Jump to content

FYI To Eset In Regards To Recent M.E. Doc's Incident Article


Recommended Posts

In regards to this article: https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/ , I offer this analysis by NH-ISAC in regards to the discovery of a backdoor on the M.E. Doc's web site: https://nhisac.org/nhisac-alerts/petya-ransomware-updates/ .

Is it possible the perpetrators could can access to the M.E. Docs internal network through this web site backdoor to implant the malicious update code?

Edited by itman
Link to comment
Share on other sites

Also a download candidate from infected M.E. Doc web site would be last year's no. 1 malware:

Once again this year, the Windows worm Allaple, active since 2006, defended the number one spot on the ranking of most widely-distributed malware. It successfully proliferates when infected websites are visited. Once it has penetrated a Windows system, it replicates itself from computer to computer, even in password-protected networks, whereby as a polymorphic malware sample, it constantly changes its program code, which makes detecting the malware more difficult. Its various samples comprised over 15% of the entire malware detection for Windows systems!

Ref.: https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf


Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...