Student textbooks malware threat
6th September 2019
Kaspersky’s blog is warning students who are about to go back after the summer holidays to beware of the risk of malware that’s masked as textbooks and essays online.
According to Kaspersky, K-12 and college students who may want to save money on textbooks by seeking online essays and study materials may end up unwittingly downloading malware instead.
A study by the security company of school and student-related filenames over the past academic year has revealed that out of 356,000 attempted attacks on Kaspersky users, 233,000 cases involved malicious essays that were downloaded to computers owned by more than 74,000 people (which the company claims its software blocked).
Kaspersky’s figures indicate that 122,000 of those attacks were by malware disguised as textbooks which more than 30,000 users tried to open.
Targeted popular and less popular subjects
The study revealed that cyber criminals haven’t just been focusing on popular subjects for attacks. For example, even though English textbooks hiding malware had 2,080 attempted downloads and maths textbooks hiding malware had 1,213 downloads, malicious textbooks for natural sciences also manage to fool 18 users.
The four most popular types of malware
Kaspersky lists the four most popular types of malware attacks disguised as online study materials as:
1. School spamming using the Stalk worm
This has claimed the greatest number of victims and is the preferred method by which the Worm.Win32 Stalk.a worm is spread. Once downloaded to a school computer Stalk penetrates all devices that are connected to it, will infect USB sticks used by students, will spread across the whole network, can spread to the email contacts of students, and can download other malicious applications to the infected device.
2. Win32.Agent.ifdx malware downloader
This downloader program is disguised as textbooks or essays in DOC, DOCX or PDF formats. Once launched it opens a text file so that the victim does not realise that anything suspicious is going on, but it is designed to download many other bad things onto the victim’s computer which can be modified to become cryptominers, banking trojans (to steal bank details) and ransomware.
3. The WinLNK.Agent.gen downloader
WinLNK.Agent.gen downloader is hidden in archives e.g. zip or rar files and uses a shortcut to a text file to open the document itself and launch the attached malware components. This can result in cryptominers, adware and more damaging programs being loaded onto and slowing down the victim’s computer.
4. The MediaGet torrent application downloader
This is disguised by ‘Free Download’ buttons and will download a torrent client that the user does not need.
What does this mean for your business?
Colleges and schools are known to be popular targets for cybercriminals because they have large numbers of users spread across many different departments, and sometimes across different facilities, making admin and IT security very complicated. Also, valuable intellectual property, student and staff personal data and the chance to use the processing power of many computers within their systems can make schools and colleges tempting targets for cyber criminals.
Part of the prevention of the kinds of attacks identified by Kaspersky can be achieved by educating students (and staff) about threats and how to spot them and deal with them, as well as making sure that antivirus protection and patches are all up to date across school and college systems.
Kaspersky’s advice to students for avoiding the malware threat includes searching for books you need in physical or online libraries, paying attention to what type of site is hosting the textbook download, not using outdated versions of operating systems and other software, being wary of email attachments (even those sent from acquaintances) and paying attention to the download file extensions e.g. don’t open .exe files.