Virus Petya.A, which has hit the computers of Ukrainian enterprises and government agencies using accounting software M.E.Doc collected unique codes of enterprises (enterprise). This is stated in the report of the antivirus company ESET.
According to experts, using this code, the attackers can conduct a targeted attack against a specific company or an organization.
In the event of new attacks, cyber criminals will work from within, through zaramenye Trojan module in the computer.
Program “M.E.Doc” can serve several organizations, and once installed the Trojan will know all the enterprise on your computer and you can send these codes to the criminals.
Except for enterprise, the Trojan also collects the proxy settings and e-mail, including usernames and passwords infected application “M.E.Doc”.
Recall that the software developer “M.E.Doc” from June 27 to categorically deny the use of the program in the cyber attack, July 5, acknowledged “the unprecedented fact of burglary”, in which the product was introduced malicious code to run in a pack.
According to the report, the developer has created an update that “is guaranteed to eliminate threats to users”, but in the course of the search police with the participation of the security service on 4 July the company’s servers were temporarily withdrawn for the analysis of penetration.
As stated earlier the interior Minister Arsen Avakov, a second attack of the virus started on 4 July at 13:40, but by 15:00 the specialists of the Police managed to block the activation of the virus on the servers “M.E.Doc”.
Experts have previously drawn attention to the vulnerability M.E.Doc.
“The program’s authors wanted to make their product as accessible as possible, focusing on the users of outdated versions of the OS, and not to spend money on an SSL certificate, so updates were distributed via insecure http. The tendency, when hackers are looking for vulnerabilities in the older hardware, communication protocols, etc., there has been a couple of years ago”, — said PR-Manager of company DDoS-GUARD Olga Bride.