Microsoft has just revealed that the Raspberry Robin Worm has infected hundreds of Windows networks. The company has released a private threat intelligence advisory informing organizations about the worm. The Raspberry Robin spread through infected USB devices. When the user inserts a USB device and clicks on a malicious .LNK file, the worm starts doing its work.
Raspberry Robin Worm Infects Hundreds of Windows Networks
This worm then launches a msiexec process and runs a malicious file also present on the device. After that, it establishes the connection with a server and starts downloading and installing the malicious DLLs. The legitimate Windows utility odbcconf.exe is then used to execute the DLLs while the worm repeatedly attempts to connect to Tor network nodes. At least some of the command and control servers being used are thought to be infected with QNAP NAS devices.
This worm has the ability to bypass Windows User Account Control (UAC) and has already proven it can use the utilities available to the OS. Although the exact goal of this malware is not clear yet. However, it controls the network and could easily download and deploy the new malware quickly.
Microsoft has flagged Raspberry Robin as a high-risk campaign. The best way to avoid this malware is to first scan the external device with a powerful antivirus. If the device is free of viruses and malware then go ahead to use this device. Surely, Microsoft will also bring the security update to make the devices virus-free.