itman 1,541 Posted July 4, 2017 Share Posted July 4, 2017 (edited) In regards to this article: https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/ , I offer this analysis by NH-ISAC in regards to the discovery of a backdoor on the M.E. Doc's web site: https://nhisac.org/nhisac-alerts/petya-ransomware-updates/ . Is it possible the perpetrators could can access to the M.E. Docs internal network through this web site backdoor to implant the malicious update code? Edited July 4, 2017 by itman Link to comment Share on other sites More sharing options...
itman 1,541 Posted July 4, 2017 Author Share Posted July 4, 2017 Also a download candidate from infected M.E. Doc web site would be last year's no. 1 malware: Once again this year, the Windows worm Allaple, active since 2006, defended the number one spot on the ranking of most widely-distributed malware. It successfully proliferates when infected websites are visited. Once it has penetrated a Windows system, it replicates itself from computer to computer, even in password-protected networks, whereby as a polymorphic malware sample, it constantly changes its program code, which makes detecting the malware more difficult. Its various samples comprised over 15% of the entire malware detection for Windows systems! Ref.: https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf Link to comment Share on other sites More sharing options...
Recommended Posts