The most powerful and serious threat to computer users is virus attacks. They make important work with data and documents difficult. For every computer user, knowledge of software and services is required that can help protect devices from attacks. All possible measures must be taken so that computer systems are protected. The main sources of virus attacks are listed below.
Downloadable Programs
One of the possible sources of virus attacks are programs downloaded from the Internet. Unreliable sources and online newsgroups are one of the main sources of malware. Downloadable files are among the best distributors of the virus. Any type of executable program, including games, free applications, add-ons for the screen, as well as executable files, is one of the main sources of computer virus attacks. Such data with the extension “.com”, “.exe” and “coolgame.exe” also contains malicious scripts. Therefore, in all cases when you want to download programs from the Internet, you must scan each of them before starting.
Cracked software
Cracks are another source of viral attacks. Most people who download hacked and pirated versions of software online do not know that they may contain viruses. Such file forms contain malicious scripts and errors that are difficult to detect and also remove. Therefore, always the preferred option is to download software from an appropriate source.
Email Attachments
They are also one of the popular sources of computer virus attacks. Therefore, you should be very careful with email attachments, especially if the message comes from an unknown sender. Installing a good antivirus is a must if you want to eliminate this risk. You need to scan your email, even if it comes from a friend. There is a possibility that another user may have an unknowingly redirected virus along with the email application.
Internet is the best source of virus attacks 2017
The fact that the Internet is one of the most common sources of viruses, especially these days, cannot be denied. This fact is not a surprise, and, of course, it makes no sense to stop access to the Internet from now on. Most computer users do not know when viruses attack computer systems. Almost every user clicks on links and downloads everything that the browser offers, and, therefore, unconsciously allows for the possibility of virus attacks.
Download from unknown media
One of the other common sources of virus attacks is an unknown drive or flash drive. Most computer users believe that one of the most common ways to infect a virus is through removable storage media. It is recommended that you remove the drive or flash drive when the computer system is not working. If you do not remove the media after turning off the device, it may automatically start booting from it.
This can increase the ability to install, as well as launch files / programs on a particular computer system. In addition to the aforementioned sources, file-sharing networks (for example, Bearshare, Kazaa and Limewire) are also sometimes sources of virus attacks. Therefore, you must delete the downloaded files from the aforementioned data exchange networks in order to exclude the possibility of virus infection.
New virus attack
Many organizations in Europe and the United States have suffered from a virus attack related to extortion. This was due to the action of the virus, known as "Petya." Malicious programs spread through large companies, including the WPP advertiser, the food company Mondelez, the law firm DLA Piper and the Danish shipping and transport company Maersk, which led to the blocking of data from the PC and the subsequent ransom demand.
This is the second major global extortion attack of 2017. In early May, the National Health Service of Great Britain (NHS) was the first among organizations infected with the WannaCry virus to exploit the vulnerability of the system. As it became known later, it was released on the Internet in April by a group of hackers calling themselves “Shadow brokers”.
The WannaCry attack affected more than 230,000 computers in more than 150 countries, including the NHS, the Spanish telephone company Telefónica, and German state railways. Like WannaCry, Petya is rapidly spreading across networks using Microsoft Windows, but what is it and how can it be stopped?
How it works?
A virus attack on June 27, 2017 of the Ransomware type was carried out in many countries, including Russia. This is a type of malware that blocks access to a computer or its data and requires money to restore access to them.
When a computer is infected, Ransomware encrypts important documents and files, and then requires a ransom, usually in bitcoins, to obtain the digital key needed to unlock files. If the victims do not have a recent backup of the files, they must either pay the ransom or lose all their data.
How does the Petia recession work?
An infected device blocks computers on the network and requires $ 300 paid in bitcoins. The malware spreads quickly after infection using the EternalBlue vulnerability in Windows (Microsoft has released the fix, but not all installed it) or with two OS administration tools. The virus tries to use one parameter, and if it does not work, it tries to perform the following. Moreover, he has a better mechanism for distribution than WannaCry, as experts noted.
Is there any protection?
Most large antivirus software companies claim that their software has been updated and is now able to actively detect and protect against Petya virus infections. For example, product manufacturers Symantec and Kaspersky reported that their security software can now detect malware.
In addition, updating Windows and keeping the OS up to date also stops one of the main methods of infection, and also protects against future attacks with different payloads.
Another line of defense was discovered against this particular malware attack: Petya scans read-only files, C: \ Windows \ perfc.dat, and if he finds it, he will not launch the software encryption side. But this “vaccine” does not really prevent infection, and the malware will still use its fulcrum on your PC to try and spread to others on the same network.
Why is it called "Petya"?
Strictly speaking, a new virus is not exactly what is known to experts as "Petya." This malware seems to have a significant amount of code that has many similarities to the old virus, which was really called Petya. But a few hours after the start of the attacks, the researchers noticed that this was only a superficial resemblance. Researchers from Kaspersky Lab after a virus attack in Russia refused to call this malware by that name, and as a result, similar variants of the name began to spread - Petna, Pneytna, etc. In addition, other researchers who independently noticed the malware gave it other names: the Romanian Bitdefender named him Goldeneye, for example.
How did it start?
It seems that the attack was carried out using a software update mechanism built into the accounting program, which, according to the Ukrainian cyber police, should be used by companies working with the Ukrainian government. This explains why so many Ukrainian organizations have suffered, including the government, banks, state-owned energy companies, and Kiev airport and the metro system. The radiation monitoring system in Chernobyl was also disconnected from the network, forcing employees to use hand-held meters to measure radiation levels in the exclusion zone of nuclear power plants. The second wave of infections was caused by a phishing campaign with malicious applications.
How far has it spread?
The new version of Petit caused serious disruptions in the work of large companies in Europe and the USA, including the advertising company WPP, the French construction company Saint-Gobain, and Russian steel and oil companies. In particular, there was a massive virus attack on Rosneft and Evraz. Food company Mondelez, law firm DLA Piper, Danish shipping and transport company AP Moller-Maersk and Heritage Valley Health System, which operates in hospitals and care facilities in Pittsburgh, also said that their systems were affected by malware.
Unlike WannaCry, this version of “Petit” is trying to spread within networks, but does not appear externally. This may limit the ultimate spread of malware, which seems to have slowed the decline in new infections overnight.