Ngonyaka odlule, iNational Cyber Security Center (NCSC) yase-UK yathola okuhlukile kwe-spy malware SparrowDoor kunethiwekhi yase-UK engadalulwanga. Ukuhlaziywa kokuhlukile kushicilelwe namuhla, manje osekwazi ukweba idatha ebhodini lokunamathisela, phakathi kwezinye izinto. Ngaphezu kwalokho, izinkomba zokuyekethisa kanye nemithetho ye-Yara yenziwe yatholakala evumela izinhlangano ukuthi zithole uhlelo olungayilungele ikhompuyutha ngaphakathi kwenethiwekhi yazo.
Inguqulo yokuqala ye-SparrowDoor yatholwa yinkampani elwa namagciwane i-ESET futhi kuthiwa ibisetshenziswa ngokumelene namahhotela emhlabeni wonke, kanye nohulumeni. Abahlaseli basebenzise ubungozi kuMicrosoft Exchange, Microsoft SharePoint kanye ne-Oracle Opera ukuze bagqekeze ezinhlanganweni. Izinhlangano ezithintekile beziseCanada, Israel, France, Saudi Arabia, Taiwan, Thailand nase-United Kingdom, phakathi kwezinye. I-ESET ayizange idalule okuhlosiwe okuqondile kwabahlaseli.
I-NCSC yaseBrithani ithi ithole okuhlukile kwe-SparrowDoor kunethiwekhi yaseBrithani ngonyaka odlule. Le nguqulo ingantshontsha idatha ebhodini lokunamathisela futhi ihlole ngohlu olunamakhodi aqinile ukuthi ingabe isofthiwe ethile yokulwa namagciwane iyasebenza. Lokhu okuhlukile kungase futhi kulingise ithokheni ye-akhawunti yomsebenzisi lapho usetha ukuxhumeka kwenethiwekhi. Kungenzeka ukuthi lokhu "kwehliswa" kwenziwa ngendlela engabonakali, obekungenzeka uma yenza ukuxhumana kwenethiwekhi ngaphansi kwe-akhawunti ye-SYSTEM, isibonelo.
Esinye isici esisha ukudunwa kwezimoto ezihlukahlukene Windows Imisebenzi ye-API. Akucaci ukuthi uhlelo olungayilungele ikhompuyutha lusebenzisa nini i-“API hooking” kanye “nokuzenza ongeyena wamathokheni”, kodwa ngokusho kwe-NCSC yaseBrithani, abahlaseli benza izinqumo zokusebenza ngokuqaphela. Imininingwane engeziwe mayelana nenethiwekhi ehlaselwe noma ubani obangela uhlelo olungayilungele ikhompuyutha ayinikeziwe.