Current Events > Backdoor built in widely used tax app seeded last weeks NotPetya outbreak

Topic List	Page List: 1
luigi13579 07/06/17 3:17:31 PM #1:	https://arstechnica.co.uk/security/2017/07/notpetya-medoc-tax-app-backdoor Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that's widely used in Ukraine. The report echoed findings reported earlier by Microsoft, Kaspersky Lab, Cisco Systems, and Bitdefender. Eset said a "stealthy and cunning backdoor" used to spread the worm probably required access the M.E.Doc source code. What's more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak. "As our analysis shows, this is a thoroughly well-planned and well-executed operation," Anton Cherepanov, senior malware researcher for Eset, wrote. "We assume that the attackers had access to the M.E.Doc application source code. They had time to learn the code and incorporate a very stealthy and cunning backdoor. The size of the full M.E.Doc installation is about 1.5GB, and we have no way at this time to verify that there are no other injected backdoors." Researchers have said NotPetya is unable to decrypt the hard drives it encrypts. The shortcoming, many researchers say, means NotPetya isn't financially motivated ransomware. Instead, it is the equivalent of a disk wiper with the objective of permanently destroying data. On Wednesday, researchers at antivirus-provider Kaspersky Lab added to the intrigue by saying that the M.E.Doc backdoor that spread NotPetya was used to distribute at least one other malicious program at the same time. That's quite scary actually. Theoretically, anyone could be vulnerable to malware like this if updates for a piece of software they have installed are hijacked. This again shows the danger of software backdoors too. <cite>luigi13579 posted [p:882441269] in Backdoor b... [t:75537721]...</cite> <quote>https://arstechnica.co.uk/security/2017/07/notpetya-medoc-tax-app-backdoor Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that's widely used in Ukraine. The report echoed findings reported earlier by Microsoft, Kaspersky Lab, Cisco Systems, and Bitdefender. Eset said a "stealthy and cunning backdoor" used to spread the worm probably required access the M.E.Doc source code. What's more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak. "As our analysis shows, this is a thoroughly well-planned and well-executed operation," Anton Cherepanov, senior malware researcher for Eset, wrote. "We assume that the attackers had access to the M.E.Doc application source code. They had time to learn the code and incorporate a very stealthy and cunning backdoor. The size of the full M.E.Doc installation is about 1.5GB, and we have no way at this time to verify that there are no other injected backdoors." Researchers have said NotPetya is unable to decrypt the hard drives it encrypts. The shortcoming, many researchers say, means NotPetya isn't financially motivated ransomware. Instead, it is the equivalent of a disk wiper with the objective of permanently destroying data. On Wednesday, researchers at antivirus-provider Kaspersky Lab added to the intrigue by saying that the M.E.Doc backdoor that spread NotPetya was used to distribute at least one other malicious program at the same time. That's quite scary actually. Theoretically, anyone could be vulnerable to malware like this if updates for a piece of software they have installed are hijacked. This again shows the danger of software backdoors too.</quote> ... Copied to Clipboard!
Topic List	Page List: 1

Page List: 1

luigi13579
07/06/17 3:17:31 PM
#1:

https://arstechnica.co.uk/security/2017/07/notpetya-medoc-tax-app-backdoor

Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that's widely used in Ukraine. The report echoed findings reported earlier by Microsoft, Kaspersky Lab, Cisco Systems, and Bitdefender. Eset said a "stealthy and cunning backdoor" used to spread the worm probably required access the M.E.Doc source code. What's more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak.

"As our analysis shows, this is a thoroughly well-planned and well-executed operation," Anton Cherepanov, senior malware researcher for Eset, wrote. "We assume that the attackers had access to the M.E.Doc application source code. They had time to learn the code and incorporate a very stealthy and cunning backdoor. The size of the full M.E.Doc installation is about 1.5GB, and we have no way at this time to verify that there are no other injected backdoors."

Researchers have said NotPetya is unable to decrypt the hard drives it encrypts. The shortcoming, many researchers say, means NotPetya isn't financially motivated ransomware. Instead, it is the equivalent of a disk wiper with the objective of permanently destroying data. On Wednesday, researchers at antivirus-provider Kaspersky Lab added to the intrigue by saying that the M.E.Doc backdoor that spread NotPetya was used to distribute at least one other malicious program at the same time.

That's quite scary actually. Theoretically, anyone could be vulnerable to malware like this if updates for a piece of software they have installed are hijacked. This again shows the danger of software backdoors too.

<cite>luigi13579 posted [p:882441269] in Backdoor b... [t:75537721]...</cite>
<quote>https://arstechnica.co.uk/security/2017/07/notpetya-medoc-tax-app-backdoor

Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that's widely used in Ukraine. The report echoed findings reported earlier by Microsoft, Kaspersky Lab, Cisco Systems, and Bitdefender. Eset said a "stealthy and cunning backdoor" used to spread the worm probably required access the M.E.Doc source code. What's more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak.

"As our analysis shows, this is a thoroughly well-planned and well-executed operation," Anton Cherepanov, senior malware researcher for Eset, wrote. "We assume that the attackers had access to the M.E.Doc application source code. They had time to learn the code and incorporate a very stealthy and cunning backdoor. The size of the full M.E.Doc installation is about 1.5GB, and we have no way at this time to verify that there are no other injected backdoors."

Researchers have said NotPetya is unable to decrypt the hard drives it encrypts. The shortcoming, many researchers say, means NotPetya isn't financially motivated ransomware. Instead, it is the equivalent of a disk wiper with the objective of permanently destroying data. On Wednesday, researchers at antivirus-provider Kaspersky Lab added to the intrigue by saying that the M.E.Doc backdoor that spread NotPetya was used to distribute at least one other malicious program at the same time.

That's quite scary actually. Theoretically, anyone could be vulnerable to malware like this if updates for a piece of software they have installed are hijacked. This again shows the danger of software backdoors too.</quote>

... Copied to Clipboard!

Topic List

Page List: 1

Current Events > Backdoor built in widely used tax app seeded last weeks NotPetya outbreak (+) Yeah! (+)

Current Events > Backdoor built in widely used tax app seeded last weeks NotPetya outbreak