Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
New Malware Puts Nasty Spin On Remote Control
Newest First  |  Oldest First  |  Threaded View
rsexton322
50%
50%
rsexton322,
User Rank: Apprentice
3/22/2012 | 12:24:58 PM
re: New Malware Puts Nasty Spin On Remote Control
Well this just stinks! I am a network admin, and I take care of more than one network, which is more than one location and more than one company. I do this at night while most normal people are sleeping, and you can bet your behind I do this via remote control tools. I've not clicked the links in this article so I have only read this, but without question other than "monitoring" which you can rest assured I am on who does monitor and log everything so that part of my job which is very time consuming is done. I really need a sure fire way to ensure I am protected from this, and I do have current counter measures in place that if this article is correct, will provide protection against this attack, but I will not disclose publicly, but should someone else need this type of protection, I am for hire. :-)
I would think any company of any size with any number of online computers need and want remote access. Even a one man show will at times need access to data located at the office and unless they want to revert back to sneaker-net, remote access is needed. If you don't have remote access again, I am for hire. :-)
Rob
904-262-6046
HH000
50%
50%
HH000,
User Rank: Apprentice
3/22/2012 | 6:06:03 AM
re: New Malware Puts Nasty Spin On Remote Control
Any kind of malware's can be get rid of using Comodo Antivirus.
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
3/22/2012 | 12:29:49 AM
re: New Malware Puts Nasty Spin On Remote Control
At the root of all of this, this GeorBot seems to give an attacker a way of targeting specific users for their attack, rather than just picking random systems and going after full control of a system as opposed to shutting down or taking over specific services.

It's also somewhat amusing that the security research interviewed for this article is talking about ways of preventing this exploit at the end and how they are easier enumerated than accomplished. His recommendations are quite basic, quite simple and should be the first steps that anyone responsible for security on a network should take to assure the integrity of that network. Securing endpoints and making sure that they have all relevant patches is not hard with modern tools and is a requirement for a number of different legal compliance situations. But no matter what route you choose to secure systems, monitoring is an absolute must.

Andrew Hornback
InformationWeek Contributor


Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8813
PUBLISHED: 2020-02-22
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2020-9039
PUBLISHED: 2020-02-22
Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).
CVE-2020-8860
PUBLISHED: 2020-02-22
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. T...
CVE-2020-8861
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue ...
CVE-2020-8862
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the ...