Malware targets manufacturers

Manufacturing is one of the sectors targeted by a new malware variant that is not only able to steal passwords and other sensitive information, but is also capable of infecting files, researchers said.

02/02/2015


Ursnif is the malware used by bad guys to steal passwords and other sensitive information from infected devices, but its variant detected as PE_URSNIF.A-O, is also capable of infecting files, said researchers at Trend Micro.

The United States and the United Kingdom account for 39.35% and 35.51%, respectively, of infections. Researchers also found the malware on computers in Canada (19%) and Turkey (1.92%). Education, financial, and manufacturing are among the sectors impacted by the threat, which ends up distributed via spam messages and Trojan downloaders.

The Ursnif variant analyzed by Trend Micro infects .PDF, .MSI and .EXE files found on removable and network drives. Unlike other similar pieces of malware, which insert malicious code into host files, PE_URSNIF.A-O embeds the host file into its resource section. When one of the infected files ends up executed by the victim, the malware drops the original file and opens it in an effort to avoid raising any suspicion.

Another anti-detection technique leveraged by Ursnif involves sleeping for 30 minutes before starting the infection routine. This helps the threat evade sandboxes, which usually monitor suspicious files for only up to five minutes to see how they behave.

"The fact that a family known for spyware now includes file infectors shows that cybercriminals are not above tweaking established malware to expand its routines," Trend Micro threat response engineer, RonJay Caragay, said in a blog. "The expansion into file infection can also be seen as a strategic one. A different file infector type (e.g., appending) requires a different detection for security solutions; not all solution may have this detection."

IT administrators can protect their networks against such threats by paying attention to the way network shares end up configured. This includes ensuring that computers don't have full access to the network, and configuring network access to read-only.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on the ISSSource website. ISSSource is a CFE Media content partner. Edited by Joy Chang, Digital Project Manager, Control Engineering, jchang(at)cfemedia.com 



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me