An odd discovery about BadRabbit: FireEye and Cylance say that the ransomware skips encryption if it detects Dr. Web antivirus software (Dr. Web published the same findings). Cylance thinks it's a stealth measure having to do with the way Dr. Web protects the master boot record, and that BadRabbit also keeps an eye out for McAfee products that operate similarly to Dr. Web's. FireEye thinks it looks fishy, and that BadRabbit may not be the straightforwardly criminal ransomware this spawn of NotPetya represents itself as being.
India's Computer Emergency Response Team (CERT-In) has issued a medium security alert for BadRabbit, which seems about right.
The Reaper IoT botnet remains puzzlingly quiescent. It may also be smaller than initially believed. Check Point's tally of a million was based on extrapolation from an observed size of thirty thousand. NetLab 360 initially put the total somewhere between ten and twenty thousand devices, now up to nearly thirty thousand. Radware and Ixia have arrived at numbers similar to NetLab 360's. But the botnet could expand swiftly: NetLab 360 reports observing a queue of about two-million devices vulnerable to exploitation by a Reaper control server. While most researchers see signs of amateur missteps by Reaper's developers, the botnet's development platform lends itself to attacks other than the expected DDoS.
SANS Institute researchers describe malicious Chrome extension "Catch-All." It does what its name suggests: captures all user-browser interactions.
US Special Counsel Robert Mueller this morning announced charges against two individuals emerging from the Russian influence probe.