Hello, welcome to the Friday, October 21st, 2016 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich and the M.m recording from Baltimore, Maryland.

Pratt today wrote about nanocor rat.

This is a remote access tool that is actually available for purchase but has been used in the past repeatedly in some more targeted attacks.

For example, in some of these tax documents scamps we have seen going around about half a year or so ago.

Well, more recently Prats sees this particular toolkit being distributed via regular malicious spam.

Actually, according to Brad, so regular in some cases, like it's just being attached as a SIP file.

So it's an executable as a SIP file, that this type of spam is usually blocked

by any kind of, certainly something that changed another commoditization of some of the use in mass exploits.

And then we got a new approach escalation vulnerability in Linux.

That in itself, of course, wouldn't be big news.

But in this case, the vulnerability got branded in a sense.

There is a website available.

There is a logo available and a cute name.

It goes by Dirty Cow, which of course caused this particular vulnerability to be discussed more than probably it should be, given that it's just a privilege escalation vulnerability.

An exploit for this vulnerability has been seen in the wild. However, the exploit in the wild doesn't affect all vulnerable versions of Windows.

The vulnerability was introduced back about 11 years ago, which means that pretty much any version of Linux is vulnerable.

The exploit that has been seen in the wild rights to prok self-memm in order to

exploit this vulnerability, which tends to be not writable on, for example, some of the older

Reddit Enterprise and SendOS versions like Reddit Enterprise Linux 5 and 6 do not expose Procself

Mem as writable to regular users, which means that on these

distributions the exploit currently available doesn't work.

...