I want total information about modern screensaver cyberattack
From virtual bank heists to semi-open attacks from nation-states, the last couple of years has been rough on IT security. Here are some of the major recent cyber attacks and what we can learn from them.
a cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. Cyber attacks can be broken down into two broad types: attacks where the goal is to disable the target computer or knock it offline, or attacks where the goal is to get access to the target computer's data and perhaps gain admin privileges on it.
Without further ado, here are some of the most notable cyber attacks in recent history and what we can learn from them:
Screensaver Attacks
A new Trojan horse program sent by a hacker over the Internet via an email spam format as a screensaver could allow PCs to be accessed by unauthorized users.
BackDoor-G Trojan horse is considered a potentially dangerous new Trojan horse program that could allow hackers to remotely access and control infected PCs over the Internet, according to network security and management software maker Network Associates.
BackDoor-G affects Windows-based PCs. When executed, BackDoor-G turns a user's system into a client system for a hacker, giving virtually unlimited remote access to the system over the Internet. The Trojan also is virtually undetectable by the user, although it has been reported as spreading as a screensaver and an update to a computer game.
The program is the latest in a string of new hybrid security threats that blur the line between viruses, security exploits, and malicious code attacks, the company said.
BackDoor-G is difficult to detect because it is able to change its filename and therefore hide from some traditional virus eradication methods such as simply deleting suspicious files.
Though BackDoor-G is not technically a virus, Network Associates advises PC users to request an update for both their antivirus and intrusion-detection software from their system administrators.
Prevention
The following screensaver settings are stored in the Registry (HKCU\Control Panel\Desktop\) and could be manipulated to achieve persistence:
SCRNSAVE.exe - set to malicious PE path
ScreenSaveActive - set to '1' to enable the screensaver
ScreenSaverIsSecure - set to '0' to not require a password to unlock
ScreenSaveTimeout - sets user inactivity timeout before screensaver is executed
Adversaries can use screensaver settings to maintain persistence by setting the screensaver to run malware after a certain timeframe of user inactivity.
Detection- Monitor process execution and command-line parameters of .scr files. Monitor changes to screensaver configuration changes in the Registry that may not correlate with typical user behavior.
Tools such as Sysinternals Autoruns can be used to detect changes to the screensaver binary path in the Registry. Suspicious paths and PE files may indicate outliers among legitimate screensavers in a network and should be investigated.
Get Answers For Free
Most questions answered within 1 hours.