Lithuania is among those most affected by the new Trojan: experts warn small businesses in particular

The GenScript.KLH Trojan spreads primarily through insecure business email. mail servers and email mail server service providers. The purpose of this program is to steal confidential information, various login details, etc., add your computer to botnets, download additional malware, and finally encrypt the files on your computer.

To email A malicious intruder detects a stored email server. letters with attached documents. They get infected with the VBA / TrojanDownloader.Agent script and send it back to the sender of the email or other recipient on the server. When the recipient of the email opens the infected document, an encrypted command is triggered, which downloads the executable file and begins to run.

The organizations most affected in Lithuania

According to ESET telemetry, malware has had the greatest impact on companies and organizations operating in Greece. It registered up to 17.7 percent. all violations, write a press release. Japan (16.5%), Lithuania (15.3%), Romania (9.1%) and Spain (3.1%) are next on the list.

The GenScript.KLH Trojan spreads via email running in Windows and Linux environments. mail servers. Companies and state institutions with their own emails have suffered the most from this malware in Lithuania. mail servers or use the services of providers that provide this service and that until now have turned a blind eye to the security of said servers. Currently, the biggest threat is to small companies that do not take care of the necessary security solutions, ”says Ramūnas Liubertas, IT engineer at ESET Lietuva.

According to him, commercial companies operating in Lithuania immediately rushed to implement advanced security solutions in their email. postal systems. However, the situation is much more complicated in public institutions, which must carry out legal recruitment procedures. They could only be accelerated by treating the situation as “force majeure”. This means that they will only be able to implement the protection solutions against this attack after 2-3 weeks.

The attack, which began last week, continues. Businesses and organizations will feel it until the sources of the attack are stopped and the necessary solutions are deployed to all email recipients. mail servers.

According to VirusTotal, the mutated variant of the Trojan that attacked Lithuania, VBA / TrojanDownloader.Agent.URB, has only been detected by Microsoft, Kaspersky, BitDefender since Monday, AVG and Avast antivirus are still not detected, therefore these programs are advises users to seek additional protection.

R. Liubert recalls that in 2017, companies operating in Lithuania also felt the impact of the WannaCry virus: its attack on the world had stopped the functioning of computer systems. After the attack, the activities of banks, health, airports and other critical systems were paralyzed for a long time. The virus that encrypted file systems and demanded bitcoin redemption has changed the way we perceive cybersecurity threats.

Tips to protect yourself from malware

Cybersecurity expert Marius Pareščius notes that consumers who have received malicious emails may not suspect anything wrong. Because the program collects information about the messages stored on the server and their contacts, messages with the simplest Microsoft Word file (* .doc) are sent on behalf of known people. The latter contains a virus spreading script that collects data from a user’s computer and downloads the virus to them. In this way, the virus spreads even further. The expert compares such a situation with an address book accidentally left in a public place. It is true that in the case of a virus, the consequences can be more drastic.

According to M. Pareščius, to protect against this type of malware and similar ones, three aspects are important: user education on cybersecurity, constant maintenance of users’ computers, installation of antivirus programs and, of course, maintenance proper servers.

According to the expert’s observations, e. Mail servers require software to filter these types of viruses. As an example, provide emails from Gmail. email filters that by themselves prevent the spread of viruses: “This email Email detects similarities to other viruses and automatically applies a filter to prevent users from receiving such emails. And here are the emails that businesses use for common ISPs. mail servers do not have such filters, so the virus spreads rapidly among service users. “

With this in mind, when you receive an email with an attachment, it is always a good idea to think about whether it really is an email that was sent to you and whether you have been waiting for that file. “If in doubt, delete said letter or ask the sender about the content of the letter. Of course, it is not advisable to click” reply “on such a letter, because all this will go to the creators of the virus and not to the supposed sender of the letter “, says M. Pareščius.

GenScript.KLH Trojan FAQ

How does the GenScript.KLH Trojan spread?

According to ESET Lithuania Helpdesk, email Trojan GenScript.KLH for infections transmitted by mail servers (Trojans and botnets). It is distributed as an attachment together with the sent emails. by letters. The malware also targets mail stored on the mail server, which is infected with a VBA / TrojanDownloader.Agent script and is sent to random recipients.

What does a document infected by a Trojan look like?

A document affected by a GenScript.KLH Trojan that is infected with the VBA / TrojanDownloader.Agent VBA script is detected and identified as a GenScript.KLH Trojan. This method of malware distribution allows you to send spam emails. mail servers. Malware spreads when the infected * .doc file is opened, the encrypted Powershell command is activated, and the executable * .exe file is downloaded.

The purpose of this program is to steal confidential information, various login details, etc., add your computer to botnets, download additional malware, and finally encrypt the files on your computer. The malware Trojan GenScript.KLH most frequently attacks the mail servers of Lithuanian companies and state institutions, e-mail. Mail server service providers and people who have no virus protection or insufficient virus protection are not scanned by the sender header.

Do Mail Server Security Solutions Stop Malware – Trojans and Botnets?

Yes, according to ESET’s GenScript.KLH Trojan, customers with email protection have email and installed all necessary software updates to prevent this malware attack. Companies are advised to install the latest email from the selected manufacturer on the mail server. email server protection and enable email. verification of letter headings. It is also important to use the latest antivirus with antispam functionality and a firewall in the workplace. A task for periodic job analysis must also be configured through the device’s remote control console.

Why use additional email? mail protection layer with technology called “sandbox” in the cloud?

Company Employee Email Mailboxes are the most common system vulnerable to viruses. So-called “sandbox” technology provides an additional layer of protection in the cloud. The dangerous file is analyzed in a virtual “sandbox” environment simulating the operation of a normal computer. This helps detect newly created and undetected malicious viruses and prevents them from entering the company network.

What to do for users who have opened email with malicious code?

Realizing that the email was still open. email with malicious code, it is important to follow these three steps:

1. Send an email to all computers where the email was opened. emails with malicious code, verification. This can be done by scanning computers with the latest antivirus software or by scanning your device for malware;
2. Install the latest patches for the operating system and applications used. Always use the latest software versions;
3. change the passwords of the accounts used on the computer (information systems, email, social networks, etc.).