Dismiss this notice
EaseUS Partition Master Professional Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
SoftMaker Office Standard 2021 Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
Advanced Uninstaller PRO Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
O&O Defrag 24 Professional Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
O&O DiskImage 16 Professional Halloween 2020 Giveaway - [Only registered and activated users can see links Click here to register]

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast_Security_News: Beware of FritzFrog, a nasty piece of malware
#1
Bug 
Quote:
[Image: TVDumYE.png]

FritzFrog has been found in various networks since the beginning of the year

A new form of peer-to-peer (P2P) malware has been discovered that sets a new bar for nastiness.[Only registered and activated users can see links Click here to register], it has been found in various networks since the beginning of the year. Why is it so noteworthy? Several reasons: it is fileless, operates completely decentralized, was written from scratch, frequently updated and enhanced and hasn’t yet been claimed by any known threat actor. Let’s examine each of these points.

Fileless malware uses code that already exists on the average Windows endpoint, such as PowerShell, Windows Management Interface and Visual Basic. (There are Linux fileless cases, which is what FritzFrog runs on.)  I have a[Only registered and activated users can see links Click here to register] for Security Intelligence here. It is nasty because nothing sticks to the endpoint that uniquely identifies any malware, and it can persist after a reboot under special circumstances. To hide itself, it uses executable names of common programs like ifconfig and nginx, which at first glance seem benign but are names of legit pieces of Linux software tools.

FritzFrog’s code is also cleverly crafted. Many malware samples make use of existing open source or well-known past attack patterns. This frog is more of a prince and unique. What is more troubling is that the researchers have cataloged 20 different versions since they found the first samples back in January. These new versions contain data about newly identified targets and which endpoints have active running copies of the malware.

It also was hard to figure out its command structure, mainly because it didn’t have any centralized servers. We all probably remember how[Only registered and activated users can see links Click here to register] to its command server by Marcus Hutchins. FritzFrog was completely decentralized and worked by using a P2P network to control its operation and distribute workloads. Think about that last item for a moment: The code has an interesting load balancing technique to distribute the attacks across the P2P nodes, so that no two nodes ever try to attack the same target endpoint. That shows some careful attention to the details. Added to this was the ability of the malware to use encrypted communications via SSH to further avoid detection.

What is even more troubling is that the P2P protocol it uses isn’t some quick knock-off, but instead is proprietary and newly minted just for its own nefarious purpose. This P2P network is used to share files to infect new endpoints as well as run malicious payloads, such as the [Only registered and activated users can see links Click here to register].  

The Guardicore Labs researchers have[Only registered and activated users can see links Click here to register] that they used to ferret out the frogs. The script looks for oddly behaved processes that don’t have any existing executable files running over port 1234. That[Only registered and activated users can see links Click here to register], such as for streaming VLC video files and a few online games. But it has seen a variety of malware traffic over the years as well.

What can you learn from the frog attacks? A few things: first, if your security solution is just looking for ports and protocols, you need to up your game and find a better product that can scan for processes and more sophisticated attacks. Second, if you are still not using [Only registered and activated users can see links Click here to register], particularly among your development team, now is the time to get on board.

Because the frog is using SSH to communicate, you should examine all your gear – including routers and other IoT devices – and turn off SSH access if you aren’t using it or change it to a non-standard port if you are. Finally, you should ensure that the encryption keys used by FritzFrog aren’t part of your authorized key collections, because that would indicate that it has already penetrated your network.
...
[Only registered and activated users can see links Click here to register]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
No image AGAIN !!!
Due to blocking acce...Toligo technical account — 23:30
CDERR
The forum looks very...Toligo technical account — 23:27
Giveaway suggestions.
Due to blocking acce...Toligo technical account — 23:25
HA HA HA
Due to blocking acce...Toligo technical account — 23:18
USUŃCIE KONTO
Due to blocking acce...Toligo technical account — 23:17

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>