Incidents

It’s the end of your computer system as you know it … NOT

We’ve just received a report of a destructive virus that will wipe all data from the hard disk. We’re not the least bit worried though. Why? Well, it’s just a hoax.

So what is a hoax? Typically, a hoax takes the form of an e-mail message that carries a warning about the ‘imminent danger’ posed by a non-existent threat. The aim is to scare users into sending the false warning to their contacts: friends, family, colleagues. Hoaxes cause no direct harm to data. However, a user’s well-meaning action in forwarding the message gives credence to the hoax, spreads the fear, doubt and uncertainty even further and clogs up networks with increasing amounts of ‘self-inflicted spam’.

Trying to stamp out a hoax can be as difficult as putting out a forest fire: ‘successful’ hoaxes often come back again and again, like recurrent bouts of malaria. To make matters worse, sometimes a real threat will model itself on the ‘look-and-feel’ of a previous hoax.

So how do you decide if something’s a hoax or not? Here are some general guidelines.

  • Don’t simply forward such an e-mail message without checking first to see if it’s a hoax.
  • If it didn’t come from a security vendor’s news or alert service, check out the hoax sections of specialist security web sites.
  • If in doubt, check with your anti-virus vendor, or send it to ‘newvirus@kaspersky.com’ for analysis.
  • Never click on attachments in e-mails that come from an unknown source.

It’s the end of your computer system as you know it … NOT

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox