Saturday, June 3, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • BSidesSF 2023 - Sanchay Jaipuriyar - Overwatch: A Serverless Approach To Orchestrating Your Security Automation
  • Why is Identity Security Awareness Becoming the Need of the Hour?
  • Fuzz Testing and Medical Devices
  • MOVEit Transfer Software: Critical Zero-day Being Actively Exploited
  • How to Stay Ahead of Future Requirements for the NIST SSDF
Data Security SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Worm Using Removable Drives to Distribute BLADABINDI Backdoor

SBN

Worm Using Removable Drives to Distribute BLADABINDI Backdoor

by David Bisson on November 27, 2018

A newly detected worm is propagating through removable drives to distribute a fileless variant of the BLADABINDI backdoor.

In mid-November, researchers at Trend Micro first observed the worm, which the security firm detects as “Worm.Win32.BLADABINDI.AA.” They’re still investigating the threat’s exact method for infecting a system. But after analyzing its propagation routine, the researchers determined that the worm likely propagates and enters a system through removable drives. Specifically, they spotted the worm installing a hidden copy of itself on any removable drive connected to the infected system.

Trend Micro found that the worm was using AutoIt to compile the payload and main script into a single executable, thereby complicating detection. With the help of an AutoIt script decompiler, the researchers identified the worm’s use of an auto-run registry that employs PowerShell to load the encoded executable as a fileless threat from memory and not from the system’s disks.

Screenshots showing PowerShell loading the encoded executable. (Source: Trend Micro)

The loaded executable, a variant of the BLADABINDI backdoor, uses port 1177 to connect to its command-and-control (C&C) server at water-boom[.]duckdns[.]org. This URL uses dynamic domain name system (DNS), which allows attackers to change or update the server’s IP address.

After creating a firewall policy allowing PowerShell, BLADABINDI then enables attackers to activate a keylogger, execute files and steal credentials from web browsers.

Trend Micro doesn’t downplay the threat posed by BLADABINDI, malware which previously preyed on wannabe attackers’ interest in cracking a target’s Facebook account. As the security firm’s researchers explained in a blog post:

The worm’s payload, propagation, and technique of filelessly delivering the backdoor in the affected system make it a significant threat. Users and especially businesses that still use removable media in the workplace should practice security hygiene.

Organizations can ensure (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/worm-using-removable-drives-to-distribute-bladabindi-backdoor/

November 27, 2018November 27, 2018 David Bisson backdoor, BLADABINDI, IT Security and Data Protection, Latest Security News, worm
  • ← IRISSCON 2018 Recap
  • ECC Memory Not Safe from Rowhammer Attack →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Sat 03

Simplify, Secure, Strengthen: Implementing Zero-Trust Across Your Endpoints

May 17 @ 1:00 pm - July 12 @ 2:00 pm
Thu 08

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes

June 8 @ 1:00 pm - 2:00 pm
Tue 13

Uncovering the Hidden Cybersecurity Threat in Your Organization

June 13 @ 1:00 pm - 2:00 pm
Wed 14

Enrich Security Investigations With ServiceNow Asset Data in Snowflake

June 14 @ 3:00 pm - July 24 @ 4:00 pm
Thu 15

Securing Containers & Kubernetes With AWS And Calico

June 15 @ 3:00 pm - 4:30 pm
Thu 22

Strange Bedfellows: Software, Security and the Law

June 22 @ 11:00 am - 12:00 pm
Thu 22

Sneak Peek: Cloud Security Prioritized With Sonrai

June 22 @ 1:00 pm - 2:00 pm
Thu 22

Unleash the Potential of Your Log and Event Data, Including AI’s Growing Impact

June 22 @ 3:00 pm - 4:00 pm
Jul 24

Identity and Access Management

July 24 @ 1:00 pm - 2:00 pm
Feb 12

Ransomware

February 12, 2024 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Understanding the Progression of a Ransomware Attack
‘Predator’ — Nasty Android Spyware Revealed
Failure to Pay Ransom: Negligence?
Making a Case for Single-Vendor SASE
Legacy AppSec Tools Getting Lost in the Cloud
Malicious extensions: Avast detects new threats on the Chrome Web Store
Why Attackers Target the Gaming Industry
Do you Know how to Protect Against Ransomware in 2023?
Discord Admins Hacked by Malicious Bookmarks
Why Cloud Did Not Kill the Data Center

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

Dark Web Threats Target Energy Industry as Cybercrime Tactics Shift
Analytics & Intelligence Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Malware Security Boulevard (Original) Threat Intelligence 

Dark Web Threats Target Energy Industry as Cybercrime Tactics Shift

June 2, 2023 Nathan Eddy | 1 day ago 0
‘Predator’ — Nasty Android Spyware Revealed
Analytics & Intelligence API Security Cyberlaw Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Predator’ — Nasty Android Spyware Revealed

May 30, 2023 Richi Jennings | 4 days ago 0
Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Industry Spotlight News Security Boulevard (Original) Spotlight 

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift

May 23, 2023 Michael Vizard | May 23 0

Top Stories

Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research

June 2, 2023 Richi Jennings | 1 day ago 0
COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT
Analytics & Intelligence API Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

May 26, 2023 Richi Jennings | May 26 0
Federal Appellate Court Approves ‘Pretext’ Border Search
Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) 

Federal Appellate Court Approves ‘Pretext’ Border Search

May 26, 2023 Mark Rasch | May 26 0

Security Humor

Eugene Kaspersky—is he a useful idiot?

Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.