Hi everyone, remember Dorifel?
Let’s say.. it ain’t over..
I want to highlight that we found tons of new malicious files on the server hosting the Dorifel malware and also a lot of exploits which could be an indication that computers infected with Dorifel also have additional malware installed on the computer.
There is also a nice update with lots of info on “Damm those problems”
One of the things that made Dorifel an success was the RTLO unicode hole. What this hole does is using a Windows standard unicode “right-to-left override” which is used in Arabic and Hebrew texts
Because of this, there is only one advice:
Do not rely on any file attachment or file on any device to be safe based on its file name!
Before the weekend started we were told by State Secretary for Security and Justice Fred Teeven that: “everything is under control”, but Dorifel didn’t stop.
The virus did what it was supposed to do: infect more systems and hijack backing data.
It’s the beginning of a new week and I am sure lots of people will investigate Dorifel to learn how it worked, why it managed to cripple several organisations and how we can prevent this in the future.
- A word on XDocCrypt/Dorifel/Quervar
- Complete details of the Dorifel servers, including its ‘master’ server in Austria
- Dorifelvirus onder controle
- Kaspersky: Dorifelvirus blijft zich verspreiden
- Staatssecretaris onderschat Dorifel-virus
- Teeven, stop met gedogen van georganiseerde criminaliteit
- Dorifel virus gereed voor Nederlandse Banking Phishing
- Bankgegevens gestolen met virus Dorifel
- De code van Dorifel nader bekeken
- Gegevens 1600 Nederlanders op Dorifel-server
- ING onderzoekt infecties Dorifel-virus
- Dorifel steelt bankgegevens honderden Nederlanders