На почитать. Честно говоря охренеть.
Jul. 4th, 2017 06:47 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mdmxhttps://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/
...
Conclusions
As our analysis shows, this is a thoroughly well-planned and well-executed operation. We assume that the attackers had access to the M.E.Doc application source code. They had time to learn the code and incorporate a very stealthy and cunning backdoor. The size of the full M.E.Doc installation is about 1.5GB, and we have no way at this time to verify that there are no other injected backdoors.
There are still questions to answer. How long has this backdoor been in use? What commands and malware other than DiskCoder.C or Win32/Filecoder.AESNI.C has been pushed via this channel? What other software update supply chains might the gang behind this attack have already compromised but are yet to weaponize?
Апд:https://m.habrahabr.ru/company/drweb/blog/332444/.e.doc-soderzhit-bekdor--d
...
Conclusions
As our analysis shows, this is a thoroughly well-planned and well-executed operation. We assume that the attackers had access to the M.E.Doc application source code. They had time to learn the code and incorporate a very stealthy and cunning backdoor. The size of the full M.E.Doc installation is about 1.5GB, and we have no way at this time to verify that there are no other injected backdoors.
There are still questions to answer. How long has this backdoor been in use? What commands and malware other than DiskCoder.C or Win32/Filecoder.AESNI.C has been pushed via this channel? What other software update supply chains might the gang behind this attack have already compromised but are yet to weaponize?
Апд:https://m.habrahabr.ru/company/drweb/blog/332444/.e.doc-soderzhit-bekdor--d
