, as it is now happening with web search items.

There could be a possibility of a new era of cyber war and cyber terrorism, but at the same time, we would like to welcome you all to the new world of cyber security protection!

Remember, the objective of this blog series was not to make users paranoid about IoT or to spread panic. Rather, it was to create and spread awareness on being secure in a more challenging world of IoT! So, by following simple, but important, protection steps, we should be able to protect ourselves better from IoT security dangers.

Here at K7 we have been protecting our customers and their information systems for more than two decades, and we intend to protect even their IoT devices, at home and elsewhere! We would like to witness the ‘Internet of Things’ turning into the ‘Internet of Secure Things’.

Image credits:

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Duly Digi-Signed

Thursday, March 3rd, 2016

Continuing our series on cyber security, following the fifth part on Social Networking, this blog post aims to initiate the readers on the what, where and how of Digital Signatures in information security.

A digital signature is a method of authenticating both the source and the content of any form of electronic data/message. When validated the recipient of the signed electronic data/message can be confident of the integrity of the content, i.e. it hasn’t been altered in any form during transit, and that the sender is the person or entity that signed the content.


Digital signatures are based on asymmetric cryptography; a complex mathematical scheme involving a set of public, i.e. freely distributable, and private (aka ‘secret’) encryption keys is employed to create a secure channel for transmission of data across any network. If deployed correctly the receiver can believe that the data/message is perfectly authentic, and the sender cannot claim that it was fraudulent/forged unless the sender admits that their private key has been stolen and misused.

A basic example of usage of a digital signature would be an e-receipt for an online transaction, such as for an online insurance premium payment for which the insurance company could issue a digitally signed receipt from a specific person in that organisation. This receipt would normally require a signature by hand if done as a physical paper transaction. This method of digital authentication will become more and more prevalent as organisations move away from paper documentation.

Digital signatures are also used in digital certificates that are issued to entities that seek them. A digital certificate is like an identity card issued to an entity by a “Certification Authority” (CA), e.g. VeriSign. The certificate contains information about the entity that has been vetted by the CA, the entity’s public key, the CA’s name and the CA’s digital signature.

Since CAs are meant to carefully vet entities before issuing them certificates for a price, typically from INR 50,000 (USD 800) to INR 100,000 (USD 1500) for a period ranging from 1 year to 3 years for an EV (Extended Validity) Cert, digitally signed files are accorded an enhanced trustworthiness. Windows identifies likely safe or harmless files based on the validity of digital signatures on files that are executed on the OS using pre-populated trusted certificates in its certificate repository. Windows employs UAC (User Access Control) mechanisms to prevent malicious files from executing automatically. Files that have digital signatures from Microsoft can suppress UAC while other signers need to be authorized for execution on ‘first run’.

Websites also use digital certificates for authentication, typically an SSL (Secure Socket Layer) certificate. There are various processes for certifying a website. It can be certified on the domain level based on the registration information or the respective organisation can be certified, which would follow a more manual process of scrutiny to check the authenticity of the organization, etc. An EV Cert however requires a higher level of scrutiny and background checks. If a website handles sensitive, personally identifiable information it should be a secure site with appropriately verified digital certificates.

As seen in the image above a digital certificate is not issued for eternity but only for a stipulated period of time. This is done to ensure that an organisation once legitimate remains legitimate to retain certificate renew rights. A CA could either choose to not issue a certificate to the organisation after the stipulated period is complete or, if the organisation has gone rogue, the CA could revoke the certificate during the validity period. A time limit on the validity of a certificate also reduces the potential damage which could be done if a certificate has been silently leaked, i.e. stolen, and is being used to sign malware.

Microsoft now employs a strict policy on what is allowed to be loaded into Windows kernel memory. Windows 10 strictly loads driver files if and only if they are signed by an EV certificate. An EV cert requires legal and human validation of the purchaser, and is a cert which fulfills the EV vetting criteria of the CA. This move should hopefully disrupt the kernel rootkit infection vector on Windows 10 machines.

Though digital signatures play a big part in securing digital content they too have their fair share of cases of abuse and misuse. A follow up to this blog post that discusses more about how digital signatures are misused can be expected in the near future … stay tuned.

…to part 7: (Frau)Duly Digi-Signed

Images courtesy of:

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

IoT: How are We Going to Protect Ourselves?

Thursday, February 25th, 2016

Here is the fifth part of the blog series on the Internet of Things following its fourth part on “IoT: What the Bad Guys Could Do with Your Hacked Devices”. This part explains the difficulties in protecting an IoT device and a few security steps to safeguard against the risk at the user’s end.

Unfortunately many things are as yet unclear, and therefore not streamlined, when it comes to IoT security. That is, currently there are no proven security standards available for IoT, unlike other sectors such as health, finance, information technology, etc. which have dedicated security standards.

As a world-class security company, our mission is not only to protect people but also to create awareness about cyber security hazards associated with using state-of-the-art technology.

Interestingly, in a report from the U.S. Federal Trade Commission, the security principles a manufacturer should follow while making an IoT device are well-documented. The important ones are:

  • Security by design
  • Data minimization
  • Notice and choice for unexpected uses

We would like to provide some additional detail. We recommend the following steps to vendors who manufacture IoT devices:

  1. Ensure that the appliance firmware is safe and secure by design, and by implementing known security standards, i.e. vulnerability-free.
  2. Ensure that the application developed to communicate with the appliance is safe and secure by design and by implementation.
  3. Always follow data security standards while storing and transmitting the information – this applies to the information stored on the appliance, stored in the application, and information transmitted from appliance to application and vice versa. Storing the data in an encrypted format would be preferable.
  4. Incorporate third-party security auditors to assess the appliance and the IoT application.
  5. If any security vulnerability in the appliance or application is disclosed, immediately notify the users about it and publish an update or patch as soon as possible.

As an IoT consumer, by following these simple steps, you can be better protected from the possible dangers:

  1. In your purchasing decision, instead of going by feature, always go by necessity. If you do not need to control your appliance remotely, then think twice before opting for a remotely-controlled IoT device. What is the use of controlling your refrigerator remotely if you use this feature only seldom? At least disable the IoT feature if not required.
  2. Ask the vendor about the security features that are available in the appliance, and the nature of the information stored or transmitted by the appliance, and the mode for the same.
  3. Ask the vendor about the security features of the application that controls the appliance, and the nature of information stored or transmitted by the application, and the mode for the same.
  4. Make sure that the mobile device that controls the appliance is secure and running with required security applications.
  5. Always use strong passwords for authentication on both the appliance and the application.
  6. Never share appliance passwords, application passwords and the mobile device that controls these appliances, with anyone.
  7. Update the application (firmware)/appliance/mobile device whenever there is an update available for the corresponding item. The automatic update feature is recommended, if available.
  8. Install and update the security suite software on the mobile device that hosts the IoT applications.

…to part 6: what-the-future-holds

Image credit:

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Social Networking

Thursday, February 18th, 2016

Here is the fifth part of the blog series on cyber security, following its fourth part on password management that describes the concept of social networking and  a few tips to follow to have safe networking online.

Social networking is a medium for managing social relations, both personal and professional, using the Internet. Social networking web sites such as Twitter, Facebook, LinkedIn, etc., provide a convenient and efficient online interface for communication with multiple people in a user-friendly manner. People are connected to their friends, family, colleagues, and followers in real-time, even on-the-go using mobile devices. Important events in people’s lives and people’s opinions on any subject seem to be communicated to all only via the social networking medium.

Social networking sites can be used to reach a wide audience very quickly through multiplier effects, e.g. people re-tweeting somebody else’s tweet. Therefore social networking is regularly used to communicate positive content. Sometimes certain content can become so popular amongst the masses that its immediate and far-reaching spread is described as “going viral”.

Unfortunately social networking sites can easily be abused to deliver negative content, intentionally or unintentionally. In addition, social networking sites are time and bandwidth consuming, and help to spread malware, therefore are particularly unwelcome within a work environment.

There are several risks associated with social networking which should be understood and managed effectively:

Users of social networking sites tend to post Personally Identifiable Information (PII) such as bank account and medical information, birthday, phone number, address, etc. online which can be used against them in harmful ways by other users, including professional criminal gangs. This is because information posted online may be accessible publicly. There are examples of burglaries which take place because users are known to be on holiday, leaving their houses empty. Users are advised to:

  • think twice before sharing PII online
  • read the Terms & Conditions of the social networking site carefully to verify what information is considered shareable and with whom
  • consider configuring privacy settings on social networking sites to protect PII better
  • avoid online surveys which extract PII

People in the virtual space of social networking sites cannot have their profiles pre-verified for authenticity so it is possible to create fake profiles which can be used to lure or spy on victims. Children are particularly vulnerable to being stalked by dangerous elements harbouring prurient ideas. In addition cases of use of abusive content to terrorize users are common. These actions are called cyber bullying and trolling, and can take a devastating toll on a person’s mental state. The following security guidelines are recommended:

  • Users should never accept an anonymous friend request.
  • It is important to use Parental Control software such that in K7 Total Security which allows blocking of certain sites or at least enforces restrictions on the time spent on certain sites.

Cyber criminals can spread malware and spam through social networking sites, causing users to expose their computer to infections. The following security guidelines are recommended:

  • Users should never click on the links on anonymous chats
  • Users should never download media files, including images and videos, from unknown sources.
  • Use strong passwords to avoid account hijacking and periodically cross-verify that privacy settings have not been modified.
  • It is important to use world-class, up-to-date Anti-Virus software such as K7 Total Security to protect against malicious files and block phishing and malware website links.

The resource-wasting aspect of social networking sites within an office environment can be prevented by blocking social networking sites locally using K7 Total Security or across managed computers using a central policy deployed by K7 Management Console.

Social networking has even been abused to spread disinformation and propaganda to engender a polarizing effect and mass panic amongst communities, which can be considered a national security threat. This implies that the content on social networking sites needs to be monitored closely and corrective actions taken as per the prevailing laws when security issues arise.

…to part 6: digital signatures

Images courtesy of:

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

IoT: What the Bad Guys Could Do with Your Hacked Devices

Thursday, February 11th, 2016

Following the third part “IoT: Your Personal Data May Not be as Private as You Think” of this series on the Internet of Things, here is part four focussing on what could happen when IoT private information (discussed in “IoT: Your World at Somebody Else’s Fingertips?”) falls into the hands of the bad guys or the cybercrime underworld.

Suppose the bad guys have access to your personal data or hack into your IoT appliances (worst-case scenario!), they could:

  1. Demand a ransom, threatening to sell your private health records to any interested party
  2. Hijack your appliances and render them non-operational, unless you pay a ransom “fee”
  3. Monitor your house by controlling your security cameras without your knowledge, thus determining your presence or, in fact, absence. Along with your ‘Going to Paris on vacation’ post on social media, it enables them to plan a robbery more accurately
  4. Sell your eating and food preferences to various food manufacturing companies or retailers or even to restaurants and hotels, just to provide an added advantage in targeted selling
  5. Sell your clothes-washing habits and clothing preferences to various fashion companies or retailers
  6. Use your device as part of a botnet of billions of hacked devices to conduct a Distributed Denial of Service (DDoS) attack against a specific target. It is interesting to note that this type of attack using IoT devices has already happened. The light bulbs at your home could well already be part of a botnet, consuming your power and internet bandwidth simultaneously!

Perhaps somebody with a vendetta against you could even resort to changing your refrigerator’s temperature settings so that your food goes bad.

We have been witnessing for years what bad guys are capable of doing, e.g. security breaches at big organizations and infamous ransomware. The same tactics might apply here too.

One other dangerous scenario is within the context of cyber warfare. During war time an enemy nation could launch a massive cyber attack on IoT devices in another nation, rendering every IoT device dysfunctional resulting in more chaos, damage and potential loss of life. To this effect, IoT appliances may also be prone to cyber attacks by terrorists.

… to part5: How are we going to protect..

Image credit:

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

IoT: Your Personal Data May Not be as Private as You Think

Thursday, January 21st, 2016

Following the second part “IoT: Your World at Somebody Else’s Fingertips?” of this series on IoT, here is part three focussing on the privacy of the user’s sensitive information.

Privacy becomes a very important factor to consider when it comes to user-specific data that these IoT devices generate and store locally and/or remotely.

Suppose a user’s IoT enabled medical devices send important data about his/her blood pressure, sugar level and diet information (remember the smart refrigerator!), then the user might experience one or more of the following:

  1. one of the nearest hospitals in his/her city might offer attractive packages for health check-ups
  2. medical information might be shared with pharmaceutical companies for them to offer discounted rates on user-specific medicines
  3. medical information like blood pressure, sugar level etc., will be helpful for a fitness company to target the user for a custom-made discounted fitness package
  4. medical records would be useful for an insurance provider to either stop an insurance pay-out or increase the premiums paid based on direct access to the user’s health report

And much, much more!

In addition one’s TV or set-top box might inform the dish service provider about the type of channels one often watches, such that the service provider could offer you a tailored package to renew the provider’s service. You might not even consider finding out what their competitors can offer! Of course, their competitors might well be following the same strategy with their own customers.

All of a sudden you might get an email from a famous detergent company about a discount sale on their brand of washing powder. That’s right, your IoT-enabled washing machine could have given away some information about your usage habits without your knowledge.

“So what?” “It is good anyway since we would save money and time.” You might say. Hold on one sec! There is also the annoyance factor … unsolicited messaging … spam!! That’s apart from the general leakage of personal information unbeknownst to you.

…to part4: IoT: What the Bad Guys do…

Image courtesy of:

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

IoT: Your World at Somebody Else’s Fingertips?

Thursday, January 14th, 2016

Continuing from our previous blog ‘IoT: The World at your Fingertips’ that described the concept of IoT, here is the second part of this blog series that explains the security risks associated with IoT.

Already there are instances where numerous types of IoT devices have been successfully hacked and have been proven to contain security weaknesses. This information demonstrates the point that bad guys can own insecure IoT devices at will or at least retrieve sensitive data easily. Hence it becomes mandatory to be aware of the risks that are associated with IOT enabled devices.

Any device (mostly home appliances) that can be remotely controlled or monitored from the Internet is called an Internet of Things (IoT) device.

Before getting to know the risks of adopting IOT devices, it is important to know what information these devices could hold. One’s

  1. fitness tracker can hold important medical data about one’s health such as blood count, sugar levels, blood pressure, etc., and of course, in turn, one’s general fitness level
  2. pacemaker could carry data about one’s heartbeat
  3. microwave can hold information about cooking patterns and styles; what kind of dishes are cooked in general or on specific days; what food products are used most
  4. washing machine would hold information about clothes-washing patterns, usage of detergents, types of clothes, etc.
  5. TV will know most-viewed programmes, the type of advertisements watched often, the number of hours spent watching movies, etc.
  6. refrigerator can scan the barcodes of the items placed inside. And by scanning the drugs or medicines, the refrigerator could know one’s health profile. It would certainly know one’s eating habits

And much, much more! These are only a tip of the iceberg. The more IOT enabled devices one uses at home, the larger the quantity of private data to be stored on these devices or reported back to a remote repository.

If a stranger has access to Mr X’s IoT devices, he/she can find out Mr X’s lifestyle, Mr X’s food and diet preferences, the programmes Mr X watches often, the movies Mr X likes, the kind of clothes Mr X buys often, whether Mr X has high blood pressure, how Mr X’s health is likely to be next year. And what not?

In recent days this type of personal, private user information definitely yields money when sold on the market! How? Targeted advertising! This implies that IoT users need to be aware of good security hygiene and implement good security practices regularly in order to avoid potentially unpleasant situations post the loss of sensitive data.

…to part3: Privacy

Images courtesy of:

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

IoT: The World at your Fingertips

Thursday, January 7th, 2016

Following the success of our blog series on cyber security, we would like to start a brand new blog series describing the concept of the Internet of Things (IoT) security to create and spread awareness among the general public on being secure in the world of IoT. This is the first part of this series that talks about the basic concepts of IoT to help people to handle IoT in a secured way.

As per Gartner predictions, 6.4 billion connected things, with 5.5 million new things per day, will get connected by 2016. The number of people that can connect to their home appliances remotely and control them from anywhere will increase. Ten years back, connecting to a home microwave or turning on the air conditioner while travelling back home were only part of James Bond movies. Well, these days we can all be 007.

With the advent of mobile operating system technology such as Android and nanotechnology, anyone can control any kind of device remotely using the Internet. Some of the possibilities are:

  1. The air conditioner at home can be switched on/off, and set to a specific temperature while returning back from the office. By the time you reach home, your house will be just as cool as you like it to be.
  2. The washing machines can be turned on so before you reach home the water is filled for you.
  3. The microwave can begin the process of cooking or heating your dinner so that it’s ready to eat at the time of your arrival.
  4. Your fitness tracker can monitor your body blood pressure, sugar levels and body temperature; etc. Your babies can also be monitored with the same fitness devices.
  5. The cameras at your house will let you know the movements inside and outside your home. You can keep watch as required from the comfort of your office … although your boss may not be too pleased with that.

The possibilities and benefits are unlimited but, unfortunately, so are the risks. If you are able to access these appliances remotely, it is also possible for unauthorised parties to access them, if adequate security measures have not been implemented. We will see more about this later in the upcoming parts of this blog series.

Your car, washing machine, pacemaker, microwave, furnaces, refrigerator, household cameras, smoke detectors, light bulbs, and even your watch can play a part in IoT. All of these can be controlled remotely at your fingertips. Interesting, isn’t it?

“With great power comes great responsibility”, applies perfectly to the people who will control their IoT enabled home appliances.

If you think a little bit about how one uses technology to control and command home appliances, it becomes apparent that a single device or app can be used to control them. You only say what needs to be done to these applications and they in turn communicate with the appliances to control them. For example, if you purchase an IOT enabled washing machine, the manufacturer will provide you with an application that can be used to operate your washing machine remotely. You simply install the app on your mobile device (that has an internet connection) and using the buttons within the application, you start operating your washing machine while travelling!

Now, if somebody compromises this application it means they own the IOT appliance. Owning one or more of your home appliances could mean owning your house. Sometimes it could even mean owning you and your family! The “benefits” of controlling your home remotely!

The advertisements generally downplay the risks that are associated with this concept.

The primary benefit of IOT is the ability to manage time more efficiently, given the ability to control and monitor various household stuff remotely. Let’s take the health benefits that these devices are intended to bring. Monitoring blood level, blood pressure etc., were big tasks ten years back, so much so that they required a hospital visit. Now tests can be done everyday, and the results monitored so that you may plan your diet accordingly. Your family physician may also be able to monitor your health parameters and sound the alarm if things go wrong. Fabulous.

However, there is a major problem. If someone compromises the IOT enabled devices, then there is a serious impact on personal privacy and safety for the owner of the device and his/her family. We are going to have around 6.4 billion connected things by 2016! All the better to hack with.

The objective of this blog series is certainly not to spread panic about IoT. IoT is here to stay. However it is important to create and spread awareness on being secure in the world of IOT!

…to part2: Security risks with IoT

Images courtesy of:


Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Scareware, Rogue AV & Ransomware

Thursday, December 31st, 2015

This is the third part of the blog series on cyber security, continuing from its second part on mobile security, focussing on the malware type that utilizes a user’s fear of data loss to extort monetary benefits, and a few precautionary steps to follow to avoid being a victim of this type of malware.


In the modern day most malware are written for monetary gain. Scareware is a generic term to describe a category of malware which use the strong emotion of fear to force alarmed victims of an attack to pay an amount of money, typically tens to hundreds of US Dollars, to the attacker to restore normality on their computer/device.

Examples of scareware include malware which:

  1. display fake messages to the user about virus infections or system errors on the computer for which the fixing solution requires payment of a sum of money
  2. lock-down or claim to have locked-down access to some aspects of computer functionality such as use of the screen or personal documents, for which regaining access involves payment of a sum of money

Scareware typically infect users’ computers through downloading malicious attachments or clicking links in spam, or through accidentally visiting hacked websites.

As always it is important to ensure that you:

  1. Do not open emails from strangers, including fake messages from well-known companies such as FedEx or DHL
  2. Keep your operating system and third-party software, e.g. browsers and document readers, completely up-to-date with security updates. Avoid pirated software
  3. Use top-rate, genuine, up-to-date Anti-Virus software such as K7 Internet Security with strong Internet Security features such as malicious spam blocking, malicious website-blocking and browser-exploit protection

Scareware can affect both PCs (typically with a Windows operating system) as well as mobile devices (typically with an Android operating system which can be protected by K7 Mobile Security).

Rogue AV

Rogue AV or Fake AV is a subset of the scareware category of malware. Rogue AV pretends to be a legitimate Anti-Virus program which proceeds to display fake warnings of numerous virus infections on the computer.The fake warning window may steal the computer’s focus and then remain persistent with the malware preventing attempts to close it. Users are made to believe that only if they fork out a sizeable sum of money would the virus infections be cleaned up and the computer restored to a good state.

Historically Rogue AV has been associated with the use of Search Engine Optimization (SEO) poisoning which ensured that hacked websites controlled by the attackers ranked highly when trending topics were searched for in a web search engine such as Google. When the user clicked on one of these attacker-controlled links the user’s computer would get infected. Rogue AV is most commonly found on Windows PCs, but has also been known to infect MacOS computers.


Ransomware is a type of malware, becoming more common by the day, which denies access to your computer resources until a hefty sum is paid to the criminal gang which caused the infection.

The typical resources held to ransom are as follows:

  1. Personal documents, images, and other files – In this case the files are encrypted so that they become unusable. After the files are encrypted the ransomware displays a splash screen informing the victim of this action and demanding a ransom payment to restore the files. Recovering these files requires obtaining the decryption key from the malware syndicates for a fee amounting to hundreds of US Dollars. Payment is made through guaranteed anonymous channels such as the BitCoin network. The first major ransomware family of this type was called Cryptolocker.
  2. Device screen – In this case the screen is frozen by the malware with a ransom demand visible. The user is allowed to make the payment to unlock the screen. One prevalent family of ransomware which locks the screen is called Reveton.

Users are advised to avoid paying this type of ransom demand for the following reasons:

  1. Generating income for cyber crooks would only serve to incentivise their criminal activities, and would fuel their future attacks
  2. There is absolutely no guarantee that paying up the ransom of potentially hundreds of dollars would actually restore your files or unlock your screen

In addition to the recommendations above, to guard against Scareware in general, it is also important to ensure that you back up your important files in a disciplined fashion on external media and/or on online repositories. If you are not in the habit of backing up your files, this practice is highly recommended since data loss from a failed hard disk at a future date is a probable event, far likely than a ransomware infection.

Happy New Year!

…to part4: Passwords – Hashes to Ashes

Images courtesy of:

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: