The NotPetya worm, which destroyed information systems around the world in 2017, provides a good case study of worm spread. NotPetya gained its first foothold in the world through a back door planted in M.E.Doc, a Ukrainian accounting software present; It is widely believed that NotPetyan was installed through this back door by state-backed hackers who worked for Russia as an attack on Ukraine.
But when M.E.Doc users installed NotPetya on their computers, it, like all carpets, began to multiply and find new victims alone. After installing on the computer, it evaluated all the other computers the victim had previously dealt with and figured out how to connect them. It spread from computer to computer on networks using EternalBlue and EternalRomance, two exploits developed by the NSA that were later stolen by unknown hackers. EternalBlue and EternalRomance violated Microsoft’s network security protocols, and although Microsoft had updated its operating system to fix the vulnerability long before 2017, many systems were not upgraded. To spread beyond the walls of individual corporate networks, NotPetya used Mimikatz, a recovery that extracts usernames / password pairs from parts of Windows memory where they were supposed to be hidden.
What damage can a computer mask cause?
A worm can do no harm: In the early days of computer use, worms were sometimes designed as clues or conceptual evidence to exploit vulnerabilities, and they did nothing for infected computers other than proliferate in the background. Often the only way to know that something has gone wrong was when a worm made too many copies of itself on a single system and slowed down operations.
But as the safety of the Olympics improved and wrote a mat that could break, it became more difficult and took up more and more resources, and the mats became a way to get one. Today, carpets contain an almost inevitable utility code that performs slightly larger tasks in addition to reproducing and distributing the carpet. For example, the Mydoom worm, which spread on the Internet in 2004, opened a backdoor that creators could use to control an infected system. This is a common use of worms: they act as a thin edge of a wedge that attackers use to gain full access to their sacrificial machines.
There are a wide variety of computer worms that injure victims in all sorts of different types of injuries. Some make computers “zombies” or “robots” that launch DDoS attacks. Others look for their host’s bank IDs or other sensitive financial information. some encrypt the victim’s hard drive and require the user to ransom in bitcoin before restoring the data to a usable state. (NotPetya presents itself as this type of ransomware attack, but while it encrypts files and requires payment, it certainly has no capacity to decrypt data: it essentially destroys your data disguised as a hijacker.) Payload types are not unique worms and can be transmitted by any malware. Petya, the predecessor of NotPetya, is a Trojan, not a worm.
Another way to classify different types of worms is through an infection vector. These categories include email mats, instant messaging and IRC mats, file sharing mats, and Internet mats that are looking for ways to spread in all the necessary ways.
Removing the computer mask
Once the worm is installed on your computer, removing it is similar to another type of malware – but it’s not easy. The CSO has information on removing or otherwise recovering rootkit, ransomware, and cryptocurrencies. We also have a guide for checking the Windows registry to find out how to proceed.
If you’re looking for tools to clean up your system, Tech Radar has an excellent overview of free offers that include some well-known names from the antivirus world as well as newcomers like Malwarebytes.