Viruses & Malware: Lucifer

Introduction

Malicious Software, better known as Malware, is software that is designed, according to Cisco.com, “to damage and destroy computers and computer systems.” There are various types of Malware:

  • Virus – This type of malicious software is attached to a file and only runs once the infected file is opened or run.
  • Worms – Unlike a virus, worms do not need a host program. This malicious software self-replicates and can quickly spread through a network.
  • Trojan Virus – This program appears helpful, like a free virus scan or game, but is malicious.
  • Spyware- This type of malicious software is designed to run in the background and report back to a user remotely.
  • Adware – This type of malware is not always dangerous, but it is used to collect information on your browsing habits and redirect users to websites that can contain trojan viruses and spyware.
  • Ransomware – Once a computer or organization is infected with this type of malicious software, it can encrypt data and demands money from the user to decrypt the files.

History of Malware

The history of malware is closely tied to the history of computer programs. Early programmers did not have malicious intent: they wanted to test how programs and networks interfaced with each other. Per Digital Trends, “The idea for a virus, or a self-replicating string of code, was first coined by computing visionary John Von Neumman. In 1949, he postulated the potential for a “self-reproducing automata” that would be able to pass along its programming to a new version of itself.”

The first recorded type of this self-replicating program was the Creeper Worm. Created in 1971 by Robert H. Thomas, the program moved from system to system, displaying the message, “I’m the Creeper: Catch me if you can.” The program was annoying but harmless. Another program, dubbed Reaper, was created by Ray Thomlinson that moved through early networks to find and delete any copies of the Creeper Worm, becoming the first antivirus program in the process.

Since its nascent beginning, malware has become more complex like the computers and networks they jeopardize. Organizations are in a constant battle to keep up with new threats. One of the newest threats is Lucifer, “hijacks vulnerable Windows devices to mine cryptocurrency and stage devastating DDoS attacks.”, according to TomsGuide.com.

Malware: Lucifer

Lucifer: How it Works

Creator: Arda Savasciogullari Credit: ardasavasciogullari – stock.adobe.com

Lucifer gains access to vulnerable Windows machines to use them to mine for cryptocurrency and to perform DDoS attacks. According to ZDNet.com, the “malware will scan for open TCP ports 135 (RPC) and 1433(MSSQL) to find targets and will use credential-stuffing attacks in order to obtain access. The malware may infect its targets through IPC, WMI, SMB, and FTP via brute-force attacks, as well as through MSSQL, RPC, and network sharing.” Once established, Lucifer runs XMRig to mine for Monero cryptocurrency, establishes a connection to C2 servers to receive commands and transfer data, creates backdoors, and edits the Windows registry.

Conclusion

Currently, it is strongly advised that network administrators apply all patches and updates to their Windows systems and use strong passwords since Lucifer is based on known exploits and vulnerabilities that have been previously reported.

“The vulnerable software includes Rejetto HTTP File Server, Jenkins, Oracle Weblogic, Drupal, Apache Struts, Laravel framework, and Microsoft Windows.” (Hsu et al., 2020). Systems can be protected by:

  • Using firewalls that block the specific exploits
  • Configure C2 servers, as per best practices
  • Using cloud-based malware detection

Sources

Fearn, N. (2020, June 25). “Lucifer” malware targets Windows machines using NSA exploits: Protect yourself now. Tom’s Guide. Retrieved June 25, 2020, from https://www.tomsguide.com/news/lucifer-malware-windows
Hsu, K., Sangvikar, D., Zhang, Z., & Navarrete, C. (2020, June 24). Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices. Unit42. https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/
Martindale, J. (2018, March 29). The History of Malware, from Pranks to Nuclear Sabotage. Digital Trends. https://www.digitaltrends.com/computing/history-of-malware/
NVD - CVE-2019-9081. (n.d.). Retrieved June 26, 2020, from https://nvd.nist.gov/vuln/detail/CVE-2019-9081
O’Donnell, L. (2020, June 24). Self-Propagating Lucifer Malware Targets Windows Systems. https://threatpost.com/self-propagating-lucifer-malware-targets-windows-systems/156883/
Osborne, C. (2020, June 25). Lucifer: Devilish malware that abuses critical vulnerabilities on Windows machines. ZDNet. https://www.zdnet.com/article/lucifer-devilish-malware-that-abuses-critical-vulnerabilities-on-your-windows-pc/
What is Malware? - Definition and Examples. (n.d.). Cisco. Retrieved June 26, 2020, from https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-malware.html

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.