SystemsNet Blog

Tag Archives: malware

Kovter Strikes Computers Everywhere

Removing Trojan Kovter Malware

Are you prepared for when disaster strikes

Every year, there are high-impact viruses that plague individuals and businesses alike. One of the newest that has wreaked havoc on the world of IT is known as Kovter. It’s affecting a number of computers and there are a lot of people that have been impacted by its destruction.

What is Kovter?

Kovter works as a Trojan. It has acted as a ransomware downloader as well as click-fraud malware. It is disseminated using malspam email attachments that contain malicious office macros. One of the ways that this fileless malware has been able to evade detection is by hiding inside of registry keys.

There has been a number of reports that indicate the Trojan infections receive updated instructions from a command and control infrastructure that serves as a remote access back door. When this happens, the hackers will have an access point into your computer or server.

Kovter showed up several years ago and continues to be the biggest threat throughout 2018. Part of this is because it has evolved significantly. It may use code injection as a way of infecting the target and will steal information so that it goes back to the command and control servers.

How to Look for Kovter

Kovter is really good at hiding itself. It generally infects a computer using an attachment that comes over as a micro-based spam. Once the attachment is opened, it will install on the computer and hide within the registry entries. Most of the attachments are compromised Microsoft office files.

Since it is fileless, it can be difficult to detect. However, you want to make sure that your organization is aware of how to protect against email threats. Use various anti-spam filters so that malicious emails can be blocked before reaching the endpoint user. You also want to make sure that security updates are applied as soon as possible.

Who Has Been Affected?

A number of people throughout the UK, US, Canada, and Australia have been affected by the Trojan. Many people found the virus through a malvertising campaign or Traffic Junky. People were sent to a pop-up that told them they needed to install an update to their browser. By doing so, they unknowingly downloaded Kovter to their computer.

It’s unclear as to how many computers have actually been affected – though the number is easily into the tens of thousands since one version or another has been around since as early as 2011.

What You Can Do

You need to be sure that you have a high level of security within your business. You want to make sure that you are protecting your servers and workstations so that they stay free of viruses and Trojans. Otherwise, malware can render your computer absolutely useless or result in important data being lost or stolen.

Webroot Antivirus is a 20-time winner from PCMag. It provides you with the antivirus protection on all of your devices so that you can enjoy a greater level of peace of mind. You get advanced threat protection and the security is always on. You can stop ransomware and enjoy real-time blocks on harmful sites. This way, no matter how much you teach your employees not to go to specific sites, you can ensure that dangerous sites are blocked to avoid various problems. Additionally, based on the antivirus protection that you choose, you will also be able to monitor your firewall and network connection and secure various smartphones and tablets that are used by your employees.

Learn more about Webroot Antivirus and how it can protect your servers and workstations by contacting SystemsNet today. Our various packages will monitor your systems and help you with all of the various components of your IT infrastructure. As geeks, we work hard to help you protect your systems

3 Reasons Why Your Malware Needs Active Management

Business man downloading an anti-malware program or antivirus software

Are your servers and workstations protected?

Everyone knows the importance of installing malware and virus protection. Whenever you get a new laptop or device, a quick click to your preferred vendor is usually one of the first steps you have the computer connections to the Internet. But knowing how the programs work is almost as important as knowing how important they are.

How do malware programs work?

Most anti-malware programs compare downloads and new programs against a list of known malware signatures. In other words, they compare incoming data and code against recognizable bits of malware. If it finds a match, the new download is either blocked entirely or is more closely scrutinized.

Other types of antivirus and anti-malware tools investigate potential threats in different ways. They might test out suspect downloads in a closed environment, or a ‘sandbox,’ to see how it behaves. Some smart programs look at how downloads behave before weighing in. So most malware protections don’t just scan initial downloads and new activity. They also monitor your computer as a whole for new or suspicious behavior.

What do patches and new updates provide?

Malware is getting smarter and stronger all the time. Your tools need to update ahead of that curve to provide continuous security to your system. A lot of upgrades are centered around the program’s database of known threats. As the service provider and cybersecurity institutions identify new threats, they add them to the database. But if you don’t install the new patch or ignore the update alert, that new information is never added to your computer.

Updates can also improve control over the sandbox environment or add new warning signs for behavioral anti-malware programs to investigate. Basically, if your anti-malware was downloaded a year ago and never updated, it won’t know what to do against new threats. Virus creators and malicious actors know that people tend to be a bit lax on their updates, so they tend to focus on malware that doesn’t display any of the old warning signs.

Why should you leave the update schedule in the hands of your IT service?

Leaving update schedules up to your employees is bad for business. The same people who leave their computer in sleep mode instead of shutting it down for new updates also won’t update the software. Here are three reasons why leaving it in the hands of an administrator, especially a third-party administrator, is better:

1. You know that everyone’s device is up-to-date.

Some of your employees will update their anti-malware software as soon as they get the alert. Others might shut down their computer regularly enough that the system updates without their knowledge. But other updates might linger for days or weeks before they’re implemented.

When your company uses mobile devices that aren’t always on your network, it’s easier for unsecured devices to pick up a bug and bring it into the office. But, when control of the update schedule is centralized, you don’t have to worry about delays.

Centralized control also brings a stronger guarantee: you know that everyone is using the same program. BYOD policies and laptops that have been used by the same employees for years could have a random scattering of different antivirus programs, all with different levels of quality and privacy. But your IT service will both provide a program and ensure its updates.

2. You get a report so you can verify that your company is in compliance.

You don’t just want to know that everyone’s computer is updated. Depending on your industry, you might need regular proof of when updates happened and what types of updates they were. Regulatory agencies are getting more and more strict about data leaks, and professionals will give you records and receipts for your paper trail.

3. Internal emergencies won’t cause delays.

Even if you hand over anti-malware updates to a systems administrator in your office, there could still be delays. A website outage, a late product delivery, or even downsizing could get in the way of the schedule. But when you use a third-party IT service, the update schedule is preset and one of their business priorities.

If you want to make sure your anti-malware software is strong both now and in the future, browse our services to find the right package for your business.

Protect Your Systems In 2018

Six Steps to Make Your Company Ransomware Proof (Part 2)