The third-party software updater used to seed last week’s NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack was carefully planned and executed.
Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine. The report echoed findings reported earlier by Microsoft, Kaspersky Lab, Cisco Systems, and Bitdefender. Eset said a “stealthy and cunning backdoor” used to spread the worm probably required access the M.E.Doc source code. What’s more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak.
