One of the most destructive botnets can now spread to nearby Wi-Fi networks

by
Dan Goodin
from Ars Technica - All content on (#4Z7ST)
wi-fi-router-800x534.jpg

Enlarge (credit: Marco Verch / Flickr)

Over the past half decade, the Emotet malware has emerged as a top Internet threat that pillages people's bank accounts and installs other types of malware. The sophistication of its code base and its regularly evolving methods for tricking targets into clicking on malicious links-in September, for instance, it began a spam run that addresses recipients by name and quotes past emails they sent or received-has allowed it to spread widely. Now, Emotet is adopting yet another way to spread: using already compromised devices to infect devices connected to nearby Wi-Fi networks.

Last month, Emotet operators were caught using an updated version that uses infected devices to enumerate all nearby Wi-Fi networks. It uses a programming interface called wlanAPI to profile the SSID, signal strength, and use of WPA or other encryption methods for password-protecting access. Then, the malware uses one of two password lists to guess commonly used default username and password combinations.

After successfully gaining access to a new Wi-Fi network, the infected device enumerates all non-hidden devices that are connected to it. Using a second password list, the malware then tries to guess credentials for each user connected to the drive. In the event that no connected users are infected, the malware tries to guess the password for the administrator of the shared resource.

Read 5 remaining paragraphs | Comments

index?i=EDnj47y9WjE:pKesxAgP1kU:V_sGLiPB index?i=EDnj47y9WjE:pKesxAgP1kU:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments