On January 29, technicians at the Qianxin Virus Response Center and Qi’anxin CERT found several attacks using hot words related to the outbreak of new coronavirus pneumonia. They monitored that some hacker organizations are manufacturing and spreading a series of computer versions of the virus, these viruses are with “coronavirus” “epidemic” “Wuhan” and other popular words, can lead to computer sound eavesdropping, files stolen, some versions of the virus will also delete the operating system core files caused to fail to boot. At present, the series of viruses is spreading quietly through social networks, wanton spread.
The three typical “new coronaviruses” are as follows:
“New Crown Virus” One: Remote Control Stealing Files
Cybersecurity engineers analysis found that the series of a hacker organization named “coronavirus” computer virus, released and launched the formal commercial remote control software TeamViewer, so avoid the vast majority of anti-virus software on the market. By obtaining the window’s account number and password, sent to the hacker server, so as to achieve the purpose of remote control.
The virus completely inherits TeamViewer’s powerful remote control capabilities, can break through most firewalls to the internal network, can quietly control the keyboard, mouse, monitor computer screens, eavesdrop on computer sounds, watch videos and send any files on the computer, and even remote switching machines.
“coronaviruses” II: Delete Files Computer Brick
In addition to conventional cyberattacks, some of the viruses in the series can carry out even worse attacks. For example, a virus is called “coronavirus.” exe” executable file, after starting it will delete all registries, as well as C, D disk files, which will cause the computer can not be turned on, important data loss.
“coronaviruses” iii: black production endless change
“In addition, samples of the use of new crown pneumonia as bait have also been found in the black-and-made gang we monitor, ” said Wang Lijun, head of the Qi’anxin Threat Intelligence Center, which was also involved in the attack. It has been analyzed that similar attacks have been used in attacks using the naked loan photo virus.
Creating “bait” through hot events and popular words and launching attacks is a common tactic used by hacker groups. QiAnxin CERT security team in monitoring found that the social network has become the main channel of transmission of the virus, the black gang will be disguised as “coronavirus” “escape from Wuhan” “double prevention mechanism” “new coronavirus prevention notice” and other bait words, the use of people’s high attention, desire to obtain relevant information psychology, Induce computer users to download and turn it on.
Wang Lijun pointed out that this Spring Festival holiday, in order to prevent and control the spread of the epidemic, all over the country have taken to discourage the public travel, visits, parties, tourism and other activities that easily lead to crowd gathering, the vast majority of people stay at home for a long time, directly triggering the use of mobile phones, computers greatly increased, mail, social media or will continue to become a high-frequency attack route. Wang Lijun suggested that, for the user’s safety, received with high-frequency vocabulary exe, csr and other executable files, unknown sources with macro docx, rtf, doc and other documents, zip rar and other formats of the compression package embedded in the unknown files, do not double-click to start.