Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Another major sophisticated attack threatens organizations worldwide. The RARSTONE RAT is once again aimed at stealing valuable personal data. Security experts suggest a strong Aisa VPN to protect users against computer breach. Many in Malaysia, Singapore, Vietnam, India, and other Asian regions have already been victimized.
A RAT, or remote access tool, is software used by hackers to gain access to a computer system. RATs allow the hacker to control the computer remotely. Additional software is usually downloaded by the hacker to perform other tasks like log keystrokes to steal passwords. Once the RAT gets in, the hacker can log on, gain shell control, manipulate files, edit the registry, and more. RAT Trojans can also stop antivirus programs and disable firewalls.
Trend Micro is the global Internet security leader that has been helping many companies with their data security. They are on the case, and have revealed much about the attacks. This new attack campaign is more advanced than other RAT attacks. It uses clever techniques to hide itself from detection. Organizations across The Asian continent are targeted, and their clients’ data at risk. The hackers infect computers with the virus by luring them to content relating to news about the region. The virus has no specific targets. This leads security experts to conclude that the goal of the attacks is consumer data. Governments, the media, and various businesses and organizations across Asia have been hit.
The malicious program exploits a Windows Common Control vulnerability, CVE-2012-0158. This vulnerability was previously exploited last month by a suspected Chinese underground attack called “Safe”. BKDR_ RARSTONE RAT was unearthed in February. Hackers used news of the well-publicized Boston Marathon bombing to attract their victims. Once a user accesses the malicious file, the system is infected with the BKDR_RARSTONE RAT. TrendMicro analyst Maharlito Aquino reported that RARSTONE uses numerous methods to dodge any attempt to find it. The Rat’s backdoor component is loaded from the hacker’s command and control server. It is loaded directly into the computer’s memory to avoid detection by standard file scanners. This makes the infection difficult to find and clean out.
RARSTONE can do everything that other backdoor malware can do. It has full access to the system and can obtain file and directory lists, run or stop programs, download and upload files, and even updates itself. It is a virtual spy in a computer system capable of accessing and transferring data with little chance of being noticed. It is the ultimate tool for identity thieves and financial fraudsters. Aquino also explained that RARSTONE is different from other known RATs. RARSTONE can access installer properties from Uninstall Registry Keys to learn what applications are installed on the computer. It can then also learn how to uninstall them if and when they are a threat. RARSTONE also uses SSL security to encrypt communications with the command and control server. This way it avoids discovery by securing the data transfer and appearing as normal traffic. The hackers also used dynamic DNS and privacy protection tools to make the attacks harder to identify.
Asia VPN Defense against RARSTONE
TrendMicro again strongly advises organizations and users to check their internet security settings. Security experts also recommended using additional tools to secure computer data. Controlling traffic and monitoring file integrity is no longer enough. Identifying suspicious traffic is only half the battle. Additional tools need to be used to prevent breaches. Monitoring firewalls and updating anti-virus programs will not work well against RARSTONE as it can bypass and shut down these features. Internet traffic security is needed to prevent RARSTONE from accessing the system. One recommended tool is using a secure VPN to block all unauthorized traffic and encrypt all data stored in and transmitted by the system.An Asia VPN is a good defense against RARSTONE attacks in the region. The Asia VPN will provide users with alternate IP addresses. This will make them appear to be outside the target area. An Asia VPN server can also block potential security risks. All data passes through a secure Asia VPN tunnel that hides it from anyone snooping on Internet channels. In addition to superior data encryption and traffic encryption, this makes for the best Internet security. Asia VPNs are widely available to both businesses and individual users. It’s a fast, affordable, and efficient way to beat infection.