Experts: Ukraine has again activated the virus

Эксперты: В Украине снова активировался вирус

Ukraine expects a second wave of cyber attacks

A new wave of distribution began on 22 August.

Specialists ISSP Labs 22 Aug recorded new wave of the spread of the virus using the official website of the company is to develop a set of accounting Finance Crystal Millennium. This is reported in the company’s ISSP.

“When monitoring virus activity was detected newsletter, which was identified an interesting pattern. A file with the name “док.zip” loaded together with the received email, which opens the victim, and is a text file with script language JavaScript”, – reported experts ISSP.

The script is a Downloader, whose main task is to download and run the executable file (module) load.exe that becomes the window for intruders.

Malicious file collects information on the victim’s computer and sends it to the command centers of the attackers. This same file is waiting for instructions from the attackers to install additional modules. They turn the victim’s computer in the desired for hackers resource (it may be backdoor through which attackers can infiltrate the infrastructure, bypassing the protection; the Keylogger is to gather information about the keystrokes and send it to the command centers; a scanner that will gather information about grab infrastructure and much more).

At the moment access to the site impossible. Instead it is a plug that the resource is blocked by the administrator of the hosting provider Besthosting.

“Perhaps the attackers have used the vulnerability of the site to host the malicious file, or is the result of the attack NotPetya 27.06.2017 (attackers left any possibility of unauthorized entry and now they have used). So maybe this is the first “swallow” of preparing a full-scale cyber-attacks before the holidays,” say the experts ISSP Labs.

We will remind, earlier the SBU warned of a new powerful attack.

As reported Корреспондент.neton 27-29 June, the servers of many government agencies and commercial structures in Ukraine suffered a large-scale cyber attack.

Source