topic Raspberry Robin, a new worm exploiting windows endpoints in Security for SMBs https://community.isc2.org/t5/Security-for-SMBs/Raspberry-Robin-a-new-worm-exploiting-windows-endpoints/m-p/51854#M11 <P><SPAN>Raspberry Robin, a new worm exploiting windows endpoints is here.</SPAN><BR /><BR /><SPAN>The report reads:</SPAN><BR /><SPAN>"Raspberry Robin is spreading to new Windows systems via infected USB drives containing a malicious .LNK file.</SPAN><BR /><BR /><SPAN>Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd.exe to launch a malicious file stored on the infected drive.</SPAN><BR /><BR /><SPAN>It infects new Windows devices, communicates with its command and control servers (C2), and executes malicious payloads using several legitimate Windows utilities:</SPAN><BR /><BR /><SPAN>1. fodhelper (a trusted binary for managing features in Windows settings),</SPAN><BR /><SPAN>2. msiexec (command line Windows Installer component),</SPAN><BR /><SPAN>3. and odbcconf (a tool for configuring ODBC drivers)."</SPAN></P><P>&nbsp;</P><P>Link to the full report:<SPAN>&nbsp;</SPAN><A href="https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/amp/" target="_blank" rel="noopener">https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/amp/</A></P> Mon, 09 Oct 2023 10:14:05 GMT Ashwani_Paliwal 2023-10-09T10:14:05Z Raspberry Robin, a new worm exploiting windows endpoints https://community.isc2.org/t5/Security-for-SMBs/Raspberry-Robin-a-new-worm-exploiting-windows-endpoints/m-p/51854#M11 <P><SPAN>Raspberry Robin, a new worm exploiting windows endpoints is here.</SPAN><BR /><BR /><SPAN>The report reads:</SPAN><BR /><SPAN>"Raspberry Robin is spreading to new Windows systems via infected USB drives containing a malicious .LNK file.</SPAN><BR /><BR /><SPAN>Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd.exe to launch a malicious file stored on the infected drive.</SPAN><BR /><BR /><SPAN>It infects new Windows devices, communicates with its command and control servers (C2), and executes malicious payloads using several legitimate Windows utilities:</SPAN><BR /><BR /><SPAN>1. fodhelper (a trusted binary for managing features in Windows settings),</SPAN><BR /><SPAN>2. msiexec (command line Windows Installer component),</SPAN><BR /><SPAN>3. and odbcconf (a tool for configuring ODBC drivers)."</SPAN></P><P>&nbsp;</P><P>Link to the full report:<SPAN>&nbsp;</SPAN><A href="https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/amp/" target="_blank" rel="noopener">https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks/amp/</A></P> Mon, 09 Oct 2023 10:14:05 GMT https://community.isc2.org/t5/Security-for-SMBs/Raspberry-Robin-a-new-worm-exploiting-windows-endpoints/m-p/51854#M11 Ashwani_Paliwal 2023-10-09T10:14:05Z