New Dorifel-virus point still no damage in the Netherlands

0
220

As far as is known has a recently identified variant of the Dorifel malware has still not caused any damage in the Netherlands. The NCSC and beveiligingsonderzoeker Mark Loman, have no Dutch infections were recorded.

“Currently, there are no significant Dorifel infections in the Netherlands”, let beveiligingsonderzoeker Mark Loman of SurfRight know. “Here and there, there is an old infection from August.” The first version of Dorifel appeared in that month; when were various Dutch government agencies are infected, including ministries and provinces.

Last week appeared a new, more stubborn version, but that seems so still no damage to have caused. The National Cyber Security Centre confirms that image. “We have not received reports of infections in the Netherlands”, says spokeswoman Mary-Jo van de Velde.

In other countries, there were still new infections, including in Russia. That means, according to beveiligingsonderzoeker Loman that the malware now also in other ways it was disseminated than thought. Initially it was Dorifel spread through Citadel botnet, but, says Loman, “That does not work on systems with Russian language settings”. He thinks that Dorifel via exploit kits will be distributed, which, for example, users through the browser can infect.

Loman thinks that the maker of Dorifel ‘continuous’ is engaged with the improve of the malware. “We’ll have to wait until the attacker again with a new variant coming up and the virus along the virus scanners are know to slip,” he says. The newly discovered variant of Dorifel, which is harder to detect and remove, is now better recognized. 19 of 42 tested antiviruspakketten recognize the variant, as against 8 last Thursday.

The new version of the Dorifel-virus seems to be aimed at the Dutch; the virus shows a warning pretending to be from the Buma/Stemra and the police comes, stating that users illegally downloaded and therefore a fine of 100 euros to pay. Does a user that does not, then he gets no access to his computer and some files.

The previous version of Dorifel did something similar, including Word and Excel documents were inaccessible. It was, for unclear reasons, however, no similar notification will be displayed. Therefore, it was long unclear why the malware, the documents are mutilated. Perhaps the warning when accidentally not shown.

In the meantime, there would be six versions of the Dorifel in circulation. It is striking that domains that Dorifel be used, according to Loman are registered by the same persons who earlier this month the malware on Telegraaf.nl spread. That means that the domain names are registered by the same person who ‘domain names for other rascals registers’, in the words of Loman, or that the same group is behind both attacks.