Wednesday, November 28, 2018

Resurrection of the Worm - Fileless version of the malicious remote access tool njRAT that propagates as a worm via removable drives. It looks like Malwares (old and new) are going to behave like worm. Is it time to disable removable media and monitor Powershell?. It also time to revisit old school best practices like Segmentation and endpoint isolation.



This particular variant, identified as Worm.Win32.BLADABINDI.AA, leverages AutoIt, a free automation script language for Windows, to compile the final payload and the main script into one executable. The technique makes the ultimate payload difficult to detect

“The worm’s payload, propagation, and technique of filelessly delivering the backdoor in the affected system make it a significant threat,” the blog post concludes. “Users and especially businesses that still use removable media in the workplace should practice security hygiene. Restrict and secure the use of removable media or USB functionality, or tools like PowerShell


https://www.scmagazine.com/home/security-news/cybercrime/malicious-developer-creates-wormable-fileless-variant-of-njrat/

No comments:

Post a Comment