Jump to content

Recommended Posts

I'm trying to find out if Malwarebytes is seeking GoldBrute BotNet. My tax prep software company sent out an alert today warning that the bot is actively seeking RDP enabled computers, which mine is.

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites
Posted (edited)

RE:  Microsoft Operating Systems BlueKeep Vulnerability

I don't know what you mean by "...Malwarebytes is seeking GoldBrute BotNet..." but if you have samples of malware that may be exploiting the vulnerability and MBAM does not detect it, samples can be submitted in;  Newest Malware Threats  after reviewing; 

Malware Hunters group
Purpose of this forum

 

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites

I'm not sure what I mean either since this isn't my 'area'. But, after reading some other articles, etc., after I posted this question, I realized that there probably isn't a way to answer it. I received an alert from my software company about this bot being a concern and that we needed to be sure we were protected. I'm hoping that Malwarebytes and my anti-virus can handle whatever the bullies are throwing at us. And I don't really know what else I can do besides that. Thank you for your reply!

Share this post


Link to post
Share on other sites

Based on my research, it appears this particular botnet is primarily focused on attacking RDP (Remote Desktop Protocol) servers, not endpoints so if you are running a non-Server build of Windows you should be safe.  That said, you should of course keep your anti-malware, antivirus and operating system up to date to guard against threats in general, and if you don't use Remote Desktop, I'd also suggest disabling it so that it cannot be used as a potential point of attack for any threats (I always disable it on all of my systems for this reason as I never use it so it just represents a potential backdoor into my system should a hacker or infection attempt to exploit it).  Instructions on disabling it can be found here and you can take it a step further by blocking port 3389 in the Windows Firewall as that is the default port used by Remote Desktop and you may also want to disable the service used by Remote Desktop if you aren't going to use it.  You'll find instructions on how to do that here.

Share this post


Link to post
Share on other sites

Sorry, stupid question. How do I know if I'm using Remote Desktop? The only computer-to-computer communication I do is between my desktop and my laptop and that is primarily (99%) through my own wireless network at the house. But a ton of my work and my software are in the cloud. Does it sound like I can disable RDP and block the 3389 port? Thank you both for the information.

Share this post


Link to post
Share on other sites

Yes, it sounds like you don't use Remote Desktop so you should be able to disable it.

Share this post


Link to post
Share on other sites

What operating system are your computers running at home?

Windows XP?
Windows Vista?
Windows 7?
Windows 8?
Windows 10?

 

Share this post


Link to post
Share on other sites

Thank you all for patience as I work my way through this. If I disable Remote Desktop will I still be able to do video conferencing and screen share through a web browser?

Share this post


Link to post
Share on other sites
Posted (edited)

Hi, Patp3005

You mentioned your OS is Windows 10 Home.

a) Be very sure that your Windows 10 is fully up to date with Windows Update.  Do a new manual run to Windows Update.

b ) Browser based video conferencing / screen sharing does not rely on the Remote Desktop.

c ) as noted by others before, the "goldbrute" is potentially targett\ing "server systems";   not your Windows 10 home pc.

d) You can manually turn off RDP.

Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option.


type in

 

Quote

services.msc



and press Enter key. 

Scroll down the list. Look for "Remote Desktop Services".   Look to the right on that line, in the column Startup type, you can do a right click on the line and pick Properties, then select "Disabled"

.

.

Other notes:

Microsoft Windows RDP "Bluekeep" Vulnerability is identified as CVE-2019-0708
Windows 10 is not listed as subject to this issue.
Customers running Windows 8 and Windows 10 are not affected by this vulnerability,

Windows 7 / 2008 and older are affected, going back to Windows XP.   Microsoft has released security updates thru Windows Update & the Download catalog at Microsoft.

Customer guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

 

Edited by Maurice Naggar
added notes

Share this post


Link to post
Share on other sites

Maurice, thank you for your reply. I think I'm comfortable now in disabling RD. It's good to know it isn't targeting Windows 10. I'm not confident it will stay that way so I'm going to go ahead and disable anyway since I'm not using it.

To all of you who have replied to this post, thank you. I appreciate your time!

Share this post


Link to post
Share on other sites

You're welcome, by the way, to answer your question about video conferences and screen sharing, yes you will still be able to do those things.  They are unrelated to Remote Desktop.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.