Hello, welcome to the Wednesday, November 30th, 2016 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Let's start with a quick update on the Merai Botnet at hacking DSL modems.

Interesting piece of news here from Com Securis, a security company that took

apart one of the Deutsche Telecom Speedport modems that kept falling over over the weekend.

Well, it turns out that this particular modem is actually not vulnerable to this TR-69 vulnerability.

Instead, what they're assuming is that the modem itself essentially just locked up because all of the

connections that the Mira botnet established with it. A lot of consumer level network

equipment of course tends to fall over even under moderate loads so that wouldn't

be a big surprise if a modem like this would just lock up if too many connections

are established to it and the rate of connections typically doesn't

really have to be all that high and that's really what Comsacurus is testing here in their blog.

Well other than that, the scanning is still happening. We still see plenty of scans for this vulnerability.

The URL for the Mal malware download keeps changing,

they keep modifying this as one domain name is removed, another domain name is being used

in order to obtain the final malware.

If you're interested in looking at some of the malware more closely, I did post some of the samples that I collected.

You'll find a link to it in the latest version of the post that I put up today.

And then we got neat and kind of interesting, but maybe not terribly severe vulnerability in Windows 10 that may provide NetHacker access to a bitlocker encrypted drive during a system upgrade.

This only happens during a major upgrade.

So, for example, if you're upgrading to the anniversary update.

And what happens during the upgrade is that the BitLocker Trive, of course, is unlocked because

...