Hello and welcome to the Wednesday, December 18th,

2004 edition of the Sanssendet Stormsendors Stormcast.

My name is Johannes Ulrich and I'm recording from Washington, D.C.

Today we got an interesting Python script from Xavier.

This particular Python script not only installs NEDESC, but also

checks if any desk is already installed, and in that case, just adjusts the configuration. Anydesk

is, of course, a legitimate remote management tool, and quite often attackers prefer, of course,

to use tools that are used in normal business purposes, so that way they're less likely going to get flacked even better if

the victim already installed tool for them and therefore won't notice it at something new

that was installed by the malware.

It's no surprise that the modified configuration does permit the attacker to access the system.

It also adds the ability to access system while it's not attended, which is not a default

configuration.

The configuration then and additional information about the system is exfiltrated

to inform the attacker of the new victim.

And well, any desk appears to be the tool de jure for attackers.

There's also a story from Trent Micro related to eddesk. What's actually

really interesting here is the social engineering being done in order to convince the victim

to install the malicious software. In this case, the attacker first flooded the victim with

several thousand spam emails. Then they

contacted the victim, claiming to be associated with a supplier to the victim's company,

using the spam emails that the victim just received as a pretense in order to then offer

...