New Version of Disk-Wiping Shamoon Disttrack Spotted What You Need to Know best cc bins 2021, best bins cc

wpadmin 0

We came across external reports that the notorious, disk-wiping worm Shamoon, also known as Disttrack, has reemerged with an updated version. We were also able to source several samples of this version of Shamoon that Trend Micro detects as Trojan.Win32.DISTTRACK.AA and Trojan.Win64.DISTTRACK.AA. While there are no obvious indications that this new version is currently in the wild, we are further analyzing the malware to verify its functions and capabilities given its destructive impact.
Trend Micro’s  XGen™ security already protects users and businesses from this disk-wiping worm using proactive techniques like behavioral analysis and high-fidelity machine learning. Here’s what users and organizations need to know about Shamoon’s latest iteration: 
The Shamoon or Disttrack worm is a wiper. It is known to overwrite files stored in the affected system and infects its master boot record (MBR). Its first iteration overwrites documents, pictures, videos, and music files, wipes the MBR, and replaces it with an image of a burning flag. The second version used an infamous image of a refugee.
This new version of Shamoon appears to have the same MBR-overwriting function. Unlike the previous versions that delete/replace files, this new iteration reportedly sports the capability to irreversibly encrypt files. It also seems to be missing components such as predefined credentials used for lateral movement within the network and command-and-control (C&C) communications. Our analysis is currently ongoing and will verify these as soon as updated information is available. 
A file containing Shamoon’s latest version was reportedly uploaded to VirusTotal from Italy. We found no indications that this new version of Shamoon is actively being distributed in the wild. 
Our initial findings revealed that it resembles an old version of Shamoon but with some modifications. For example, it changed its service and file names from NtertSrv to MaintenaceSrv. This version of Shamoon affects 32- and 64-bit systems running Windows.It still retains the capability to overwrite the infected system’s disk and could take the following names (dropped and executed in the system folder as %System%\{wiper name}):
Shamoon spreads by dropping copies of itself in the system’s administrative shares. The Shamoon worm propagates in these shared network/administrative folders: ADMIN$, C$\WINDOWS, D$\WINDOWS, and E$\WINDOWS. 
Shamoon was used in targeted attacks against high-profile organizations and enterprises in the Middle East, particularly those in Saudi Arabia . It’s also worth noting that Shamoon is also being discussed by hackers and members of the Middle Eastern and North African underground . It is also notorious for its sociopolitical statements that accompany the images it replaces the infected system’s MBR with.
Shamoon can render endpoints and servers connected to the targeted organization’s domain unbootable. When it resurfaced in December 2016, Shamoon added a technique that can bypass sandboxes by including a logic bomb in its code. It activates and drops its components at a certain date and time.
External news notes that the new version of Shamoon appears to have the same function. It is configured to activate on December 7, 2017 at 11:51 p.m., probably as a way to execute the malware immediately. 
Here’s an overview of how the three versions of Shamoon differ in terms of behavior:
Service name: TrkSvr    Display name: Distributed LinkTracking Server       Image path: %System%\trksvr.exe
Users and especially businesses are recommended to enforce defense in depth in securing their online premises, which includes the following measures:
Like it? Add this infographic to your site:1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
In the first half of this year, cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets. View the report
The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape. View the 2020 Annual Cybersecurity Report
best cc bins 2021 best bins cc