Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security researcher creates new backdoor inspired by leaked NSA malware

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 25 Apr 2019 09:19:42 +0000 (UTC)
https://www.zdnet.com/article/security-researcher-creates-new-backdoor-inspired-by-leaked-nsa-malware/

By Catalin Cimpanu
Zero Day
ZDNet News
April 24, 2019
A security researcher has created a proof-of-concept backdoor inspired by the NSA malware that leaked online in the spring of 2017.
This new malware is named SMBdoor and is the work of RiskSence security researcher Sean Dillon (@zerosum0x0).
Dillon designed SMBdoor as a Windows kernel driver that once installed on a PC will abuse undocumented APIs in the srvnet.sys process to register itself as a valid handler for SMB (Server Message Block) connections.
The malware is very stealthy, as it doesn't bind to any local sockets, open ports, or hooks into existing functions, and by doing so avoiding triggering alerts for some antivirus systems. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: