September 11th, 2009
First Trojan discovered using a newsgroup to control attacks
Symantec says it has discovered the first instance of a Trojan using a newsgroup to deliver commands to botnets.
The Trojan.Grups is described as a backdoor Trojan and it utilizes Google Groups newsgroups.
Symantec says:
The Trojan in this case is fairly simple, but when executed, it logs onto a specific Google account and requests a page from a private newsgroup which contains encrypted commands for the malware to carry out.
Based on analysis of the source code, Symantec believes this may be a prototype implementation, testing the feasibility of Web-based newsgroups as command and control structures. Analysis also indicates that this Trojan is seeking to remain discreet and undetected, being used to subtly gather information and potentially determine future attack targets. Such a Trojan could have been developed for targeted corporate espionage where anonymity and discretion are priorities.
There is more information on the Symantec blogs: http://www.symantec.com/connect/blogs/google-groups-trojan.
Tom Foremski reports on the business and culture of Silicon Valley at the intersection of technology and media. He also writes at Silicon Valley Watcher. See his full profile and disclosure of his industry affiliations.
Subscribe to Tom Foremski: IMHO via Email alerts or RSS.
Follow on Twitter:
