Network Tech News

Raspberry Robin Worm has infected hundreds of Windows networks says Microsoft

Microsoft has newly discovered Windows worm hon the networks of hundreds of firms from numerous industrial sectors. Earlier in the News Microsoft To End Security Updates On Windows 10 20H2 Next Month. The malware, Raspberry Robin spreads through infected USB devices. It was first spotted in September 2021 by Red Canary intelligence analysts.

Microsoft supplied this information in a confidential threat intelligence alert delivered to Microsoft Defender for Endpoint subscribers and obtained by BleepingComputer. The Raspberry Robin worm infection flow (Red Canary) uses simple Windows utilities to infect new devices.

The worm then utilizes the Windows command prompt to start a msiexec process and execute a malicious file that is also present on the device.

Worryingly, whomever successfully launched Raspberry Robin has yet to exploit the infiltrated Windows networks. Microsoft has correctly identified Raspberry Robin as a high-risk campaign, and there does not seem to be any mitigating strategy other than avoiding putting suspicious USB devices into a Windows network.

See also Azure Backup and Recovery: How to setup Veeam Backup for Microsoft Azure [Part 1] and How to synchronize your on-premises AD with Azure Active Directory using the Azure AD Connect tool.

They also advise that IIS servers must go through “a thorough and dedicated investigation process” for potential threats. The backdoor, known as SessionManager, is a malicious native-code IIS module that can handle valid HTTP requests regularly supplied to the server.

It’s simply the most recent in a slew of malicious IIS modules discovered by researchers. According to the study, the IIS Manager GUI or the IIS appcmd command line may be used to locate all loaded IIS modules.

The malicious module, memory snapshot, and backups should be examined to see how the detected malicious tools were used. Researchers have uncovered a new piece of malware termed SessionManager that hackers have been exploiting to back door Microsoft Exchange servers for the last 15 months, according to a blog article by Ars Technica.

It is difficult to distinguish between legitimate and malicious HTTP queries.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x