HomesecurityDownloader uses Microsoft SQL to spread malware

Downloader uses Microsoft SQL to spread malware


A new downloader that avoids detection techniques and uses it Microsoft products SQL for spreading malware payloads was recently discovered by security investigators.

The program is called WhiteShadow and transmits via malicious emails or attachments to Microsoft Word and Excel.

How does it work;

The malicious software was discovered by its researchers Proofpoint, who published a report detailing its operation.

When the victim opens the malicious email and gains access to macro attachments, malicious payloads infect the system of.

This malware is stored as encoded ASCII strings in the database.

WhiteShadow uses a wide range of malicious software downloads from Microsoft SQL Server, which is under the control of intruders.

The malicious program was first launched in August, followed by multiple campaigns that used it to attacks.

The first campaigns had no way of avoiding crawling, but later ones included methods such as code obfuscation and intentional misspelling of variables. This was probably done to prevent automatic detection.

Most of the WhiteShadow campaigns were used to deliver Crimson malware.

Its executives Keylogger, such as Orion Logger, Remcos, and Nanocore, were among the other malicious programs transmitted to these campaigns.

How to protect yourself?

Researchers recommend that organizations monitor incoming emails and outgoing traffic on the TCP 1433 port. The port must either be blocked or have limited ACL configuration on Firewall.

The report also mentions Indicators of Compromise (IOC) to help organizations ensure that this malware is detected.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement