Microsoft warns of USB worm
Malware spreads on Windows networks
Windows users currently have to be wary of a network worm. Microsoft warns of the “Raspberry Robin” malware, which mainly spreads via USB.
news
Windows company networks currently have to beware of the “Raspberry Robin” malware. As “Bleeding computer” reported, Microsoft discovered the computer worm in the networks of several hundred organizations. “Raspberry Robin” is not a new acquaintance. The worm was already discovered in September 2021 by Red Canary security researchers discovered, which see a distribution especially in the technology and production sector:
“So far we’ve observed Raspberry Robin in companies with ties to the technology and manufacturing industries, although it’s not yet clear if there are other ties among the victims.”
Apparently, the malware is mainly spread via USB devices. This is where the descriptions from Microsoft and Red Canary match. The USB devices contain a malicious .lnk file that runs an msiexec.exe after activating the device. This then installs the malware on the system. “Raspberry Robin” then communicates with the network’s command and control servers (C2) and spreads independently via legitimate Windows services (fodhelper, msiexec and odbcconf).
Although Microsoft has currently been able to track down the worm in several organizations, the malware infection has not yet been actively exploited. The assignment to a specific hacker group is still pending. Nevertheless, Microsoft assumes that “Raspberry Robin” poses a high risk, since the infection can cause new malware to be installed at any time and unauthorized access to the network to take place.
Microsoft is currently informing users of Defender for Endpoint about the threat.
Continue to home page
Reference-www.pc-magazin.de
