{"id":146,"date":"2015-06-02T12:02:06","date_gmt":"2015-06-02T15:02:06","guid":{"rendered":"http:\/\/blog.batori.com.br\/?p=146"},"modified":"2015-06-02T12:06:19","modified_gmt":"2015-06-02T15:06:19","slug":"pequenas-empresas-na-mira-de-malware","status":"publish","type":"post","link":"http:\/\/www.batori.com.br\/blog\/pequenas-empresas-na-mira-de-malware\/","title":{"rendered":"Pequenas empresas na mira de malware"},"content":{"rendered":"<p><em><span id=\"result_box\" class=\"\" lang=\"pt\"><span title=\"'Grabit' malware isn't subtle or clever, but it's working&lt;br \/&gt;&lt;br \/&gt;\n\">Malware &#8220;Grabit&#8221; n\u00e3o \u00e9 sutil nem inteligente, mas est\u00e1 funcionando<\/span><\/span><\/em><\/p>\n<p><span id=\"result_box\" class=\"\" lang=\"pt\"><span title=\"Kaspersky researcher Ido Noar says attackers have hit hundreds of small and medium businesses, stealing credentials and documents in a noisy smash-and-grab campaign.&lt;\/p&gt;&lt;br \/&gt;\n&lt;p&gt;\">O pesquisador da Kaspersky Ido Noar diz que atacantes atingiram centenas de pequenas e m\u00e9dias empresas, roubando credenciais e documentos.<\/span><\/span><\/p>\n<p><span title=\"Noar says criminals have stolen some 10,000 documents from nanotechnology, education, and media outfits in an attack that foists a newly-discovered strain of malware called &quot;Grabit&quot;.&lt;\/p&gt;&lt;br \/&gt;\n&lt;p&gt;\">Noar diz que criminosos roubaram cerca de 10.000 documentos de nanotecnologia, educa\u00e7\u00e3o e empresas de comunica\u00e7\u00e3o num ataque do recem descoberto malware chamado de &#8220;Grabit&#8221;.<\/span><\/p>\n<p><span title=\"&quot;Our documentation points to a campaign that started somewhere in late February 2015 and ended in mid-March,&quot; Noar says in a notice.&lt;\/p&gt;&lt;br \/&gt;\n&lt;p&gt;\">&#8220;Nossa documenta\u00e7\u00e3o indica que a opera\u00e7\u00e3o come\u00e7ou no final de fevereiro de 2015 e terminou em meados de mar\u00e7o,&#8221; diz Noar em nota.<\/span><\/p>\n<p><span title=\"&quot;As the development phase supposedly ended, malware started spreading from India, the United States and Israel to other countries around the globe.&lt;\/p&gt;&lt;br \/&gt;\n&lt;p&gt;\">&#8220;\u00c0 medida que a fase de desenvolvimento supostamente terminou, malware come\u00e7ou a se espalhar a partir de \u00cdndia, Estados Unidos e Israel para outros pa\u00edses ao redor do globo.&#8221;<\/span><\/p>\n<p><span title=\"&quot;Grabit threat actors did not use any sophisticated evasions or manoeuvres in their dynamic activity.&quot;&lt;\/p&gt;&lt;br \/&gt;\n&lt;p&gt;\">&#8220;Os autores da amea\u00e7a Grabit n\u00e3o utilizam quaisquer subterf\u00fagios ou manobras sofisticadas em sua atividade din\u00e2mica.&#8221;<\/span><\/p>\n<p><span title=\"Attackers did not commit much effort to conceal their command and control servers, nor hide from the local system.\">Os atacantes n\u00e3o tiveram muitos esfor\u00e7os para esconder seus servidores de comando e controle, nem esconder do sistema local. <\/span><span title=\"Noar discovered the locations of the servers by simply opening the malicious Grabit phishing document file in an editor.&lt;\/p&gt;&lt;br \/&gt;\n&lt;p&gt;\">Noar descobriu os locais dos servidores simplesmente abrindo o arquivo do phishing\u00a0 Grabit em um editor.<\/span><\/p>\n<p><span title=\"&quot;During our research, dynamic analysis showed that the malicious software's 'call home' functionality communicates over obvious channels and does not go the extra mile to hide its activity. In addition, the files themselves were not programmed to make any kind of registry manoeuvres that\">&#8220;Durante a nossa pesquisa, an\u00e1lise din\u00e2mica mostrou que a funcionalidade do software malicioso &#8216;call home&#8217; se comunica atrav\u00e9s de canais \u00f3bvios e n\u00e3o vai muito longe para esconder a sua a<\/span><span id=\"result_box\" class=\"\" lang=\"pt\"><span title=\"&quot;During our research, dynamic analysis showed that the malicious software's 'call home' functionality communicates over obvious channels and does not go the extra mile to hide its activity. In addition, the files themselves were not programmed to make any kind of registry manoeuvres that\">tividade. Al\u00e9m disso, os arquivos n\u00e3o foram programados para fazer\u00a0<\/span><\/span><span id=\"result_box\" class=\"\" lang=\"pt\"><span title=\"&quot;During our research, dynamic analysis showed that the malicious software's 'call home' functionality communicates over obvious channels and does not go the extra mile to hide its activity. In addition, the files themselves were not programmed to make any kind of registry manoeuvres that\"> manobras para<\/span><span title=\"would hide them from Windows Explorer,&quot; he says.&lt;\/p&gt;&lt;br \/&gt;\n&lt;p&gt;\"> escond\u00ea-los a partir do Windows Explorer &#8220;, diz ele.<\/span><\/span><\/p>\n<p><span title=\"The criminals could choose their favourite remote access trojan including DarkComet and the less complex HawkEye keylogger.&lt;\/p&gt;&lt;br \/&gt;\n&lt;p&gt;\">Os criminosos puderam escolher seu trojan favorito de acesso remoto, incluindo DarkComet e o menos complexo keylogger HawkEye.<\/span><\/p>\n<p><span title=\"Grabit should serve as a wake up call to admins in charge of protecting small businesses that coordinated attack campaigns are not confined to large enterprises and high-profile organisations.\">Grabit deveria servir como um alerta para os administradores encarregados de proteger as pequenas empresas de que opera\u00e7\u00f5es de ataques coordenados n\u00e3o se limitam \u00e0s grandes empresas e organiza\u00e7\u00f5es.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malware &#8220;Grabit&#8221; n\u00e3o \u00e9 sutil nem inteligente, mas est\u00e1 funcionando O pesquisador da Kaspersky Ido Noar diz que atacantes atingiram centenas de pequenas e m\u00e9dias empresas, roubando credenciais e documentos. Noar diz que criminosos roubaram cerca de 10.000 documentos de &hellip; <a href=\"http:\/\/www.batori.com.br\/blog\/pequenas-empresas-na-mira-de-malware\/\">Continue lendo <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":125,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/posts\/146"}],"collection":[{"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/users\/125"}],"replies":[{"embeddable":true,"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/comments?post=146"}],"version-history":[{"count":4,"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/posts\/146\/revisions"}],"predecessor-version":[{"id":150,"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/posts\/146\/revisions\/150"}],"wp:attachment":[{"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/media?parent=146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/categories?post=146"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.batori.com.br\/blog\/wp-json\/wp\/v2\/tags?post=146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}