Bitsran
Bitsran is a Trojan and worm that disables anti-virus products and downloads additional threats onto your PC. Bitsran can spread throughout local networks and has strong associations with attacks against banking institutions. Users should maintain best practices for network security and use anti-malware tools when removing Bitsran is warranted.
Bank Robbery by Dint of Software
Highway robbery in the age of computers, often, means fewer pistols and masks, and more software and network communications. Bitsran is a threat that's best known for its part in 2017-dated attacks against Taiwan's Far Eastern International Bank. However, samples of it also are uploaded to threat repositories from other parts of the world, and its potential as a current-day hazard to financial entities and other businesses remains highly credible.
Standard operating procedure for Bitsran includes the previous infiltration of a bank's network via unknown means, possibly, phishing e-mails. The dual-purpose worm uses significant hard-coded data, such as specific IP addresses, for conducting further activities like compromising the rest of the network. Accordingly, new deployments of Bitsran may include updates that tailor some of its behavior and features to different targets.
Some of Bitsran's characteristics are highly-conventional. Bitsran establishes Registry entry-based persistence in Windows environments and hides its executable in a temporary files folder. Less typically than that, malware experts warn that Bitsran searches through processes and auto-terminates ones that match Trend Micro brand security solutions. It also loads a steganography-concealed additional component and creates a scheduled task.
As a whole, Bitsran's features position it for loading other files for attacking and infecting other, desirable systems for the target entity.
Stopping Worms from Running Away with Cash
Network administrators can harden their networks against threats like Bitsran and associated ones, which include backdoor Trojans and the Hermes Ransomware (whose deployment in 2017 was a possible distraction for hiding the robbery). Limiting SMB 445 accessibility will prevent Bitsran from spreading to target systems. Best practices concerning managing one's login credentials also keep threat actors from brute-forcing their way into new accounts. Systems not required sometimes-abusable Windows apps like the Command Prompt can blacklist them and deny Trojans like Bitsran their features.
Since any campaign for Bitsran will, likely, include updates to the threat, users shouldn't depend too closely on any known indicators of compromise or behavioral symptoms. Updated anti-malware solutions from most vendors remain capable of uninstalling Trojans of this type, eliminating any possibility of lateral network traversal, and will delete Bitsran and its droppers on sight. The worm is, as noted previously, a Windows-only threat.
The threat actor of Lazarus is still operating outside of the boundaries of the law, despite being active since 2009. As a result, self-duplicating Trojans like Bitsran remain tactical possibilities for exploiting the weak security of insufficiently-guarded bank networks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.