If you have a problem with unofficial portable VLC versions, don't install them. Sideloading of unknown and malicious DLLs is a Videolan problem and it appears that all you want to do is point fingers outside without sharing anything that your team might be doing to avoid VLC being used for such nefarious activities.Īnd FWIW, the metaphorical car bomb is triggered by the car ignition, so the car is very much involved.Īlso the official VLC releases don't pick up DLLs from random places (that bug was fixed almost two decades ago), nor do they come with trojan DLL builtins. The malware problem has been documented with pristine and unmodified VLC program, so this is a strawman argument. It is obvious that if people download apps from non-standard or reputable places, they put themselves and others at risk. We are not talking about apps downloaded from shady places. However, if the car bought from the authorized dealership also picks up the Gatlin gun lying in the garage and starts shooting people, then we have a problem. Car bought from a drug dealer : Had it only been such cars, you would be correct. Hence this analogy is completely incorrect.Ģ. A bomb however, will go off with or without the car. Without the VLC executable in the folder, the malware does not work. In the case of VLC, it is actively loading the unknown DLL and executing malicious code that it knows nothing about. Planting a bomb : In such cases, the bomb itself has the ability to wreck havoc, without any support or assistance from the car. (if it is deliberate burying of the head in sand, then obviously, all logical points are moot).ġ. Let me assume an error of judgement and try and explain. Or you bought a car from a drug dealer instead of a brand store of the car manufacturer, and complained that the car was not what you expected.Īgain - it is incorrect analogy - either it is deliberate or erroneous. More like if somebody planted a bomb under your wife or husband's car, and you'd blame it on the car manufacturer. NBTScan - an open-source tool that has been observed being used by APT groups for reconnaissance in a compromised network WMIExec - Microsoft command-line tool that can be used to execute commands on remote computers System/Network discovery - a way for attackers to learn about the systems or services connected to an infected machine RAR archiving tool - helps compress, encrypt, or archive files, likely for exfiltration Several other utilities have been observed in this campaign include: The technique is known as DLL side-loading and it is widely used by threat actors to load malware into legitimate processes to hide the malicious activity. Researchers at Symantec, a division of Broadcom, found that after gaining access to the target machine the attacker deployed a custom loader on compromised systems with the help of the popular VLC media player.īrigid O Gorman of Symantec Threat Hunter Team told BleepingComputer that the attacker uses a clean version of VLC with a malicious DLL file in the same path as the media player's export functions.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |