Home > Our Products > Cross Platform Spyware Affecting VMs and Smartphones

Cross Platform Spyware Affecting VMs and Smartphones

When the earliest virus programs came to light, there was a very easy way of classifying them. That would be based on the operating system that they can affect. Although this was a very rudimentary classification of the software, it proved to be very helpful for developing anti-virus programs. The potentially dangerous software would be scanned based on their target nodes and then the counter measures would be activated. The virus database that software employed would be more specific. Recently, a new spyware that will download the virus file from the internet depending on the operating system that it is targeting has been detected.

‘Crisis’ and ‘Morcut’ Will Initially Be In the Form of a Trojan

Researchers have detected these new viruses and have named them ‘Crisis’ and ‘Morcut’. Initially, they would be Trojans before they reach the hosts. A Trojan is malicious software that will remain inactive till it reaches the intended destination. Once it does, it manifests itself into the potentially dangerous software that it was intended to be. To ensure effectiveness, these two spywares download the malicious code directly from the internet once they plant themselves on the destination. This is not only ingenious but also makes sure that they are not overly scrutinized by the virus protection software. That will ensure that the chances of them going in undetected are more.

Using a Backdoor in the System to Gain Entry

Another important facet that researchers noticed in these two spyware programs is that they make use of the vulnerabilities in the system itself to enter the operating system. Once it reaches the host, it will download and install a program that will open a backdoor in the OS. Once that is done, it will employ root kit functionality to prevent its detection. Morcut has a limited range of spying capabilities which includes key logging, reporting and file stealing. Crisis on the other hand, is more advanced and hence, more lethal.

Crisis Has a Wide Range of Functions

Once Crisis installs the backdoor program on the host, it has the capabilities to literally copy the contents of the computer and relay it over the internet. However, this is not feasible as the abnormal data transfer will be recorded by the security software and the spyware will be detected. Without drawing too much attention, Crisis will spy on Skype calls, record and relay the system log, log keystrokes and so on.

Ingenious Way of Spreading Itself

This spyware has employed one of the latest techniques to manifest itself onto other computers. The technique is called as social engineering. The users themselves are fooled by the filename and unsuspectingly download them willingly. To make matters worse, the malicious software also has a security certificate of its own, forged of course. All you have to do is to just ignore or override the security error that your computer displays. Once you override that warning, the data of your computer is at the mercy of the hackers. Recently, researchers have told that the malicious software appears by the name of AdobeFlashPlayer.jar. This looks like a harmless enough Java file but you are not aware of how lethal the code that is wrapped in that package is.

It Has Been Uploaded on Most Popular Sites

You cannot be sure of the files you download these days as these two spyware programs have found their way everywhere. They are on forums, groups, discussion boards and sites known for worry free torrents. The security software is also unable to stop this spyware once it is unpacked and installed on the computer. So be careful of the files you download, especially the ones without a digital signature and security certificate.

Categories: Our Products
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: