"Hundreds of Windows Networks Are Infected With Raspberry Robin Worm"

Microsoft recently released a private threat intelligence advisory informing organizations that a worm called Raspberry Robin is infecting hundreds of Windows networks.  The worm is spreading via infected USB devices.  The researchers noted that it requires a user to insert the USB device and click a malicious .LNK file.  After that, the worm uses the Windows command prompt to launch a msiexec process and run a malicious file also present on the device.   The researchers stated that a connection is then established with a command and control server using a short URL, and if successful, a number of malicious DLLs are downloaded and installed.  The legitimate Windows utility odbcconf.exe is then used to execute the DLLs while the worm repeatedly attempts to connect to Tor network nodes.  The researchers stated that what is worrying is that whoever deployed Raspberry Robin so successfully has yet to take advantage of the infected Windows networks.  The malware introduced by the worm is capable of bypassing Windows User Account Control (UAC) and has already proven it can use the utilities available to the OS.  So while nobody currently knows the goal of Raspberry Robin, the control it imposes over a network means new malware could be downloaded and deployed very quickly.

PCMAG reports: "Hundreds of Windows Networks Are Infected With Raspberry Robin Worm"