Virus writers now developed a trojan program that can hide now their command and control instructions in legitimate Web 2.0 sites such as Google Groups and Twitter.
Recently,a security vendor SYMANTEC post its security bulletin that they spotted a Trojan Horse program that's been programmed to visit a private Google Groups newsgroup, called escape2sun, where it can download encrypted instructions or even software updates. Criminals used this "command and control" to keep in touched with the hacked PC's and update their malicious software. Symantec also seen that this criminals hide their message in a RSS feeds that are set up to broadcast Twitter messages.
The Google groups system appears to be a prototype, but they expect the virus writers will increasingly used social media sites for this purposes.
Today most bad guys communicate with their hacked machines via the IRC (Internet Relay Chat) servers, or by placing commands on obscure, hard-to-find Web sites. As system administrators are getting better at spotting and blocking these communications, the bad guys are "trying to hide these command and control messages inside legitimate traffic, so the presence of the traffic in and of itself doesn't raise a red flag."Symantec said.
System administrator can block this access to IRC but blocking Twitter or Google group is another matter to them.
The Google Groups Trojan appears to be Taiwanese in origin and was probably used to quietly gather information for future attacks. According to the data on Google Groups, the Trojan has not spread widely since it was created in November 2008. "Such a Trojan could potentially have been developed for targeted corporate espionage where anonymity and discretion are priorities," Symantec said in their Friday blog posting.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment