Log in or Sign up

Cybereason creates ‘vaccine’ to stop Remcos RAT

Discussion in 'malware problems & news' started by hawki, Aug 14, 2017.

hawki Registered Member

Joined:

Dec 17, 2008

Posts:

6,077

Location:

DC Metro Area

The company has developed a way to ward off a new and growing cyberattack – the inexpensive, widely available and easy-to-use Remcos RAT.

https://www.cybereason.com/blog-cybereason-creates-vaccine-to-stop-remcos-rat/

hawki, Aug 14, 2017

#1
itman Registered Member

Joined:

Jun 22, 2010

Posts:

8,593

Location:

U.S.A.

Users can create this vaccine by creating these two files and removing all of their permissions:

c:\users\admin\AppData\Local\temp\install.bat

c:\users\admin\AppData\Local\temp\uninstall.bat
Click to expand...

I have a better way. Just monitor cmd.exe execution.

itman, Aug 14, 2017

#2
NormanF Registered Member

Joined:

Feb 20, 2009

Posts:

2,879

SRP blocks execution from the named folders by default.

NormanF, Aug 14, 2017

#3
EASTER Registered Member

Joined:

Jul 28, 2007

Posts:

11,126

Location:

U.S.A. (South)

That notorious Temp folder again. Just like in Windows 98 days.

Secure Folders is another little lockdown for folders and ERP can monitor for the cmd.exe attempt.

EASTER, Aug 14, 2017

#4

(You must log in or sign up to reply here.)

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...