Bad Rabbit also utilised EternalRomance – NSA leaked / Microsoft SMB / Patch: MS17-010
- Ever get pop-ups saying Flash / Java, etc. needs to be updated when you browse to a site?
- “The majority of servers and websites that supported Bad Rabbit activity appear to have been shut down, just a day after reports of the ransomware campaign emerged. Bad Rabbit affected computers in Russia and Ukraine earlier this week. The malware was spread largely through watering hole attacks that pushed out phony Flash updates that execute a dropper on infected machines. According to several research firms, there is evidence that suggests Bad Rabbit may have a connection to Petya and NotPetya.” – www.sans.org/newsletters/newsbites/xix/85#304
- One more reason why we should be happy that flash is dying – RIP
- Further reading:
9283 8B4A 87FE DC6E C327 EF05 70A8 B78D 1623 3FB5