Malicious PE files – no they’re not malware that target the physical education classes at your neighborhood school, or the P.E./Health courses at the local university, or any P.E. classes at any school for that matter. Malicious PE files can be delivered by a Trojan, a worm, an advanced persistent threat (APT), ransomware and other viruses that infect PE files, and they are a major threat to any computer system.
First, a PE lesson
PE, which is an abbreviation for portable executable, is a Microsoft file format used for executable files, object files, dynamic-link library files (DLLs) and other files. This format has been used by Windows operating systems since the introduction of Windows NT 3.1. If a file has any of the following extensions it has a PE file format: .cpl, .dll, .exe, .ocs, .scr and .sys. It is this format that allows Windows to manage executable code. In other words, these PE files have information that shows the Windows operating system how they should be loaded and executed. They are legitimate and benign files and play a key role in all of Microsoft’s operating systems. The problem starts when the PE files are infected with malicious code.
Malicious PE files
PE infection occurs when arbitrary or malicious code is inserted into a portable executable. Since the PE format was not designed to be resistant to code modification, it is relatively easy to inject PE files with malicious code. Many Trojans, backdoors, ransomware, worms, and advanced persistent threat (APT) malware work by infecting PE files. Once the PE files on a computer are infected, the malware can run without the user ever knowing.
Ramnit is a prime example of malware that infects portable executables and other files already stored on the computer. Ramnit is used to steal usernames and passwords and to enslave infected computers into a botnet that hackers can use to proliferate a number of viruses. It can be distributed via spam email campaigns, phishing campaigns and even fake tech support scams. In 2018, Ramnit infected over 100,000 machines in two months. It is still considered one of the top banking malware today.
Another example is the Sality virus, a self-propagating worm that is still prevalent. It operates by infecting portable executables, DLL files and other Windows files and overtime has evolved to become increasingly dangerous and evasive. It is usually spread via email spam and has a number of malicious capabilities in addition to code injection such as keylogging and information stealing, generating and spreading spam, preventing users from visiting security websites, employing rootkit functions, and more. Although Sality originated in 2003, it’s still going strong and because of all of its malicious capabilities, continues to pose a significant threat to user privacy and computer security.
An obstacle to growth and expansion
Today, cybercrime is one of the biggest obstacles to growth and expansion for businesses and it’s on the rise. In the last year alone, 76 percent of US businesses experienced a cyber attack and more than 5 billion records were compromised in 2019, costing US organizations more than $1.2 trillion. Cyber breaches can impact a business’ sales, damage its reputation, expose intellectual property, marketing ideas, and expansion plans to competitors, impact revenue gains, impede innovation, and generally cost a lot of money and cause a lot of heartache. It’s no wonder that nearly 1 out of 8 small businesses will be forced into bankruptcy this year as a result of a cyberattack.
The real PE lesson
The undeniable takeaway or PE lesson here, therefore, is that businesses must be able to protect themselves from malicious PE files. They must protect their data and their computer systems from malware that infects files via injection and any other type of malware. Fortunately, they can do this by practicing proper cybersecurity hygiene such as keeping their computers up to date with the latest software patches, following password best practices, and installing a reputable endpoint antivirus (AV) solution that protects all of its business systems. The AV should be able to perform PE malware analysis and other malware analysis so it can detect and eliminate viruses before they do any damage.
Practice your PE drills and exercises
To receive a high grade in PE class, we had to put on our gym clothes and participate in drills and exercises. Getting a high grade in cybersecurity is not that different. You need to install a powerful and advanced endpoint antivirus solution on your business systems and exercise strong cybersecurity measures. The consequences of not getting a high score in PE class and not getting a high score in cybersecurity, however, are worlds apart. Not getting a good grade in PE class might have meant a little embarrassment and a lower GPA; not getting a good grade in cybersecurity could mean the end of your business.