Over 50,000 Infected Files, Disguised in Essays and Manuals, Used in Online Attacks

Kaspersky experts discovered that 53,531 infected or potentially unwanted files, disguised in essays and textbooks for schools and universities, were used in 356,662 attacks on 104,819 users from August 2018 to July 2019,

The number of attacks is down 21%, compared to the previous year’s figures. These figures are part of Kaspersky’s “Back to School” report.

Many textbooks can be found online, and some students choose to avoid high costs by downloading them from pirated sites or forums, along with different essays. As usual, attackers take advantage of this tendency to distribute malware.

In total, there were 17,755 threats claiming to be books for students, most often false English (2,080), mathematics (1,213) and literature (870). The vast majority of threats hidden under these forms ranged from annoying but not dangerous adware or unsolicited software to extremely dangerous malware to steal money.

The remaining 35,776 threats were disguised in essays and papers on various topics. When the researchers examined them, they noticed something unusual: in 35.5% of cases, the most popular malware was an eight-year-old worm-like – a type of threat that is no longer seen today. It has been actively distributed via USB sticks. Upon closer examination, experts came to the conclusion that the worm “lives” on the printing services’ computers, which are often used for years without periodic security updates and run old versions of programs. The worm reaches there through what appears to be an essay that needs to be printed.

“Students who are trying to avoid paying for textbooks and other educational materials are creating an unmatched opportunity for cybercriminals. This becomes a serious problem for educational organizations, since once a computer is infected in the school network, it can easily spread to other devices. Not all schools are prepared to respond effectively to incidents, as educational organizations are considered a typical target for fraudsters, and attackers use every opportunity they encounter. In this context, precautionary measures are vital for such organizations,” said Maria Fedorova, security researcher at Kaspersky.