Researchers at Symantec find a Trojan that uses Facebook to communicate with a command and control server.
Researchers at Symantec have uncovered a Trojan using Facebook as a coordinator for its command and control server.
The Trojan malware, known to Symantec as Whitewell, is being spread via e-mail through "documents (PDF, or MS Office formats) containing exploits for known vulnerabilities," Andrea Lelli, a security analyst with Symantec Security Response, wrote on a Symantec blog Oct. 31. The malware works by contacting the mobile version of Facebook and using its Notes section. By analyzing the Trojan's code, Lelli found that the Trojan will perform four different actions, depending on the notes' titles that are found.
If the title is Wells, the note will contain the timedate stamp for when a machine was infected. If it is WebServer, however, the note will contain a URL to be contacted from which the Trojan will receive commands, Lelli wrote.
Small botnets are causing big security problems for enterprises. Click here to read more.
"The real command and data processing is done through the remote URL that was received from the notes, and this URL may point anywhere," Lelli blogged. "However ... one could use a Facebook account as a C&C [command and control] server and this Trojan is able to successfully parse the Facebook html data, retrieve the wanted data from it, and also post new data to it (it may for example send stolen data to it in the form of a note in the same [way] as it sends a timedate stamp)."
To read about how Facebook password spam concealed a malware attack, click here.
If the note has the title 'White', it contains a URL that leads to an executable to be downloaded. If the title is anything else, the Trojan is programmed to wait, Lelli wrote.
This is not the first time social networks have been used to help control malware. In August, Arbor Networks researcher Jose Nazario uncovered a botnet using Twitter to communicate with its army of compromised machines.
According to Symantec, in this case, the documents containing the malware are made to look legitimate to conceal their intent, mimicking for example the names of well-known courier companies and utilizing popular headlines from the news media.
"Besides documents they can also spread the executables themselves, sending them with icons that resemble those that accompany legitimate documents, and with legit-looking file names such as 'Competitive assessment.pdf .exe,'" Lelli wrote.
"I want to stress the fact that the Trojan does not use exploits or flaws of any kind; it simply uses the standard Facebook functionalities, which in no way are malicious, dangerous or faulty," Lelli added. "This particular Trojan is quite limited and seems to be a targeted attack, but it can be considered a precursor of a botnet using a social network as a C&C server."
Gerry Egan, director of Symantec Security Response, said the company has not observed a significant number of infections and believes the Trojan to be part of a limited, targeted attack.
Thursday, November 5, 2009
Thursday, July 2, 2009
Best Free Anti-virus Applications
Microsoft isn't the first vendor to offer free anti-virus software to consumers and small businesses. Several vendors have free, generally available versions of their malware protection suites. Their strategy: Get customers interested and open opportunity to partners. Here are few free AV packages worth considering.
- Panda Software www.pandasecurity.com Panda Active Scan 2.0 provides in-the-cloud scanning, detection and removal of malware, security status checking and vulnerability checks.
- ALWIL Software www.avast.com ALWIL’s Avast antivirus package includes a full array of features, including protection against rootkits and spyware, P2P inspections, real-time malware scanning and Web filtering.
- BitDefender www.bitdefender.com Designed for Windows home and professional versions, the free version of BitDefender Free Edition provides scanning and removal of most known viruses, scheduled system scanning, quarantining of suspect files and activity reporting.
- Avira www.avira.com Avira AntiVir free version provides rudimentary protection against viruses and worms and other Internet-born threats. However, the premium version offers more comprehensive security and features.
- Clamwin www.clamwin.com Clamwin is an open-source antivirus application developed and supported by a community of users and developers. The application is designed for all versions of Windows up to Vista.
- Microsoft www.microsoft.com Microsoft Security Essentials – still in beta and successor to Windows Defender – is getting good early reviews. The free client-based product provides basic antivirus and malware protection. The general release is expected this fall.
- Panda Software www.pandasecurity.com Panda Active Scan 2.0 provides in-the-cloud scanning, detection and removal of malware, security status checking and vulnerability checks.
- ALWIL Software www.avast.com ALWIL’s Avast antivirus package includes a full array of features, including protection against rootkits and spyware, P2P inspections, real-time malware scanning and Web filtering.
- BitDefender www.bitdefender.com Designed for Windows home and professional versions, the free version of BitDefender Free Edition provides scanning and removal of most known viruses, scheduled system scanning, quarantining of suspect files and activity reporting.
- Avira www.avira.com Avira AntiVir free version provides rudimentary protection against viruses and worms and other Internet-born threats. However, the premium version offers more comprehensive security and features.
- Clamwin www.clamwin.com Clamwin is an open-source antivirus application developed and supported by a community of users and developers. The application is designed for all versions of Windows up to Vista.
- Microsoft www.microsoft.com Microsoft Security Essentials – still in beta and successor to Windows Defender – is getting good early reviews. The free client-based product provides basic antivirus and malware protection. The general release is expected this fall.
Thursday, June 11, 2009
Free Network Assessment
Schedule a free technology assessment with Group 4 Networks today, and be more productive tomorrow.
Free to you for a limited time
Let G4NS assess your information systems at no charge or obligation. You will receive a customized report detailing opportunities to reduce risk, lower costs, increase productivity and how to eliminate the headaches and hassles that sometimes come with technology. Bottom line, we want to help you save more money.
Your free technology assessment will cover the following mission-critical areas:
Productivity
- Are your employees as comfortable and productive as they need to be with the business software they need most?
- Do your employees know how to take their software programs to the next level of effectiveness?
- How quickly do your new employees get up to speed on key software?
- Do you take full advantage of best-of-breed software and hardware solutions to be more productive?
- Do you execute information technology projects on time and on budget?
- How well do your systems allow for real-time data sharing, communication, and collaboration
Thank you.
Invest in Virtual Desktop Now: Top Reasons Why You Shouldn't Wait Any Longer
In the midst of an economic downturn, right now probably doesn’t seem like a good time to be investing in a full-fledge VD (Virtual Desktop) implementation. But, what many people don’t know is that VD can immediately save your company money and give you the competitive edge you’ve been looking for - without breaking the bank.
Check our web site to see full benefits of Virtual Desktop in action....
http://www.g4ns.com/virtualdesktop.html
Check our web site to see full benefits of Virtual Desktop in action....
http://www.g4ns.com/virtualdesktop.html
Subscribe to:
Posts (Atom)
