BadRabbit: New strain of ransomware hits Russia and Ukraine

BadRabbit is self-propagating and has many similarities to the June 2017 Petya / NotPetya outbreak.続きを読む

BadRabbit is self-propagating and has many similarities to the June 2017 Petya / NotPetya outbreak.

続きを読む

Businesses most at risk from new breed of ransomware

The ransomware landscape has shifted dramatically in 2017 and organizations bore the brunt of the damage caused by new, self-propagating threats such as WannaCry and Petya.続きを読む

The ransomware landscape has shifted dramatically in 2017 and organizations bore the brunt of the damage caused by new, self-propagating threats such as WannaCry and Petya.

続きを読む

Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak

Enlarge (credit: National Police of Ukraine)
The third-party software updater used to seed last week’s NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack…

Enlarge (credit: National Police of Ukraine)

The third-party software updater used to seed last week's NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack was carefully planned and executed.

Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that's widely used in Ukraine. The report echoed findings reported earlier by Microsoft, Kaspersky Lab, Cisco Systems, and Bitdefender. Eset said a "stealthy and cunning backdoor" used to spread the worm probably required access the M.E.Doc source code. What's more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak.

"As our analysis shows, this is a thoroughly well-planned and well-executed operation," Anton Cherepanov, senior malware researcher for Eset, wrote. "We assume that the attackers had access to the M.E.Doc application source code. They had time to learn the code and incorporate a very stealthy and cunning backdoor. The size of the full M.E.Doc installation is about 1.5GB, and we have no way at this time to verify that there are no other injected backdoors."

Read 6 remaining paragraphs | Comments