ISC StormCast for Monday, March 23rd 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 23 March 2020
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, March 23rd, 2020 edition of the Sands and the Storms on us Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:13.1 | But now it looks like any Malver gang out there has jumped on the COVID-19 or coronavirus bandwagon. Recurring themes are trying to provide more |
| 0:25.0 | information or taking advantage of government regulations that are of course very quickly changing |
| 0:32.5 | these days, but also some mask sales that, of course, often turn out to be fraudulent. |
| 0:41.3 | Did he take a look at some of the malware that we have been seeing now in this case, actually, |
| 0:48.2 | the malware promised as an attachment some kind of permission slip that apparently you can use to leave your house in case |
| 0:56.6 | of a national state of emergency. Needless to say, such permission slip doesn't really exist, |
| 1:05.2 | and there is also nothing like a national state of emergency, at least in the U.S. that would require you to have a slip like |
| 1:14.0 | this. But of course, people will download this document, try to execute it. In itself, the document |
| 1:22.7 | is not really all that sophisticated. Now, the ultimate download is one of those auto IT scripts. |
| 1:30.9 | Haven't seen them in a while, but they have certainly been around for a while. |
| 1:35.8 | Auto IT is of a scripting language, and in order to run the script, the malware actually also |
| 1:41.1 | installs the auto IT interpreter on your system. |
| 1:46.2 | Now, if you managed to download all the files needed to actually run the final malware while |
| 1:52.3 | it was still active, you would have ended up with the K-Pot InfoSteeler. |
| 1:57.9 | Overall, none of the attempts we have seen so far are really sophisticated |
| 2:02.4 | in any way, sophisticated maybe in the sense that they very quickly sort of jumped on that COVID-19 |
| 2:10.3 | bandwagon, but any kind of reasonable endpoint protection should protect you from this type of malware. |
| 2:19.3 | The one thing we haven't really seen much of for now, |
| 2:22.4 | and I guess that's good, is any donation scams around COVID-19. |
| 2:28.5 | Now, we have gotten a number of requests to look into a website called cdcfoundation.org. This website is legit. |
| 2:39.0 | It is actually associated with the CDC. It's a little bit an oddball as far as foundations and |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.