Home » Cyber Security News » New SMBdoor malware include characteristics of Double Pulsar and DarkPulsar exploit kits

New SMBdoor malware include characteristics of Double Pulsar and DarkPulsar exploit kits

 

  • The malware has been created with a purpose to help academicians in their research.
  • The source code of the malware is neither weaponized for cybercrime nor released on GitHub.

Two leaked NSA exploit kits have been used to create a malware named SMBdoor. The malware’s characteristics are similar to that of DoublePulsar and DarkPulsar.

What’s the matter – SMBdoor is the work of Sean Dillon, a security researcher at RiskSense. He designed the malware as a Windows kernel driver, which if installed, could abuse undocumented APIs in the srvnet.sys process. Later, the malware would register itself as a valid handler for SMB (Server Message Block) connections.

What is the purpose – In an interview, Dillon told ZDNet that the malware has been created with a purpose to help academicians in their research.

“[SMBdoor] comes with practical limitations that make it mostly an academic exploration, but I thought it might be interesting to share, and is possibly something [endpoint detection and response, aka antivirus] products should monitor,” Dillon said.

The source code of the malware is neither weaponized for cybercrime nor is released on GitHub. Hence, the cybercriminals cannot infect users the same way as they can do using NSA’s DoublePulsar and DarkPulsar.

“There are also secondary complications the backdoor would have to account for, during the process of loading secondary payloads, in order to use paged memory and not deadlock the system,” Dillon added.

What are the future aspects – Dillion said that SMBdoor cannot be used for a potential malware attack unless the source code is modified.

Researchers hope that Dillon’s work on SMBdoor will help security software provider to improve their detections and prevent any unwanted threats against Windows users.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket