Skip to main content

Student surprise: Malware masked as textbooks and essays

Student surprise: Malware masked as textbooks and essays

By- Kaspersky
Malware can masquerade not only as games and TV shows, but also as educational materials. We help you understand what this malware is and how to avoid being infected.

It is far too easy to pick up nasty stuff when you try to download popular TV shows or game cheats. However, cybercriminals do not limit themselves to tainting entertainment; you can also stumble upon a virus when looking for work- or study-related materials. This is particularly important to keep in mind as the academic year starts, because the cost of textbooks and other materials for K–12 and college students often leads to many looking for more affordable and free alternatives online.

Download an essay, get some malware thrown in

Wanting to find out how frequently malicious content is encountered among materials that are posted for free access, we checked how many infections Kaspersky solutions identified in files with school- and student-related filenames. This exercise yielded quite a few results!

As it turns out, over the past academic year, cybercriminals targeting the field of education tried to attack our users more than 356,000 times. Of these, 233,000 cases involved malicious essays downloaded to computers owned by more than 74,000 people. Our solutions blocked them, of course.

About another third of the files were textbooks. We detected 122,000 attacks by malware disguised as textbooks. More than 30,000 users tried to open those files.

English textbooks were the most common malware hiding place K–12 students encountered, with 2,080 attempted downloads. Math textbooks were the next most common, nearly infecting the computers of 1,213 students. Literature closes out the top three most dangerous subjects, with 870 potential victims in our study group.

Criminals also targeted less-popular subjects. We have come across malware masquerading as textbooks in the natural sciences (18 users tried to download these) and in less commonly taught foreign languages at both the K-12 and college levels.

Which types of malware are disguised as textbooks and essays?

If in your search for study materials you find yourself on an unscrupulous website and try to download something, you risk encountering just about any type of malware. However, certain types of threats are distributed in this way more than others. Here are the four malware types most frequently distributed as study materials.

4th place: MediaGet torrent application downloader

Sites peppered with enticing Free Download buttons often foist the MediaGet downloader on users instead of the files they were looking for. The downloader is the most innocuous of the nasty surprises that await students who are searching for educational resources. This downloader will retrieve a torrent client that the user does not need.

3rd place: WinLNK.Agent.gen downloader

Hiding malware inside ZIP or RAR archives is a popular technique that makes the threats harder to detect. Such is the case with the WinLNK.Agent.gen downloader. The archive contains a shortcut to a text file, which not only opens the document itself, but also launches the attached malware components.

They, in turn, can download more malware to the device. Typically, the additional downloads are malicious cryptomining programs that mine cryptocurrency for their owners. As a result, the computer and Internet connection speed will suffer, and the victim’s electricity bill may go up. Adware could also flood the computer with ads. In addition, this malware can download more dangerous programs.

2nd place: Win32.Agent.ifdx malware downloader

Another downloader often disguised as a textbook or an essay is called Win32.Agent.ifdx. Although it appears to be a DOC, DOCX, or PDF document, with the corresponding icon, it is in fact a program. Moreover, when it is launched it also opens a text file so that the victim does not realize anything suspicious is going on. However, its main task is to download all sorts of bad things onto the victim’s computer.

Recently, this type of malware has shown a tendency to download various cryptominers. It is worth remembering that the priorities of malware distributors can change. Nothing prevents them from modifying the malware to download spyware, banking Trojans that steal data from cards and accounts at online banks and stores, or even ransomware instead of cryptocurrency miners.

1st place: School spamming using the Stalk worm

Spammers also distribute malicious textbooks and essays. Spam is the preferred means by which Worm.Win32 Stalk.a is spread, for example. This worm has been around for quite a while, and we thought that it had fallen out of use. To our surprise, not only is it still being used, but it is also the “educational” malware with the greatest number of victims.

Once on a computer, Stalk penetrates all devices that are connected to it. For example, it can infect other computers on the local network or a USB flash drive containing the educational materials. This is a very insidious step, because then, if the recipient prints the essay using school or university resources from a flash drive, the worm will make its way onto the institution’s network.

There’s more. To infect as many systems as possible, Stalk tries to e-mail itself to the victim’s contacts. With the messages coming from the victim’s account, fellow students and classmates are likely to open the attached malicious application.

Stalk is dangerous not only because of its ability to spread itself over a local network and by e-mail, but also because it can download other malicious applications to the infected device, and copy and send files from victims’ computers to the malware owners.

The Stalk worm is still able to thrive largely because educational institutions in general, and their printer systems in particular, often use hopelessly outdated versions of operating systems and other software. This allows the worm to continue to spread.

How to protect yourself from malicious fake textbooks and essays

You can stay safe and avoid the problem entirely by finding textbooks in physical or online libraries, but general safe downloading advice applies for avoiding infection:

  • Pay careful attention to what type of site is hosting the textbook you want to download. Do not visit dubious resources that are full of flashing Download buttons or that require you to install a downloader first.
  • Do not use outdated versions of operating systems and other software. Make sure that you install any software updates in a timely fashion.
  • Be critical of e-mail attachments, including ones that are sent from acquaintances. If a friend suddenly sends you an essay that you did not ask for, that is reason for suspicion.
  • Pay attention to the extensions of the files that you are downloading. If you downloaded an EXE file instead of a document, do not open it.
  • Use a reliable computer security solution. For example, Kaspersky Internet Security recognizes and blocks not only the threats described in this post, but also many others.

Labels:

Comments

Post a Comment

Popular posts from this blog

How to secure PayPal

How to secure PayPal By- Aarti Jatan Your online finances need proper protection. Learn how to secure your PayPal account. With hundreds of millions of users around the world, PayPal has long been an international leader in the electronic payments industry. But as we know, money never fails to attract fraud, especially now, with as much of life as possible taking place online. Here is what you need to do to stay safe when sending or receiving money through PayPal. How secure is PayPal? As a matter of fact, PayPal is quite a reliable platform that maintains a high level of security — and keeps improving it. Thus, the company has an official program deploying white hat hackers to unearth vulnerabilities (the so-called bug bounty), under which it has already paid out almost $4 million since 2018. The program also covers several other services owned by PayPal, such as Venmo. PayPal also treats its users’ data responsibly: It did have one reliably reported leak, in 2017, but the leak invol
Post a Comment
Read more

10 tips for Zoom security and privacy

10 tips for Zoom security and privacy By- Aarti Jatan Gain full control over your Zoom video conferences, family gatherings, and online bar crawls . With social distancing and quarantine measures implemented around the globe, people quickly started searching for effective means of communicating with each other. With its reported ease of use and attractive pricing, Zoom quickly rose in popularity — and people quickly figured out that Zoom’s developers weren’t fully prepared for the level of scrutiny it would receive. With so much use, Zoom’s flaws came rapidly to light. The company handled the tremendous increase of workload seamlessly and quickly reacted to security researchers’ discoveries. However, just like with each and every service, code updates will not address every complaint, but some issues are very much worth keeping in mind. So, here we offer 10 security and privacy tips for Zoom users. 1. Protect your account A Zoom account is just another account, and in setting yours up,
Post a Comment
Read more