CYBERSECURITY NEWS V. 08.10 – Leaked Windows source code, New hacker group XDSpy, IPStorm botnet

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts

News for discussion

Leaked Windows source code confirmed as authentic

News of a Windows OS source files leak appeared on September 25, however, information security experts doubted its authenticity and Microsoft did not comment on the situation in any way. The source codes were available on 4chan as a torrent file. In addition to the source files of Windows XP and Windows Server 2003, it contained the source codes of various components and the first Xbox operating system. Within a week, the authenticity of the source files was confirmed: a developer under the nickname NTDEV managed to compile an almost working version of Windows XP. Windows Server 2003 was easier to compile because its leaked source code was more complete than that of Windows XP. Some important components were missing, like drivers and winlogon.exe, which is needed to install the system. The leak itself is not so dangerous, as computers running Windows XP make up approximately 1.26% of devices. The information from the Windows XP source code could allow hackers to successfully search for vulnerabilities in new versions of Microsoft OS because Microsoft often transfers large pieces of code from one OS version to another.

hexway commentary:

Leaking the source code of the company's core products is hardly a pleasant experience. However, Microsoft already has a similar experience. Did they draw any conclusion from this? Surely, since this leak probably happened a long time ago, it just became public only now.
Is this leak interesting to information security researchers? Well, maybe some, as a reference, when reversing the next binar from MS. Cybercriminals? Surely, since the developers, for sure, reused some of the code in more "fresh" company products. Developers? Of course, you can see how the developers from Redmod write and be glad that your hodgie code is not so bad. Ordinary users? Don’t worry. Visit your grandmother or mom.

News FYI

XDSpy cyber espionage group went unnoticed for 9 years

ESET team discovered a new hacker group XDSpy, which has been active since 2011. Their main target is government documents. Over the years, the group has quietly attacked government agencies and private companies in Eastern Europe and the Balkans. The group's main tool is a malware called XDDown. XDDown is a downloader used to infect systems and then download various additional modules. The malware was spread through phishing email attacks. The group used decoy letters related to lost and found items and the coronavirus pandemic.

IPStorm botnet attacks Android, Mac, and Linux

The IPStorm botnet, which attacked Windows systems last year, has evolved and moved to other platforms – Android, Linux, and Mac. In May 2019, IPStorm infected about 3 thousand systems, and this month more than 13.5 thousand. The botnet’s features were first described in the Anomali report. IPStorm uses the IPFS protocol to communicate with infected systems. The malware was written in Go, which wasn’t commonly used for these purposes in 2019. Although the botnet has been active for over a year, researchers still haven’t figured out what is the ultimate goal of IPStorm operators.

Spam Emotet campaign

A few days after the first presidential debate in the US, Emotet attackers launched a new spam campaign posing as the DNC. For the emails, the attackers used subject lines related to the DNC Team Blue volunteer program. The attached documents claim to be created on an iOS device and ask users to “Allow Content” to display them properly. Once it’s done, the victim’s device automatically downloads and installs the Emotet Trojan, which will run quietly in the background.