Hello, welcome to the Wednesday, April 3rd, 2019 edition of the Sandinert Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Ran to some interesting spam this weekend advertising, fake licensed version for ESETs, not 32 antivirus.

Now, antivirus coverage for this particular malware was sort of mixed.

However, when I ran it on a standard Windows 10 system, Microsoft's anti-malware did pick it up right away once it started running

and sort of unpacking itself.

But what's sort of interesting is that the web servers being used in order to distribute

the malware, those apparently were at least in the couple instances where I've seen this

malware, Lassie hard drives.

Lassie is a maker of various USB and portable hard drives and the like, but they also make

some of these network storage devices where they are exposed via the internet and in this particular case the

FTP component on these drives was used to distribute the malware.

In addition to this malware the FTP directory also contained your usual

crypto coin miner and a couple of tools that looked like brute

force tools with short lists of simple passwords. Only about 10 to 20 passwords were listed. So you

had your standard admin admin, 1, 3, four, five and similar common passwords.

And that's what I assume was probably used in order to break into these Lassie network

drives.

And security researcher James Lee found interesting same origin policy violation in an explorer

and Microsoft Edge. Same origin policy essentially is supposed to keep different websites apart.

Now, there are of course many reasons why I would like to do this. In this particular case,

...