back to article Game over, LAN, game over! Windows software nasty Emotet spotted spreading via brute-forced Wi-Fi networks

A new variant of the notorious Emotet Windows malware is able to spread wirelessly by brute-forcing Wi-Fi network passwords and scanning for shared drives to infect. The wormification of the trojan attack was detected by researchers at Binary Defense, who this month reported that the technique may have been going on undetected …

  1. robidy Bronze badge

    The best hacks are always the simplist.

    Just not always the easiest to defend against in the real world...not a defence just an observation.

    1. Anonymous Coward
      Anonymous Coward

      How long would it take

      How long would it take to hack the stock traders' wireless on the 30th floor of a building if you had to start by infecting the coffee shop network in the lobby and essentially climbing the building, one network at a time?

      1. phuzz Silver badge

        Re: How long would it take

        As you climb it would get easier, because the higher up the corporate org-chart you go, the less time they'd have for such 'pointless fripperies' like robust passwords.

        By the time you reach C-level they'll be running unencrypted wireless because 'their time is too important to waste typing in passwords'. From what I've heard of stock traders they wouldn't want encrypted wireless getting between them and their next bonus payment.

        1. Anonymous Coward
          Anonymous Coward

          Re: How long would it take

          >From what I've heard of stock traders they wouldn't want encrypted wireless getting between them and their next bonus payment.

          Probably don't use encryption at all because of the additional latency overhead it imposes on transactions...

          1. Dr Dan Holdsworth

            Re: How long would it take

            So rent an office on the tower block next door, and use a directional antenna to hack their wifi directly. Odds are they'll have very vulnerable wifi "because nobody can ever get an attacking device close enough to be harmful".

            Even if this isn't possible, a wifi pineapple mounted on a drone would do the same thing, only more expensively. Once you've broken their security (if you even have to break anything), you use the drone as a relay station to attack that network.

            Simples...

            1. Roland6 Silver badge

              Re: How long would it take

              >a wifi pineapple mounted on a drone would do the same thing, only more expensively.

              Well given the quality of super glue and other attachment mechanisms - just have the drone stick the pineapple on the outside of the building - out of the eyesight of people working in the targeted offices...

  2. Mike Lewis

    Virus writing teams

    Somewhat OT but I wonder if virus writing teams have the same problems we do - clueless managers, impossible schedules, inadequate resources and obdurate HR but with a termination package that really means termination.

  3. Drat

    Home WiFi

    OK, so how good are home WiFi routers at detecting and preventing brute force attacks? So if you get x number of failed connection attempts from a particular MAC address will they then refuse anymore connections for a period of time and alert the user somehow?

    1. RichardBarrell

      Re: Home WiFi

      Not at all. None of them do anything like that. You're only going to see that kind of feature in shiny expensive enterprise setups that include an IDS.

      With home routers, you're lucky if they're not accepting telnet connections on the both the WAN and WLAN with hardcoded unchangeable password 'root'/'root'.

      1. Roland6 Silver badge

        Re: Home WiFi

        >With home routers, you're lucky if they're not accepting telnet connections on the both the WAN and WLAN with hardcoded unchangeable password 'root'/'root'.

        Remember, for ease of out-of-the-box configuration many enterprise routers ship with default 'admin'/'admin' style of credentials and the telnet ports on the LAN/WiFi enabled. Just another reason to change the default passwords and access settings...

        However, the worm spreads by trying to connect to WiFi networks by brute forcing their password/security key. Likewise for shared drives discovered, so the credentials of the router itself, don't seem to be part of the problem.

  4. Pascal Monett Silver badge

    "after the malware was installed and running on a PC"

    If it's running on a PC, it won't be detecting wireless anything unless the PC has a wireless networking card. I don't think that is so common. Possible, yes, there are PCs who do connect via wireless, but I would think most PCs have an Ethernet cable because when people bought PCs wireless was not a thing.

    Now if you're talking laptops or tablets, then definitely yes, there will be wireless available to explore.

    PCs not so much.

    1. thondwe

      Re: "after the malware was installed and running on a PC"

      Suspect rather more WIFI enabled PCs than you might think. Will be a common "fix" in a house where the router is nowhere near the PCs location - USB + WIFI more likely than a card. We have an old PC and the Sky box doing exactly that.

      Is the case that all new home routers (from main ISPs at least) are pre-configured with pretty random SSID names and passwords these days? Suggest this sort of Virus is going to have much more fun in a Shopping Mall/Coffee Shop world where it can skip the brute force bit?

    2. Kevin Johnston

      Re: "after the malware was installed and running on a PC"

      I think the PC bit is just a generic phrase as a lot of places I have been over the last few years, both corporate and home, are going the laptop route rather than a desktop because laptops are cheap enough that they can and it saves a lot on desk real estate. For corporates they can implement hot-desking with a docking station plus monitor/keyboard/mouse etc or offer less formal areas using wifi connectivity while at home you can sit anywhere with your laptop and not have trailing cables.

      All in all I think the wireless connection is a lot more common these days that a decade ago.

  5. Anonymous Coward
    Anonymous Coward

    Malspam???

    Never heard of that expression before. There again, is there are any other kind?

  6. Hoe

    Seriously when will people learn to use decent Passwords?! Been beating this stick for as long as I can remember and yet still in 2020 it's a problem.

    It seemed for a while that companies were starting to enforce password security but those efforts appear to be a distant forgotten memory.

    Like these 'SmartHome' devices which fixed default passwords and the like, just a joke, forget GDPR we need to get this **** put into Law, force companies to force users to set secure passwords, it's the only way and the sonner re realise it the better!

  7. Anonymous Coward
    Anonymous Coward

    Windows is aptly named, mostly left open..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020