“The internet has changed dramatically from its origin, it has grown from a small number of universities and government agencies to a worldwide network with more than two billion users” (Kim & Solomon, p. 1). In today’s forum I would like to discuss a new malware found targeting five Eastern European States (Ukraine, Poland, Hungary, Slovakia, and the Czech Republic) according to the Czech security firm ESET. Unfortunately, the group behind these attacks couldn’t be identified, they using a smart and efficient malware named SBDH, which is distributed via spear-phishing emails. One would think that people can catch the malware easily since they are using phishing emails, but the smart trick they are using is the double-extension trick. “The latter is efficient since Windows have a habit of hiding a file's extension by default. This allows crooks to disguise a file like malware.doc.exe as malware.doc, fooling the user into opening an executable instead of a Word document” (Catalin Cimpanu, July 1st 2016).
After a victim installs the malware, SBDH will connect to the C&C server, which will download components that allows them to open doors to the infected PC which leave its data vulnerable.
SBDH has various ways of stealing data through HTTP, SMTP or via emails. SBDH requires a reliable internet connection to work as it retrieves its data via HTTP by default. Its versatility makes it a dangerous malware because if there is a protection system put in space then it can also steal the data via SMTP protocol, or via actual emails by having the C&C server commands and the stolen data embedded into the substance of the electronic mail. However, if the HTTP works, SBDH will still need a way to hide its commands and stolen data by using a method called steganography. “Steganography is the science of hiding data within a data” (Gary C Kessler, September 2001). In case the C&C server goes down, they still have a backup plan...