360CERT监测到NetSarang在Kaspersky的"ShadowPad: How Attackers hide Backdoor in Software used by Hundreds of Large Companies around the World”报告中加入了对此事件的声明。
NetSarang Computer, Inc. 是一家致力于全球安全连接解决方案领域的研发，市场，和支撑的公司。公司开发了一系列包括PC X服务和SSH客户端软件在内的软件，兼容PC-to-Unix和PC-to-Linux，且扩展了相关的TCP/IP网络技术给相关的互联网企业。公司的产品和服务覆盖全球90多个国家。
“To combat the ever-changing landscape of cyberattacks NetSarang has incorporated various methods and measures to prevent our line of products from being compromised, infected, or utilized by cyberespionage groups. Regretfully, the Build release of our full line of products on July 18th, 2017 was unknowingly shipped with a backdoor which had the potential to be exploited by its creator.
The security of our customers and user base is our highest priority and ultimately, our responsibility. The fact that malicious groups and entities are utilizing commercial and legitimate software for illicit gain is an ever-growing concern and one that NetSarang, as well as others in the computer software industry, is taking very seriously.
NetSarang is committed to its users’ privacy and has incorporated a more robust system to ensure that never again will a compromised product be delivered to its users. NetSarang will continue to evaluate and improve our security not only to combat the efforts of cyber espionage groups around the world but also in order to regain the trust of its loyal user base.”
All Kaspersky Lab products detect and protect against the ShadowPad malware as “Backdoor.Win32.ShadowPad.a”.
Kaspersky Lab advises users to updateimmediately to the latest version of the NetSarang software, from which the malicious module has been removed, and to check their systems for signs of DNS queries to unusual domains. A list of the command server domains used by the malicious module can be found in the Securelist blogpost, which also includes further technical information on the backdoor.
NetSarang Computer, Inc. develops, markets and supports secure connectivity solution in the global market. The company develops a family of PC X server and SSH client software for PC-to-Unix and PC-to-Linux, and is expanding its TCP/IP network technologies to other Internet businesses. The company offers its products and services to more than 90 countries around the world.
4.ShadowPad in corporate networks
5.ShadowPad: How Attackers hide Backdoor in Software used by Hundreds of Large Companies around the World