Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. Using ETERNALBLUE, WannaCrypt propagated as a worm on older platforms, particularly Windows 7 and Windows Server 2008 systems that haven’t…

0

MSRT April release features Bedep detection

As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this April will include detections for: Win32/Bedep – Trojan family Win32/Upatre – Trojan family Ransom:MSIL/Samas – Ransomware family In this blog, we’ll focus on the Bedep family of trojans.   The bothersome Bedep Win32/Bedep was first…

1

Extracting the fare

When malware is found lurking on a system, quite often it isn’t acting alone. Once malware distributors have control of a system, they will do everything they can to compromise the machine and the user for maximum gain — for instance, hijacking a browser’s search results, or using rogue security software to extract payments from affected…

0

Little Red Ramnit: My, what big eyes you have, Grandma!

This month’s addition to MSRT is Win32/Ramnit. Having been discovered in April 2010, the family is relatively new, however, the authors of Ramnit seem to have a preference for using an older generation of malicious techniques. Whilst there are still a number of parasitic file infectors in the wild, the total number of malware families…

0