Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A trojan targeting Google Groups turns newsgroups into a means for distributing command-and-control information for botnets.“The trojan [dubbed Trojan.Grups] in this case is fairly simple,” wrote Gavin Gorman, security researcher for Symantec, in a post Friday on a Symantec blog. “But when executed, it logs onto a specific Google account and requests a page from a private newsgroup, which contains encrypted commands for the malware to carry out.”In the past, Twitter has been used to deliver commands, by which an account was being used as a command-and-control hub to issue instructions to infected computers. Tweets coming from the malicious accounts were encoded and looked like a random combination of letters and numbers. But the tweets were actually being used to issue new instructions to bots. “This is the first time a newsgroup being used as a command-and-control conduit,” Gerry Egan, director of Symantec Security Response, told SCMagazineUS.com Friday. “It establishes a two-way communications pipe, using a legitimate infrastructure.”Experts believe this is just a test -- research-and-development for malware writers to see if the idea is feasible.“Based on analysis of the source code, Symantec believes this may be a prototype implementation, testing the feasibility of web-based newsgroups as command-and-control structures,” Gorman wrote. “Analysis also indicates that this trojan is seeking to remain discreet and undetected, being used to subtly gather information and potentially determine future attack targets.”The reason that this sort of attack is attractive to cybercriminals could be the difficultly in identifying and shutting down such sources, Egan said. “In a sense, it makes it harder to detect,” he said. A Google spokesperson could not immediately be reached for comment. See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.