funsec mailing list archives
Botnet C&C Commands Spread by Google Groups
From: Paul Ferguson <fergdawgster () gmail com>
Date: Fri, 11 Sep 2009 17:27:13 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via SC Magazine US. [snip] A trojan targeting Google Groups turns newsgroups into a means for distributing command-and-control information for botnets. “The trojan [dubbed Trojan.Grups] in this case is fairly simple,” wrote Gavin Gorman, security researcher for Symantec, in a post [1] Friday on a Symantec blog. “But when executed, it logs onto a specific Google account and requests a page from a private newsgroup, which contains encrypted commands for the malware to carry out.” In the past, Twitter has been used to deliver commands, by which an account was being used as a command-and-control hub to issue instructions to infected computers. Tweets coming from the malicious accounts were encoded and looked like a random combination of letters and numbers. But the tweets were actually being used to issue new instructions to bots. “This is the first time a newsgroup being used as a command-and-control conduit,” Gerry Egan, director of Symantec Security Response, told SCMagazineUS.com Friday. “It establishes a two-way communications pipe, using a legitimate infrastructure.” [snip] More: http://www.scmagazineus.com/Botnet-commands-spread-by-Google-Groups/article /148736/ [1] http://www.symantec.com/connect/blogs/google-groups-trojan - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFKqurYq1pz9mNUZTMRAqr9AJ4kuVsXSts7RD+0sc2CTErm2/tEzwCghJcF LHXtOs6opgOz/JGbGcY+M40= =47mz -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Botnet C&C Commands Spread by Google Groups Paul Ferguson (Sep 11)