Many of you may be already aware of the software FinFisher. To recapitulate FinFisher is the new face of global electronic spying, e-surveillance and eavesdropping. Due to its global use as a Spyware it no more falls in the category of normal software but a malware to defeat human rights protection in cyberspace.
Now what FinFisher has to do with the present topic? FinFisher is installed after the target accepts installation of a fake update to commonly used software. This may include fake anti virus updates as well. In fact, FinFisher or any other malware can also be installed by sending e-mails to the targets and getting them click the malware ridden weblinks or downloading the infected documents.
The cyber attacks on South Korea were caused by a malware that wiped the hard drives of infected computers and prevented them from booting up upon restart. According to the reports the crackers broke into the servers of the local anti-virus company and planted malware, which was then distributed as an update patch.
The crackers had earlier stole administrator login information from security vendors’ patch management server. With the login information, the crackers created malware on the patch management server that passed itself as a normal signature update file. This fake update file subsequently infected a large number of PCs all at once, deleting a Master Boot Record on each PC to prevent it from booting up normally.
This episode has also shown that anti virus updates can act as a potential tool to install malware, steal information and launch cyber warfare attacks.