Computers today are a household commodity. And consequently so, is the term ‘virus’. Viruses or malicious software codes have existed for as long as there have been computers. With the rise in the widespread use of Computers and various associated accessories, there has been a marked rise in cases of hacking and phishing. Sensitive user information is comprised, leading to cyber thefts and other privacy breaches. The computer Emergency Response Team India (Cert In) has made official, the high threat from one of the most resilient viruses ever recorded, ‘Bladabindi’, and warned us against its quick spread throughout the nation.
What is Bladabindi and why is it so Dangerous?
Firstly, it is important to know what cyberspace actually means. A layman’s understanding would make cyberspace, a theoretical environment or an imaginary space, that is created by various computer systems as a central place whereby participants using such computers can communicate with one another and exchange information. If any sensitive Information gets misused, the effects can even prove to be catastrophic to such end users.
The activities of the Bladabindi virus were first noted down in early January this year. In such a short period of time, it has managed to bring all cyber security Sleuths on their toes. The Bladabindi virus is a multi identity malware that affects the Microsoft Windows Operating System. The virus once activated will copy itself to the root Windows directory under variable names and at varied locations. It adds itself up to the list of pc startup Softwares and even changes its registry entry in various logs to ensure that it starts running each time, as soon as you start up your pc.
In order to avoid its detection by various Antivirus software, the alleged virus makes use of. NET obfuscators to hide its code. It uses multiple aliases (12 recorded as of now) of its very own self to conceal its identity and can have endless number of icons to drive naive users into accidently activating the virus. It also runs net.exe to add itself up in the Windows firewall exclusion list, thereby bypassing your firewall. According to Microsoft, this virus also makes itself a critical process to prevent it from being stopped. Your system may all of a sudden crash with a stop code ‘0x000000F4’ if the malware process is interrupted. The ‘CERT in’ also enlightened us about how this virus successfully not only updates itself regularly, but also all other viruses that may be lurking in the system.
Thus, this Malware is of a very high severity and is highly resilient, meaning it’s really difficult to clean Bladabindi off from your pc. Also since it spreads via Removable Storage drives, its quick spread is almost inevitable given the high level of end user Ignorance towards PC security measures and timely Windows updates.
What all Can be Compromised?
Since the basic role of this Software is to provide backdoor administrative access to the remote Hacker, all kinds of sensitive and valuable information are put at risk, such as
1) PC Related information : Your PC name, country and serial number. Windows user name, the operating system version
2) Passwords and credit card numbers: Saved passwords across Chrome, Firefox, Opera and other browsers.
3) The malware can also use your PC camera to record, steal and upload personal Life and House activities. It can even take screenshots and store keyboard taps. So that even if one clears up the browser history, cookies and saved passwords, the Keyboard tap log will provide the hacker with his required information.
4) Accepts backdoor commands : If ordered by the hacker, the virus will even compress and encrypt the stolen data to be uploaded, connect to remote servers, download and run other malicious files , manipulate crucial System registry as per choice and have absolute Control over the system’s behavior.
Prevention and Cure
[ads]Prevention has always been considered as the best cure. And I cannot stress it enough how much pains these simple steps can save you! Always have an up to date antivirus installed in your pc. Ensure that all the Spyware and virus guard features are turned on. Always keep Windows firewall activated and be highly cautious about which softwares are to be added to the exclusion list. As a thumb rule, Keep Windows autorun functionality always disabled and whenever you borrow or lend a friend’s pen drive or HDD, be sure to rescan them for any viruses that may have latched themselves on to your storage device In the process.
” It’s also recommended users should not follow unsolicited web links or attachments in email messages, do not visit un-trusted websites, use strong passwords and also enable password policies, enable firewall at both the desktop and gateway level, guard against social engineering attacks and limit user privileges” – CERT India
[ads]But even if you are unsuccessful in taking enough precautions and you find your pc already affected by this virus. All is not lost. You must first scan your entire pc, remove all threats, and then clean wipe your entire PC from the boot screen essentially. Saving data to removable drives is not recommended. Online storage options like Email clients and Dropbox facilities can be used, since they have inbuilt virus filters and will keep your data safe. Once the clean wipe procedure is completed, download an anti virus and rescan the system for any variants or left overs The Bladabindi might have left behind. If you might have experienced a fraud or loss, you can even report to Microsoft about the issue and seek their help.
Just the way there is no real ‘World Government’ there is no central Institute that can monitor and control the cyberspace as a whole. Yet there are pre defined rules and regulations enacted, called cyberethics. Those who offend such ethics are several punished, if the need despairs. Privacy is a born human right. But along with the government, at a micro level, we ourselves must be highly aware and conscious Using Cyberspace!