Security Researchers at Trend Micro have discovered a new and rare type of malware which is disguised as a legitimate Autocad component with '.FAS' extension.
The malware opens up infected machines to exploits. It first creates user account with admin privileges and then creates network shares for all drives in the victim's machine.
It also opens the ports 137 to 139 (ports known for NetBIOS service) and 445 is used for Microsoft-DS SMB file sharing service that provides access to files, printers, serial ports .
The open ports can be abused by cybercriminals for exploiting old SMB based vulnerabilities.
It appears the attacker created admin account for the sake of making his "access" to the system is easy so that he doesn't need to crack password for existing accounts or remotely create one.
The attacker can now easily steal all files from the infected machines. He can also infect the target machine with any other data stealing malware.
The malware opens up infected machines to exploits. It first creates user account with admin privileges and then creates network shares for all drives in the victim's machine.
It also opens the ports 137 to 139 (ports known for NetBIOS service) and 445 is used for Microsoft-DS SMB file sharing service that provides access to files, printers, serial ports .
The open ports can be abused by cybercriminals for exploiting old SMB based vulnerabilities.
It appears the attacker created admin account for the sake of making his "access" to the system is easy so that he doesn't need to crack password for existing accounts or remotely create one.
The attacker can now easily steal all files from the infected machines. He can also infect the target machine with any other data stealing malware.