Quantcast
Channel: iTWire - Entertainment
Viewing all articles
Browse latest Browse all 4710

Malware creators got NSA exploits in Feb: claim

$
0
0
Malware creators got NSA exploits in Feb: claim

The people behind the latest malware outbreak probably had access to NSA exploits — which were used to craft the malicious code — well before the Shadow Brokers dumped them on the Web in April, researchers from the Finnish security firm F-Secure claim.

They said that clues in the timestamps of the malware code led them to believe that the exploits were available to the malware creators in February.

Microsoft was told by the NSA in January about the theft of the exploits and put off the release of its monthly security updates in February in order to have patches ready for them. Fixes for all the exploits were then released in March.

The malware — which security firms first called ransomware and later a disk-wiper — hit Europe on Wednesday Australian time and then spread to other countries.

{loadposition sam08}But F-Secure said that, given its findings, one could not be absolutely sure that this was not meant to be ransomware.

F-Secure security adviser Andy Sullivan speculated that while there was no "smoking gun" to indicate what the malware actually was, the company's analysis showed that the profit motive could not be junked.

Rob Graham, a researcher from another company, echoed similar thoughts.

F-Secure's Andy Patel said in a blog post on Friday that while the encryption-decryption code for the master boot record did not work, the code for carrying out the same function on system files was working.

He said that while the malware — which has been given various names such as Petya (nomenclature given to ransomware that already exists), NotPetya, ExPetr, Nyetya and GoldenEye — was new as far as the user-mode component was concerned, the code for attacking the MBR was taken from version 3 of the old Petya ransomware, which was known as GoldenEye.

The available evidence that Patel said had been collected pointed to the malware having been created in a hurry; for instance, a machine could re-infect itself and encrypt files twice. Additionally, a bug in the encryption routine could leave some files damaged and unable to be decrypted.

"At the end of the day, if someone wanted to build a 'wiper', why build an almost functional ransomware, save for a few bugs and a possibly misconfigured final package?" Patel asked.


Viewing all articles
Browse latest Browse all 4710

Trending Articles