• UIWIX, the Fileless Ransomware that leverages NSA EternalBlue Exploit to spread

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » UIWIX, the Fileless Ransomware that leverages NSA EternalBlue Exploit to spread

    • This topic has 1 reply, 1 voice, and was last updated 6 years ago.

    Tags:

    Author
    Topic
    Kirsty
    Manager
    May 23, 2017 at 3:45 am #117835
    Options

    Security experts discovered a new ransomware family, dubbed UIWIX, that uses the NSA-linked EternalBlue exploit for distribution

    May 20, 2017 By Pierluigi Paganini

     
    The effects of the militarization of the cyberspace are dangerous and unpredictable. A malicious code developed by a government could create serious problems for the Internet users, the recent WannaCry massive attack demonstrates it that used the EternalBlue Exploit to spread.

    Now a new ransomware, dubbed UIWIX, was discovered to be using the NSA-linked EternalBlue exploit for distribution.

    UIWIX is a fileless malware discovered by experts at Heimdal security early this week while investigating on WannaCry.

    Like the WannaCry, UIWIX exploits the same vulnerability in Windows SMB protocol, but the new threat has the ability to run in the memory of the infected system after the exploiting of the EternalBlue.

     
    Read the full article here

    2 users thanked author for this post.
    HiFlyer, MrBrian
    Reply | Quote
    Viewing 0 reply threads
    Author
    Replies
    • Kirsty
      Manager
      May 23, 2017 at 3:49 am #117837
      Options

      Another article on UIWIX, by Ionut Arghire on securityweek.com:

      Furthermore, the security researchers say this ransomware family is also stealthier, containing code that allows it to terminate itself if a virtual machine (VM) or sandbox is detected. UIWIX also contains code that gathers the infected system’s browser login, File Transfer Protocol (FTP), email, and messenger credentials.

      Unlike WannaCry, UIWIX doesn’t use autostart and persistence mechanisms, is distributed in the form of a Dynamic-link Library (DLL). Interestingly, the malware terminates itself if the compromised computer is located in Russia, Kazakhstan, and Belarus, and uses mini-tor.dll to connect to an .onion site.

       
      Read the full article here

      Reply | Quote
    Viewing 0 reply threads
    Reply To: UIWIX, the Fileless Ransomware that leverages NSA EternalBlue Exploit to spread

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    June 2023
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    252627282930  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.