Cyberpolice: BadRabbit Virus used update Flash Player

Киберполиция: Вирус BadRabbit использовал обновления Flash Player

A new virus-the Trojan struck computers

It became known how the virus got into computers.

For the spread of the virus BadRabbit used the fake update to Adobe Flash Player. On Wednesday, October 25, reported the press service of the Channel.

24 October, there were isolated attacks such as drive-by-download using program the cipher, which was named BadRabbit. Cyberpolice found that in the code BadRabbit is duplicated and similar code elements Forex/ NotPetya. But unlike its predecessor cryptographer BadRabbit does not destroy information on the hard drives of the affected computers. Experts say that the real goal of this attack was the desire of criminals to enrich themselves and it was feasible only out of selfish motives.

It should be noted that among the affected countries, Ukraine struck less.

New virus to spread as the main vector uses the sites from which users have downloaded a fake Flash update. Another difference viruses is that BadRabbit does not use vulnerability EternalBlue.

The facts of destruction of victims ‘ computers by opening files, electronic documents, sent via e-mail from an unidentified sender also took place and verified.

Also employees of police found that in the code BadRabbit was discovered reference to a fantasy television series Game of thrones. For example, scheduled tasks are the names of the three dragons from the show: Drogon, Rhaegal, Viserion. Earlier similar message to the popular fantasy Saga was seen by world experts in one of the scripts that was used to spread a known Trojan Locky.

As reported, the virus Bad Rabbit who attacked on Tuesday, October 24, Ukraine, recorded also in Russia, Turkey and Germany.