30.7.17

ESET’s Anton Cherepanov picks up Pwnie for Best Backdoor

By Editor

Anton Cherepanov, a malware researcher at ESET, has picked up a Pwnie Award for Best Backdoor at this year’s ceremony at Black Hat USA 2017 in Las Vegas.
The award was in recognition for his work in discovering what Cherepanov described earlier this month as a “stealthy and cunning backdoor” that allowed cybercriminals to install and spread Diskcoder.C via M.E.Doc.
As the organisers of the awards stated in their nomination blurb for the award: “To prepare their taxes, folks the world over install janky software developed for a captive market of their nation’s tax laws.
“In Ukraine, accountants who installed M.E.Doc received a backdoor in the gig and a half of their full installation.”
According to Cherepanov in his analysis of the Telebot backdoor, it is believed that this was injected into one of M.E.Doc’s legitimate modules.
Interestingly, it is believed that the cybercriminals could not have done this without having access to M.E.Doc’s source code.
“The backdoored module has the filename ZvitPublishedObjects.dll,” explained Cherepanov in his expert piece.
“This was written using the .NET Framework. It is a 5MB file and contains a lot of legitimate code that can be called by other components, including the main M.E.Doc executable ezvit.exe.”
Concluding his analysis of the backdoor, ESET’s malware researcher noted that this was a highly sophisticated and technical operation, which had been well thought out.