<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1626328370711236&amp;ev=PageView&amp;noscript=1">



Exposing Houdini


Lately, instances of malware with built-in worm functionality have been on the rise. The WannaCry cyberattack is a perfect example. Although the malware was classified as ransomware, to increase the number of infections, the attackers used an SMB exploit to propagate it laterally within enterprises.

The Menlo Security Research Team recently observed and characterized another self-propagating malware strain, named Houdini, as it made nearly 800 call-backs to two separate command-and-control (C2) domains. In addition to its C2 functionality, the Houdini remote access trojan (RAT) possesses the ability to move laterally, leveraging removable drives.

Although Houdini and WannaCry are both malware with worm-like functionality, Houdini does not possess a native ransomware component. However, Houdini is a RAT and has the ability to download and execute additional components from the C2, and those components could be ransomware or any other malware.

To learn more about the Houdini infection vector and Menlo Security’s technical analysis - including file system changes, registry changes, domains, URI patterns, and C2 IPs - please download our Research Report.

It’s time to lift the veil of illusion and to expose Houdini once and for all.

Tags: malware, worm, wannacry, cyber attacks, cyber threats, ransomware, Houdini, remote access trojan, isolation, web isolation

Connect with us

Lists by Topic

see all

Recent Posts

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.