Week 1 Forum

https://www.thecyberwire.com/current.html

“The internet has changed dramatically from its origin, it has grown from a small number of universities and government agencies to a worldwide network with more than two billion users” (Kim & Solomon, p. 1). In today’s forum I would like to discuss a new malware found targeting five Eastern European States (Ukraine, Poland, Hungary, Slovakia, and the Czech Republic) according to the Czech security firm ESET. Unfortunately, the group behind these attacks couldn’t be identified, they using a smart and efficient malware named SBDH, which is distributed via spear-phishing emails. One would think that people can catch the malware easily since they using phishing emails, but the smart trick they using is the double-extension trick. “The latter is efficient because of Windows' habit of hiding a file's extension by default. This allows crooks to disguise a file like malware.doc.exe as malware.doc, fooling the user into opening an executable instead of a Word document” (Catalin Cimpanu, July 1st 2016).

After a victim installs the malware, SBDH will connect to the C&C server, which will download components that allows them to open doors to the infected PC meaning they have access and leave its data vulnerable.

SBDH has various ways of stealing data through HTTP, SMTP or via emails. SBDH though, requires a reliable internet connection to work because by default it retrieves its data via HTTP. Its versatility makes it an even more dangerous malware because if there a is protection system put in place than it can also steal the data via SMTP protocol, or via actual emails by having the C&C server commands and the stolen data embedded into the content of the email. However, if the HTTP way works, SBDH will still need a way to hide its commands and stolen data by using a method called steganography. “Steganography is the science of hiding data within a data” (Gary C Kessler, September 2001). In case the C&C server...