mdmx: (Default)
[personal profile] mdmx
https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/
...
Conclusions

As our analysis shows, this is a thoroughly well-planned and well-executed operation. We assume that the attackers had access to the M.E.Doc application source code. They had time to learn the code and incorporate a very stealthy and cunning backdoor. The size of the full M.E.Doc installation is about 1.5GB, and we have no way at this time to verify that there are no other injected backdoors.

There are still questions to answer. How long has this backdoor been in use? What commands and malware other than DiskCoder.C or Win32/Filecoder.AESNI.C has been pushed via this channel? What other software update supply chains might the gang behind this attack have already compromised but are yet to weaponize?

Апд:https://m.habrahabr.ru/company/drweb/blog/332444/.e.doc-soderzhit-bekdor--d
From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

mdmx: (Default)
mdmx

July 2017

S M T W T F S
      1
2 3 4 56 78
9 10 11 12 13 1415
16 17 18 19 20 2122
23242526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 22nd, 2017 04:31 pm
Powered by Dreamwidth Studios