This sneaky malware goes to unusual lengths to cover its tracks

published 24.06.2020 15:45

by Danny Palmer from zdnet.com
Image of article 'This sneaky malware goes to unusual lengths to cover its tracks'

Sophos said the rootkit renders filesystem behavior invisible to the computer's end user, and also protects any other file the malware decides to store in its application directory.

Microsoft released the patch in 2017, but EternalBlue remains successful because of the significant number of Microsoft Windows systems around the world that haven't had it installed, putting them at risk of falling victim to this and other malware.

"I'd say the Glupteba attackers are angling to market themselves as a malware-delivery-as-a-service provider to other malware makers who value longevity and stealth over the noisy quick endgame of, for instance, a ransomware payload," said Brandt.

But the way it creates a backdoor into compromised computers, combined with the way in which those behind it look to be attempting to create a large botnet of readily available machines, suggests that the ultimate aim is to lease it out as a means of distributing other forms of malware to victims.

"The creators seem to have spent an unusual amount of effort on reinforcing the bot's stealth capabilities compared to other malware," Andrew Brandt, principal researcher at Sophos, told ZDNet.