Home > Developer > Web Develop

Nssock2.dll module embedded in Netsarang software analysis and protection scheme of malicious code technology

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Original address: http://blog.nsfocus.net/nssock2-dll-module-malicious-code-analysis-report/

Netsarang is a company offering secure connectivity solutions that mainly include Xmanager, Xmanager, Xshell, Xftp and XLPD. Recently, the official release of the software on July 18, 2017 was found to have malicious backdoor code, the malicious backdoor code exists in a legally signed Nssock2.dll module. From the back door code analysis, the code is due to the attacker's intrusion of the developer's host or compile the system and into the source code to insert the backdoor caused. The backdoor code can cause the user to remotely log on information disclosure, and possibly even remote code execution. VirusTotal Online Detection: By the analysis results can be known, Nssock2.dll has been a number of anti-virus software identified as a malicious program,

Related address:https://www.netsarang.com/news/security_exploit_in_july_18_2017_build.htmlhttps:// Www.virustotal.com/#/file/462a02a8094e833fd456baf0a6d4e18bb7dab1a9f74d5f163a8334921a4ffde8/detection
The affected version
    • Xshell Build 1322
    • Xshell Build 1325
    • Xmanager Enterprise Build 1232
    • Xmanager Build 1045
    • Xmanager Build 1048
    • Xftp Build 1218
    • Xftp Build 1221
    • XLPD Build 1220
Non-affected versions
    • Xmanager Enterprise Build 1236
    • Xmanager Build 1049
    • Xshell Build 1326
    • Xftp Build 1222
    • XLPD Build 1224
Download of software 
There is a backdoor software in the domestic download situation:
    • Xmanager:

    • Xshell:

Technical Analysis Overview 
The main software version of Netsarang found that the Nssock2.dll module was implanted with malicious backdoor code in the official source. It is reported that the hacker penetrated into the development of the machine, and then in the code to add malicious code to the official source, the following is the malicious code analysis. Reference: Https://www.virustotal.com/#/user/jumze/comments
Transmission and infection 
User direct download or software bundle download.
Sample Analysis 
Analysis environment
System Windows 7, 32bit
Using tools Processmonitor, Xuetr, Wireshark, ollydbg, IDA, CuteFTP 
TAC Test Results:

Figure TAC Test Results



Protection Solutionsuser Self-examination

Users can determine whether this impact is affected by viewing the version of Nssock2.dll:

Locate the Nssock2.dll file in the Software installation directory, right-click the file to view the properties, and if the version number is 5.0.0.26, there is a backdoor code:

Official Solutions

The user can view the version number of the Nssock2.dll to determine whether to use a software version that contains a backdoor, and if the user is using the affected software version above, upgrade to the latest version. The backdoor code has been removed by the official in the latest version of the software, the latest software versions are:

    • Xmanager Enterprise Build 1236
    • Xmanager Build 1049,
    • Xshell Build 1326
    • Xftp Build 1222
    • XLPD Build 1224.

Official as follows:

Https://www.netsarang.com/download/software.html





Nssock2.dll module embedded in Netsarang software analysis and protection scheme of malicious code technology

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
in and of discount code list of data analysis software encyclopedia of computer science and technology advantages and disadvantages of 5g technology spyware and unwanted software protection malicious software list malicious software removal tool

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More