Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Security researcher creates new backdoor inspired by leaked NSA malware
Source: ZDNet
Security researcher creates new backdoor inspired by leaked NSA malware
New experimental backdoor highlights an OS section that antivirus products are not looking at.
By Catalin Cimpanu for Zero Day | April 24, 2019 -- 23:23 GMT (16:23 PDT) | Topic: Security
A security researcher has created a proof-of-concept backdoor inspired by the NSA malware that leaked online in the spring of 2017.
This new malware is named SMBdoor and is the work of RiskSense security researcher Sean Dillon (@zerosum0x0).
Dillon designed SMBdoor as a Windows kernel driver that once installed on a PC will abuse undocumented APIs in the srvnet.sys process to register itself as a valid handler for SMB (Server Message Block) connections.
The malware is very stealthy, as it doesn't bind to any local sockets, open ports, or hooks into existing functions, and by doing so avoiding triggering alerts for some antivirus systems.
Its design was inspired by similar behavior that Dillon has seen in DoublePulsar and DarkPulsar, two malware implants designed by the NSA that were leaked online by a nefarious hacking group known as The Shadow Brokers.
-snip-
New experimental backdoor highlights an OS section that antivirus products are not looking at.
By Catalin Cimpanu for Zero Day | April 24, 2019 -- 23:23 GMT (16:23 PDT) | Topic: Security
A security researcher has created a proof-of-concept backdoor inspired by the NSA malware that leaked online in the spring of 2017.
This new malware is named SMBdoor and is the work of RiskSense security researcher Sean Dillon (@zerosum0x0).
Dillon designed SMBdoor as a Windows kernel driver that once installed on a PC will abuse undocumented APIs in the srvnet.sys process to register itself as a valid handler for SMB (Server Message Block) connections.
The malware is very stealthy, as it doesn't bind to any local sockets, open ports, or hooks into existing functions, and by doing so avoiding triggering alerts for some antivirus systems.
Its design was inspired by similar behavior that Dillon has seen in DoublePulsar and DarkPulsar, two malware implants designed by the NSA that were leaked online by a nefarious hacking group known as The Shadow Brokers.
-snip-
Read more: https://www.zdnet.com/article/security-researcher-creates-new-backdoor-inspired-by-leaked-nsa-malware/
