These are quick first looks and trend and threats

Written by the security and AV professionals from team K7, meant for the general audience
These are usually articles that go into internals of a virus or deal with security issues
Senior managers speak on areas of interest to them, inside and outside the industry

Archive for the ‘Security Tips’ Category

IoT: How are We Going to Protect Ourselves?

Thursday, February 25th, 2016

Here is the fifth part of the blog series on the Internet of Things following its fourth part on “IoT: What the Bad Guys Could Do with Your Hacked Devices”. This part explains the difficulties in protecting an IoT device and a few security steps to safeguard against the risk at the user’s end.

Unfortunately many things are as yet unclear, and therefore not streamlined, when it comes to IoT security. That is, currently there are no proven security standards available for IoT, unlike other sectors such as health, finance, information technology, etc. which have dedicated security standards.

As a world-class security company, our mission is not only to protect people but also to create awareness about cyber security hazards associated with using state-of-the-art technology.

Interestingly, in a report from the U.S. Federal Trade Commission, the security principles a manufacturer should follow while making an IoT device are well-documented. The important ones are:

  • Security by design
  • Data minimization
  • Notice and choice for unexpected uses

We would like to provide some additional detail. We recommend the following steps to vendors who manufacture IoT devices:

  1. Ensure that the appliance firmware is safe and secure by design, and by implementing known security standards, i.e. vulnerability-free.
  2. Ensure that the application developed to communicate with the appliance is safe and secure by design and by implementation.
  3. Always follow data security standards while storing and transmitting the information – this applies to the information stored on the appliance, stored in the application, and information transmitted from appliance to application and vice versa. Storing the data in an encrypted format would be preferable.
  4. Incorporate third-party security auditors to assess the appliance and the IoT application.
  5. If any security vulnerability in the appliance or application is disclosed, immediately notify the users about it and publish an update or patch as soon as possible.

As an IoT consumer, by following these simple steps, you can be better protected from the possible dangers:

  1. In your purchasing decision, instead of going by feature, always go by necessity. If you do not need to control your appliance remotely, then think twice before opting for a remotely-controlled IoT device. What is the use of controlling your refrigerator remotely if you use this feature only seldom? At least disable the IoT feature if not required.
  2. Ask the vendor about the security features that are available in the appliance, and the nature of the information stored or transmitted by the appliance, and the mode for the same.
  3. Ask the vendor about the security features of the application that controls the appliance, and the nature of information stored or transmitted by the application, and the mode for the same.
  4. Make sure that the mobile device that controls the appliance is secure and running with required security applications.
  5. Always use strong passwords for authentication on both the appliance and the application.
  6. Never share appliance passwords, application passwords and the mobile device that controls these appliances, with anyone.
  7. Update the application (firmware)/appliance/mobile device whenever there is an update available for the corresponding item. The automatic update feature is recommended, if available.
  8. Install and update the security suite software on the mobile device that hosts the IoT applications.

…to part 6: what-the-future-holds

Image credit:

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Social Networking

Thursday, February 18th, 2016

Here is the fifth part of the blog series on cyber security, following its fourth part on password management that describes the concept of social networking and  a few tips to follow to have safe networking online.

Social networking is a medium for managing social relations, both personal and professional, using the Internet. Social networking web sites such as Twitter, Facebook, LinkedIn, etc., provide a convenient and efficient online interface for communication with multiple people in a user-friendly manner. People are connected to their friends, family, colleagues, and followers in real-time, even on-the-go using mobile devices. Important events in people’s lives and people’s opinions on any subject seem to be communicated to all only via the social networking medium.

Social networking sites can be used to reach a wide audience very quickly through multiplier effects, e.g. people re-tweeting somebody else’s tweet. Therefore social networking is regularly used to communicate positive content. Sometimes certain content can become so popular amongst the masses that its immediate and far-reaching spread is described as “going viral”.

Unfortunately social networking sites can easily be abused to deliver negative content, intentionally or unintentionally. In addition, social networking sites are time and bandwidth consuming, and help to spread malware, therefore are particularly unwelcome within a work environment.

There are several risks associated with social networking which should be understood and managed effectively:

Users of social networking sites tend to post Personally Identifiable Information (PII) such as bank account and medical information, birthday, phone number, address, etc. online which can be used against them in harmful ways by other users, including professional criminal gangs. This is because information posted online may be accessible publicly. There are examples of burglaries which take place because users are known to be on holiday, leaving their houses empty. Users are advised to:

  • think twice before sharing PII online
  • read the Terms & Conditions of the social networking site carefully to verify what information is considered shareable and with whom
  • consider configuring privacy settings on social networking sites to protect PII better
  • avoid online surveys which extract PII

People in the virtual space of social networking sites cannot have their profiles pre-verified for authenticity so it is possible to create fake profiles which can be used to lure or spy on victims. Children are particularly vulnerable to being stalked by dangerous elements harbouring prurient ideas. In addition cases of use of abusive content to terrorize users are common. These actions are called cyber bullying and trolling, and can take a devastating toll on a person’s mental state. The following security guidelines are recommended:

  • Users should never accept an anonymous friend request.
  • It is important to use Parental Control software such that in K7 Total Security which allows blocking of certain sites or at least enforces restrictions on the time spent on certain sites.

Cyber criminals can spread malware and spam through social networking sites, causing users to expose their computer to infections. The following security guidelines are recommended:

  • Users should never click on the links on anonymous chats
  • Users should never download media files, including images and videos, from unknown sources.
  • Use strong passwords to avoid account hijacking and periodically cross-verify that privacy settings have not been modified.
  • It is important to use world-class, up-to-date Anti-Virus software such as K7 Total Security to protect against malicious files and block phishing and malware website links.

The resource-wasting aspect of social networking sites within an office environment can be prevented by blocking social networking sites locally using K7 Total Security or across managed computers using a central policy deployed by K7 Management Console.

Social networking has even been abused to spread disinformation and propaganda to engender a polarizing effect and mass panic amongst communities, which can be considered a national security threat. This implies that the content on social networking sites needs to be monitored closely and corrective actions taken as per the prevailing laws when security issues arise.

…to part 6: digital signatures

Images courtesy of:

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

IoT: What the Bad Guys Could Do with Your Hacked Devices

Thursday, February 11th, 2016

Following the third part “IoT: Your Personal Data May Not be as Private as You Think” of this series on the Internet of Things, here is part four focussing on what could happen when IoT private information (discussed in “IoT: Your World at Somebody Else’s Fingertips?”) falls into the hands of the bad guys or the cybercrime underworld.

Suppose the bad guys have access to your personal data or hack into your IoT appliances (worst-case scenario!), they could:

  1. Demand a ransom, threatening to sell your private health records to any interested party
  2. Hijack your appliances and render them non-operational, unless you pay a ransom “fee”
  3. Monitor your house by controlling your security cameras without your knowledge, thus determining your presence or, in fact, absence. Along with your ‘Going to Paris on vacation’ post on social media, it enables them to plan a robbery more accurately
  4. Sell your eating and food preferences to various food manufacturing companies or retailers or even to restaurants and hotels, just to provide an added advantage in targeted selling
  5. Sell your clothes-washing habits and clothing preferences to various fashion companies or retailers
  6. Use your device as part of a botnet of billions of hacked devices to conduct a Distributed Denial of Service (DDoS) attack against a specific target. It is interesting to note that this type of attack using IoT devices has already happened. The light bulbs at your home could well already be part of a botnet, consuming your power and internet bandwidth simultaneously!

Perhaps somebody with a vendetta against you could even resort to changing your refrigerator’s temperature settings so that your food goes bad.

We have been witnessing for years what bad guys are capable of doing, e.g. security breaches at big organizations and infamous ransomware. The same tactics might apply here too.

One other dangerous scenario is within the context of cyber warfare. During war time an enemy nation could launch a massive cyber attack on IoT devices in another nation, rendering every IoT device dysfunctional resulting in more chaos, damage and potential loss of life. To this effect, IoT appliances may also be prone to cyber attacks by terrorists.

… to part5: How are we going to protect..

Image credit:

Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Passwords – Hashes to Ashes

Thursday, February 4th, 2016

This is the fourth part of the blog series on cyber security, continuing from its third part on Scareware, RogueAV and Ransomware, focussing on the dangers of choosing weak passwords and the consequences of recycling the same password across different online accounts, and a few tips on how to determine a suitably strong password.

In today’s digital age, people’s lives seem to revolve around passwords.  Passwords to online portals play an important role in securing access to a user’s online information, whether financial, professional or personal. Hence, users are perennially advised to always secure their accounts with strong passwords.

Many online portals alert users about inadequate password strength when setting up the login credentials for a user account.  Some online portals may even enforce strong password before the account is set up. Users must consider password depth while deciding on an account’s password to avoid their passwords being hacked easily.

From a security perspective, using the same password for a user’s multiple accounts is dangerous, both for personal accounts as well as in a professional environment.  In this case a hacker need hack only one account to have the credentials to have access to the victim’s other accounts and the sensitive information held therein.

Users should beware the consequences of using weak passwords. Here are a few of the general mistakes which lead to coining weak passwords:

  • Passwords which have been used previously
  • A user’s friend’s or family member’s name or date of birth
  • Favourite food/place name
  • A user’s own name
  • A single word from a dictionary
  • A common name
  • The username reused as the password
  • Keyboard patterns/swipes, etc., e.g. qwerty

Usually hackers try to hack an account by attempting common words as passwords at first, and then with complicated words by combinations. This process, a simple form of “bruteforce attack”, need not be done by hand, but is rather automated using hacking tools. Here is an example to show how much time it would take1 for a hacker to crack a user’s password:

In order to safeguard against these types of attacks, here are few tips on how to choose and maintain a secure password:

  • Use unique passwords for every account, i.e. never repeat passwords across online accounts
  • Use a long, alphanumeric password with punctuation to match the recommended password strength, e.g. Th!sL00ks5trOng:-)
  • Never leave the login session unclosed or to timeout automatically. Logout/Sign-out immediately once the work is done
  • Never share your passwords or any account credentials with others
  • Backup login credentials in different devices/media in encrypted format to avoid data loss in the case of lost/stolen devices
  • Avail of a reputed Password Manager to assist you in managing your passwords

Benefits of using a Password Manager:

  • Password Manager can generate strong passwords
  • It can save your credentials and auto login/fill-in the next time you visit a known site, provided password security is ensured
  • You don’t have to worry about forgetting passwords

Choose a Password Manager that ensures data security by encrypting the passwords.


… to part 5: Social networking

Image courtesy of:

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

IoT: The World at your Fingertips

Thursday, January 7th, 2016

Following the success of our blog series on cyber security, we would like to start a brand new blog series describing the concept of the Internet of Things (IoT) security to create and spread awareness among the general public on being secure in the world of IoT. This is the first part of this series that talks about the basic concepts of IoT to help people to handle IoT in a secured way.

As per Gartner predictions, 6.4 billion connected things, with 5.5 million new things per day, will get connected by 2016. The number of people that can connect to their home appliances remotely and control them from anywhere will increase. Ten years back, connecting to a home microwave or turning on the air conditioner while travelling back home were only part of James Bond movies. Well, these days we can all be 007.

With the advent of mobile operating system technology such as Android and nanotechnology, anyone can control any kind of device remotely using the Internet. Some of the possibilities are:

  1. The air conditioner at home can be switched on/off, and set to a specific temperature while returning back from the office. By the time you reach home, your house will be just as cool as you like it to be.
  2. The washing machines can be turned on so before you reach home the water is filled for you.
  3. The microwave can begin the process of cooking or heating your dinner so that it’s ready to eat at the time of your arrival.
  4. Your fitness tracker can monitor your body blood pressure, sugar levels and body temperature; etc. Your babies can also be monitored with the same fitness devices.
  5. The cameras at your house will let you know the movements inside and outside your home. You can keep watch as required from the comfort of your office … although your boss may not be too pleased with that.

The possibilities and benefits are unlimited but, unfortunately, so are the risks. If you are able to access these appliances remotely, it is also possible for unauthorised parties to access them, if adequate security measures have not been implemented. We will see more about this later in the upcoming parts of this blog series.

Your car, washing machine, pacemaker, microwave, furnaces, refrigerator, household cameras, smoke detectors, light bulbs, and even your watch can play a part in IoT. All of these can be controlled remotely at your fingertips. Interesting, isn’t it?

“With great power comes great responsibility”, applies perfectly to the people who will control their IoT enabled home appliances.

If you think a little bit about how one uses technology to control and command home appliances, it becomes apparent that a single device or app can be used to control them. You only say what needs to be done to these applications and they in turn communicate with the appliances to control them. For example, if you purchase an IOT enabled washing machine, the manufacturer will provide you with an application that can be used to operate your washing machine remotely. You simply install the app on your mobile device (that has an internet connection) and using the buttons within the application, you start operating your washing machine while travelling!

Now, if somebody compromises this application it means they own the IOT appliance. Owning one or more of your home appliances could mean owning your house. Sometimes it could even mean owning you and your family! The “benefits” of controlling your home remotely!

The advertisements generally downplay the risks that are associated with this concept.

The primary benefit of IOT is the ability to manage time more efficiently, given the ability to control and monitor various household stuff remotely. Let’s take the health benefits that these devices are intended to bring. Monitoring blood level, blood pressure etc., were big tasks ten years back, so much so that they required a hospital visit. Now tests can be done everyday, and the results monitored so that you may plan your diet accordingly. Your family physician may also be able to monitor your health parameters and sound the alarm if things go wrong. Fabulous.

However, there is a major problem. If someone compromises the IOT enabled devices, then there is a serious impact on personal privacy and safety for the owner of the device and his/her family. We are going to have around 6.4 billion connected things by 2016! All the better to hack with.

The objective of this blog series is certainly not to spread panic about IoT. IoT is here to stay. However it is important to create and spread awareness on being secure in the world of IOT!

…to part2: Security risks with IoT

Images courtesy of:


Senthil Velan
Manager,Vulnerability Research

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Scareware, Rogue AV & Ransomware

Thursday, December 31st, 2015

This is the third part of the blog series on cyber security, continuing from its second part on mobile security, focussing on the malware type that utilizes a user’s fear of data loss to extort monetary benefits, and a few precautionary steps to follow to avoid being a victim of this type of malware.


In the modern day most malware are written for monetary gain. Scareware is a generic term to describe a category of malware which use the strong emotion of fear to force alarmed victims of an attack to pay an amount of money, typically tens to hundreds of US Dollars, to the attacker to restore normality on their computer/device.

Examples of scareware include malware which:

  1. display fake messages to the user about virus infections or system errors on the computer for which the fixing solution requires payment of a sum of money
  2. lock-down or claim to have locked-down access to some aspects of computer functionality such as use of the screen or personal documents, for which regaining access involves payment of a sum of money

Scareware typically infect users’ computers through downloading malicious attachments or clicking links in spam, or through accidentally visiting hacked websites.

As always it is important to ensure that you:

  1. Do not open emails from strangers, including fake messages from well-known companies such as FedEx or DHL
  2. Keep your operating system and third-party software, e.g. browsers and document readers, completely up-to-date with security updates. Avoid pirated software
  3. Use top-rate, genuine, up-to-date Anti-Virus software such as K7 Internet Security with strong Internet Security features such as malicious spam blocking, malicious website-blocking and browser-exploit protection

Scareware can affect both PCs (typically with a Windows operating system) as well as mobile devices (typically with an Android operating system which can be protected by K7 Mobile Security).

Rogue AV

Rogue AV or Fake AV is a subset of the scareware category of malware. Rogue AV pretends to be a legitimate Anti-Virus program which proceeds to display fake warnings of numerous virus infections on the computer.The fake warning window may steal the computer’s focus and then remain persistent with the malware preventing attempts to close it. Users are made to believe that only if they fork out a sizeable sum of money would the virus infections be cleaned up and the computer restored to a good state.

Historically Rogue AV has been associated with the use of Search Engine Optimization (SEO) poisoning which ensured that hacked websites controlled by the attackers ranked highly when trending topics were searched for in a web search engine such as Google. When the user clicked on one of these attacker-controlled links the user’s computer would get infected. Rogue AV is most commonly found on Windows PCs, but has also been known to infect MacOS computers.


Ransomware is a type of malware, becoming more common by the day, which denies access to your computer resources until a hefty sum is paid to the criminal gang which caused the infection.

The typical resources held to ransom are as follows:

  1. Personal documents, images, and other files – In this case the files are encrypted so that they become unusable. After the files are encrypted the ransomware displays a splash screen informing the victim of this action and demanding a ransom payment to restore the files. Recovering these files requires obtaining the decryption key from the malware syndicates for a fee amounting to hundreds of US Dollars. Payment is made through guaranteed anonymous channels such as the BitCoin network. The first major ransomware family of this type was called Cryptolocker.
  2. Device screen – In this case the screen is frozen by the malware with a ransom demand visible. The user is allowed to make the payment to unlock the screen. One prevalent family of ransomware which locks the screen is called Reveton.

Users are advised to avoid paying this type of ransom demand for the following reasons:

  1. Generating income for cyber crooks would only serve to incentivise their criminal activities, and would fuel their future attacks
  2. There is absolutely no guarantee that paying up the ransom of potentially hundreds of dollars would actually restore your files or unlock your screen

In addition to the recommendations above, to guard against Scareware in general, it is also important to ensure that you back up your important files in a disciplined fashion on external media and/or on online repositories. If you are not in the habit of backing up your files, this practice is highly recommended since data loss from a failed hard disk at a future date is a probable event, far likely than a ransomware infection.

Happy New Year!

…to part4: Passwords – Hashes to Ashes

Images courtesy of:

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Mobile Security

Thursday, December 24th, 2015

Here is the second part of the blog series on secure computing, following on from part one “Dealing with Spam”. This blog talks about the possible security threats to smartphone users, the need for awareness about these security threats and a few smart steps to adopt in choosing the application market place and downloading an application.

There is a huge increase in smartphone usage year-on-year because it:

  • is trendy
  • helps in easy communication, both business and personal
  • provides portable and easy internet access

Nowadays, almost everything is mobile. A smartphone user is now comfortable in carrying out all his/her day-to-day commercial activities like paying bills, booking tickets, shopping, etc., through the smartphone.

The available major operating systems for the smartphones are Android, Windows Phone, iOS, Blackberry and the growing Tizen.

The security threat level to a smartphone user is increasing at a rate equal to the surge in smartphone usage. Each of the above-mentioned mobile operating systems has had security threats. Android is the one that dominates other mobile operating systems in terms of malware count. Android malware’s growth rate is comparable to that for desktop Windows malware.

Generally, a mobile malware reaches a user’s smartphone through one of the following ways:

  • Social engineering tricks
  • Social networking sites
  • Bundled applications (malware packed with good applications)

As there is a financial transaction involved in many user activities, it is advised to download the concerned applications from the recommended official market rather than downloading from any other third-party market. The reason behind this is that there are many malware or fake applications, especially in third-party markets that steal a user’s personal information like credit card details, contacts list, call logs, etc.,which ultimately result in a financial loss to the user by sending out premium-rate SMS messages that cost money or by downloading other malware applications.

For example, the supposed first iOS malware FindandCall hacks the contacts list from the victim’s device and sends it to a remote hacker. The hacked contacts list is used for sending out spam messages. Adding to this, the recent “Inception” malware identified with Blackberry devices attacks other operating system like iOS, Android and windows computers as well. This malware also collects various device specific information including call logs, contact information, etc.

It is also identified that there are a few malware applications that come pre-installed on new smartphones as well, as in the case of the Android malware “DeathRing”.

A few advertising applications (adware) identified in the third-party markets install themselves as system level applications. After their installation, the adware apps display unwanted advertisements irrespective of the application currently being accessed by the user. There is a possibility that clicking on such advertisements could download a malware application.

Here are a few of the steps to follow before downloading an application:

  • Think twice before you download an application whether you really need it
  • Check any documented usage of the application to ensure that it does not perform any functionality separate from your expectations
  • Verify the reputation of the application by checking the reviews available
  • Avail of the possible application verification feature(s) like “verify apps” in recent Android OSs to identify a malware before installation

In addition the following practices are advised to improve mobile security hygiene:

  • Avoid using free Wi-Fi hotspots, in particular those that are not password protected, especially when conducting sensitive transactions such as online payments
  • Always password-protect access to your smartphone to protect better against data theft if the phone is lost or stolen
  • Install a reputed Mobile Security software such as K7 Mobile Security to stop a malware from infecting your mobile and acting silently in the background.

…to part3: Scareware,Rogue AV & Ransomware

Images courtesy of:

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

#ChennaiFloods: Clearing Up Afterwards

Thursday, December 10th, 2015

Social media played a crucial role in Chennai’s relief efforts during a natural disaster. This blog intends to convey to the general audience what needs to be done afterwards.

Chennai, home to K7 Computing, a metropolitan city in the southern part of India was ravaged by floods last week. Historic rainfall in huge measure broke a century-old record for the highest rain in this region, and the subsequent clogging up of Chennai’s water bodies contributed to the flood situation. Chennai’s infrastructure took a massive hit with transport (road, rail and air), electricity and communication systems (mobile, landline and internet) going down and stalling in the worst affected areas.

Social media played a crucial role in guiding Chennai through this crisis. Once help started pouring in from all corners, it was crucial to direct the help to where it was needed the most. People with relief material posted to social media, while people in the field guided them as to where the materials needed to go. Though internet connectivity was intermittent at best, social media was invaluable in coordinating the relief effort to the stranded and dispossessed.

Relatives who couldn’t contact their kith and kin residing in the affected areas also posted details to social media, so that volunteers or rescue people tending to that area could respond regarding the well-being of those people.

Thus social media was put to a good and effective use at the time of a crisis. But there is always the flip side to a coin; rumors flew across the social medium “warning” that the worst days aren’t over but are yet to come, which led to people fleeing to their hometowns and stocking up essential items to an extent greater than that which was required etc. There were even cases where volunteers with relief materials were misguided to some area only to find that the area had already been tended to, and they had followed a false or repetitively forwarded message. In such troubled times it is ill-advised to fuel such rumors, as the effects can be very serious indeed.

One week after the devastation Chennai is slowly getting back on its feet. People have started clearing out the debris left by the floods. During this time, apart from relief and help, a lot of personal information was also shared via social media. Hence it is advisable that people take some time to clear the personally identifiable information (PII) from their social media profiles, and the sooner the better to avoid forgetting to do it. Though this data would already have been cached somewhere by a search engine it is bound to “fade out” in time once the source is removed. PII revealed online is considered a goldmine for cyber criminals.

The image (adapted to suit the article) is courtesy of

Kaarthik RM
Threat Researcher, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Dealing with Spam

Thursday, November 26th, 2015

In the interest of educating the general public about secure computing, we would like to share a blog series that intends to explain the various types of security threats over the Internet and a few precautionary steps to avoid falling prey to these security threats. This is the first part of the blog series that talks about the basic concepts of spam emails, their dangers and a few preventive measures to adopt to deal with them.

The message or email which we receive over the Internet but we never asked for is called spam. Mostly such messages are sent from unknown email addresses, using computer programs called spambots, to a bulk number of users for marketing a product or cheating the user, typically for financial gain. Spam uses social engineering tricks on victims to trick them into performing an action specified in the message.

In recent years the number of spam messages has considerably increased so much that one cannot differentiate them from legitimate messages in one’s inbox.

Spam includes unwanted messages using varied themes like:

  • a person requesting for help
  • being told that we have become a lucky winner of a prize or a victim of blackmail
  • a newsletter that is never subscribed to
  • fake job offers
  • malware
  • obscene material
  • a huge bounty is promised out of the blue from an individual from a different country
  • someone offering a business partnership
  • a claim that we need to prove our identity by logging in or resetting the password of our bank account, email account, etc. This dangerous attack is called “phishing”
  • causing a social issue with fake news
  • offers on weight-loss products, medicines, drugs, etc.,

Spam consumes lots of storage space, internet bandwidth and other resources on a user’s computer or device. It can defame a brand and the products advertised are mostly illegal or banned. Some spam messages may also try to steal the victim’s personal information as in the case of phishing attacks. Apart from exhausting one’s time, and spreading malware, the above-mentioned points provide several other reasons to declare spam to be dangerous. Filtering out spam from our inbox helps us to use email services at ease.

How do we deal with spam? When we suspect an email to be spam, we can:

  • Mark it as spam through the feature available in most of the email service providers

  • Create filters to move emails to a spam folder, thus preventing them from polluting one’s inbox. Filtering is also possible by adding specific email addresses to the ignore list, specific contents in the subject line of the email, etc.
  • report such messages to various spam control authorities
  • use anti-spam software which can block a spam email based on previously recorded spam activities, suspicious titles or content, spam score and various other factors. K7 products contain in-built anti-spam features and also block malware which harvest email addresses from the computer

Additionally, the following safety guidelines are recommended when dealing with spam:

  • Do not open emails that you never expected or suspect to have come from an unknown user. Most certainly don’t respond to such emails
  • Avoid using the “unsubscribe” option that sometimes comes in spam emails as this would intimate to the spammers that your email address is a valid one
  • Do not forward chain emails and suspected spam emails
  • Do not publish your email addresses in public forums and comments sections. Use of temporary email addresses can help to some extent in these cases

We need to realise that changing our email address is not a long-term solution to the spam problem, as email harvesters can obtain one’s email address through various ways. Unless and until, we habituate better Internet practices, we can never learn to safeguard ourselves from spam.

…to part 2: Mobile Security

Images courtesy of:

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader:

Preinstalled: Clean or Malware System App?

Tuesday, November 17th, 2015

This blog intends to educate the general public about the various privilege levels in which an Android malware can be installed and the difficulties in removing malware that are installed as system applications.

The trend of malware or adware preinstalled as system apps is an increasingly worrying one, albeit not a completely new phenomenon.

With security in mind, Android system applications are hosted in the system partition with high privileges unlike user-installed applications, and cannot be uninstalled or modified easily by an end user. Therefore the installation of malware as a system app complicates the removal process.

The privilege levels under which a malware can be installed on a victim’s device are as follows:

  • User level – location on the device: /data/app
  • System level – location on the device: /system/app

Unlike the user level app installation, it is possible to install an application at the high privilege (system) area only if the device is rooted by a user.  There are two primary ways in which many malicious applications are installed on a phone’s system partition:

  • An already installed malware:
    • roots the victim’s device either by availing of an exploit or by running another application that requires root (administrative) permissions
    • downloads and installs another malware on to the system partition
  • Devices come equipped with malware as preinstalled system applications

Now, the obvious question is “Does the handset manufacturer preinstall malware or adware as part of its manufacturing process?” The answer appears to be that there are middle-men who gain monetary benefits from malware writers and adware developers by installing their malware and adware applications into custom ROM, thus replacing the stock ROM in new devices before the handsets reach end users or retailers via distributors. The notable rise in the mobile shopping increases the concern about preinstalled malware even further.

Removing a malware application installed in the user area is similar to that of uninstalling any other user-downloaded application. However, deleting a system application, malicious or not, is not seen as an easy task for an end user since it would require the device to be rooted that would typically render the device’s warranty void.

As per the Android architecture, mobile security products have the same privilege as any other user applications and therefore cannot by default modify or delete a system application. Mobile security products would protect their users from being compromised by these preinstalled malware by blocking the application from execution.

Just to re-iterate, with an enhancement in the Android boot framework to load security products or its processes at a very early stage in the boot process, even before the system applications are loaded, it is possible to stop and remove such malware/adware system apps.

Users are recommended to:

  • Purchase the handset only from reputed vendors and distributors.
  • Verify the handset package’s state to determine if the package is tampered with before purchasing or using it.
  • Verify the unique id of the device or the ROM on the handset manufacturer’s website, if possible.

Image courtesy of:

Senior Threat Researcher, K7TCL

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: