Updated:03:00 PM EST Jan 19


this is ggmania.com subsite New Iranian wiper (malware) discovered - TechAmok

TOP STORIES

HEADLINES

490+ kilometers per hour - Bugatti Chiron
NVIDIA's Next-Generation Ampere GPUs to be 50% Faster than Turing
What If Earth Was Hit By A Grain Of Sand Going Light of Speed
i9 10900K is up to 30% faster than the i9 9900K
You Can Still Upgrade To Windows 10 For Free
KENOBI - A Star Wars Fan Film
Breaking Into a Smart Home With A Laser
Gorilla Suddenly Punches Glass
Extended Security Updates will extend to 2023 for MSE on Windows 7
The best pics on the Internet #270
The best pics on the Internet #269
Who pays the lowest taxes in the US?
InvisibleShield Offers Camera Lens Protection
The best pics on the Internet #268
Dangerous tattoo remover from eBay is a MILLION watt laser
AMD Announces the Radeon RX 5500 XT Graphics Card
Apple sues former chip designer for breach of contract
How to Extend Your Windows 7 Security Updates Past January 2020

We Left Teeth In Coke For A Week (EXPERIMENT)
GOLDMAN v SILVERMAN
Watch A SpaceX Falcon 9 Rocket Explode After Takeoff
Guy Jumps Into The Water Holding A Ball, Nearly Launches It Into
Rare Moments of Referees
Heres how just four satellites could provide worldwide internet
Watch chemical bonds forming and breaking in a molecule
Joe Biden wants to revoke Section 230
IGORRR - VERY NOISE
A Gibbon's Screams Are Very, Very Weird
Lock Makers, Please Stop!
Guns Akimbo - Official Trailer
NVIDIA GeForce 442.01 Hotfix Driver
AMD Releases Radeon Software Adrenalin 20.1.2 Drivers
Samsung Galaxy S20+ shown off in hands on video
Serious security vulnerability in a core cryptographic component
Microsoft's Windows 7 Reaches End-Of-Life
Giant Boeing 747 Vertical Takeoff

New Iranian wiper (malware) discovered - [security]
04:27 PM EST - Dec,04 2019 - post a comment

IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East. The sample was discovered in a response to an attack on what an IBM spokesperson described as "a new environment in the [Middle East]-not in Saudi Arabia, but another regional rival of Iran." Dubbed ZeroCleare, the malware is "a likely collaboration between Iranian state-sponsored groups," according to a report by IBM X-Force researchers. The attacks were targeted against specific organizations and used brute-force password attacks to gain access to network resources. The initial phase of the attacks was launched from Amsterdam IP addresses owned by a group tied to what IBM refers to as the "ITG13 Group"-also known as "Oilrig" and APT34. Another Iranian threat group may have used the same addresses to access accounts prior to the wiper campaign. In addition to brute force attacks on network accounts, the attackers exploited a SharePoint vulnerability to drop web shells on a SharePoint server. These included China Chopper, Tunna, and another Active Server Pages-based webshell named "extensions.aspx," which "shared similarities with the ITG13 tool known as TWOFACE/SEASHARPEE," the IBM researchers reported. They also attempted to install TeamViewer remote access software and used a modified version of the Mimikatz credential-stealing tool-obfuscated to hide its intent-to steal more network credentials off the compromised servers. From there, they moved out across the network to spread the ZeroCleare malware.

ZeroCleare, like the Shamoon wiper, uses the legitimate RawDisk software driver from EldoS to gain direct access to disk drives and write data. Since the EldoS driver is not signed, however, ZeroCleare uses a vulnerable but signed driver from a version of Oracle's VirtualBox virtual machine software to bypass signature checking of the driver-allowing it to attack 64-bit versions of Windows. The VBoxDrv driver, which passes Microsoft's Driver Signature enforcement, is loaded by an intermediary executable-in the IBM X-Force detected cases, the file was named soy.exe. After loading the vulnerable VirtualBox driver, the malware exploits a bug in the driver to load the unsigned EldoS driver. On 32-bit Windows systems, which lack Driver Signature Enforcement, the malware can dispense with the workaround and run the EldoS driver directly. The payload of the malware is called ClientUpdate.exe. Using the EldoS driver, it overwrites the Master Boot Record and disk partitions of the infected machine.

Short overview of recent news articles

Jan,13 2020 E:60 - Meet 'The Michael Jordan of Dogs'
Jan,13 2020 Marcin Patrzalek: Polish Guitarist MURDERS His Guitar!
Jan,13 2020 Disturbed - Down With The Sickness in 20 Styles
Jan,13 2020 Samsung XCover Pro Targets Businesses
Jan,13 2020 Microsoft will support Edge on Windows 7 for at least 18 months
Jan,11 2020 Samsung's booth: the Galaxy Chromebook, The Wall, and more
Jan,11 2020 Dell Shows Off Foldable and Dual Screen Laptops at CES
Jan,11 2020 Google Pay Now Supports Student ID Cards
Jan,10 2020 This Byton electric car has a 48-inch screen
Jan,10 2020 AMD Releases Radeon Software Adrenalin 20.1.1
Jan,09 2020 Intel Unveils Xe DG1-SDV Graphics Card
Jan,09 2020 Brahms: The Boy 2 - Official Trailer
Jan,09 2020 New Shock-Absorbing Material for Phone Cases Doesn't Block 5G
Jan,09 2020 BIRDS OF PREY - Official Trailer 2
Jan,09 2020 Samsung's T7 Touch Portable 2TB SSD has fingerprint scanner
Jan,08 2020 Europe's Strongest Man 2019
Jan,08 2020 Locke & Key - Official Trailer
Jan,08 2020 Intel Xe DG1 discrete graphics demo
Jan,08 2020 NVIDIA Ends Quadro Driver Support for Windows 7 from Mid-January
Jan,08 2020 Iran: Boeing 737 with at least 170 on board crashes
Jan,07 2020 Google Assistant Gains New Speaking, Privacy Actions
Jan,07 2020 Bebe Rexha HOT Sexy Bikini Dance
Jan,07 2020 Ozzy Osbourne - Straight to Hell (Official Music Video)
Jan,07 2020 AMD Ryzen Threadripper 3990X Pricing
Jan,06 2020 New New Mutants Trailer
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs