If you are an avid internet user, you must be aware of the security risks involved with cyber attacks. More often than not, there are spywares, viruses and Trojans on the look-out for any loopholes to get your confidential details. In efforts to banish malicious activities, researchers at Quick Heal Technologies found a spyware named Golroted that has been targeting small and medium businesses for their financial and confidential credentials.
After a detailed analysis of Golroted since November 2014, first time the Trojan came to light, Quick Heal was able to draw some insightful clues on the mechanism. Golroted attacks are found primarily in South-East Asia and Middle East. India topped the list of infected users with 33% share, according to a company's press release on the matter. Other nations such as Indonesia and Thailand followed the lead with 31% and 9%, respectively.
Despite several security measures in place, these malwares crack open the security of your computers and get their hands on sensitive material. Quick Heal's most important precautionary advice is to avoid saving passwords on the browser using "Remember Password" while signing into your bank, email and social networking accounts.
According to Quick Heal's analysis, "the cybercriminal gang behind this malware is running several spam campaigns that send spear phishing emails with attachments that contain either exploited Microsoft documents or zip files containing possible keyloggers. Once a user opens a malicious attachment, the keylogger collects sensitive information from the machine and sends it to a preconfigured server. It does this by uploading the data to a FTP server or by sending the data back as email attachments."
This means, users must ensure they reply or download content only from trusted senders. The malware can get into your computer, take screenshots of all your online activities and capture passwords to different accounts ranging from Gmail to Facebook and even PayTm and PayPal.
To get a better understanding of the risks involved with Golroted, we interviewed Quick Heal and here are the excerpts:
IBTimes India: Is Golroted Trojan targeting just the small and medium businesses? What about personal users?
Quick Heal: The Golroted malware is designed to target not just small and medium businesses, but home users as well. Since the malware uses the 'Save Password' feature which is present in all web browsers, its mechanism can extend to anyone who uses the Internet and logs in to their accounts. However, malicious parties have used it to target business entities more often since the payoff there is higher and the security protocols in place are fewer.
IBTimes India: What are the precautionary measures to prevent an attack from Golroted besides refraining from using "Remember Password"?
QH: The first precautionary measure is to make use of a Password Manager. These are reliable and secure services that store all user passwords in a systematic and encrypted format. They also make it easier for users to manage the passwords of their multiple accounts with ease. An average user has around 27 passwords to remember so this is a highly useful tool. Secondly, all programs on the system should be updated regularly. When a security hole is discovered by the software, a patch is released so as to safeguard users against malicious attacks. These updates should actively be discovered and applied by users. Moreover, even the OS and the security software should be updated as often as possible. For enterprises, effective firewall security and web security can also play a crucial role.
IBTimes India: Since Quick Heal researchers were able to crack the encryption of the malware, is there a security scan that S&M businesses can run to prevent the attack or even heal their infected machines?
QH: Once Quick Heal has detected and analysed a security hole such as Golroted, the worldwide virus database is updated with this detection. All a user has to do is ensure that the latest virus databases are updated from the Quick Heal product dashboard. If the malware is discovered on a system, Quick Heal subsequently detects it and removes it from the system.