Friday, September 11, 2009

Botnet C&C Commands Spread by Google Groups

Chuck Miller writes on SC Magazine U.S.:

A trojan targeting Google Groups turns newsgroups into a means for distributing command-and-control information for botnets.

“The trojan [dubbed Trojan.Grups] in this case is fairly simple,” wrote Gavin Gorman, security researcher for Symantec, in a post Friday on a Symantec blog. “But when executed, it logs onto a specific Google account and requests a page from a private newsgroup, which contains encrypted commands for the malware to carry out.”

In the past, Twitter has been used to deliver commands, by which an account was being used as a command-and-control hub to issue instructions to infected computers. Tweets coming from the malicious accounts were encoded and looked like a random combination of letters and numbers. But the tweets were actually being used to issue new instructions to bots.

“This is the first time a newsgroup being used as a command-and-control conduit,” Gerry Egan, director of Symantec Security Response, told Friday. “It establishes a two-way communications pipe, using a legitimate infrastructure.”

More here.


Post a Comment

<< Home