Botnet C&C Commands Spread by Google Groups
Chuck Miller writes on SC Magazine U.S.:
A trojan targeting Google Groups turns newsgroups into a means for distributing command-and-control information for botnets.More here.
“The trojan [dubbed Trojan.Grups] in this case is fairly simple,” wrote Gavin Gorman, security researcher for Symantec, in a post Friday on a Symantec blog. “But when executed, it logs onto a specific Google account and requests a page from a private newsgroup, which contains encrypted commands for the malware to carry out.”
In the past, Twitter has been used to deliver commands, by which an account was being used as a command-and-control hub to issue instructions to infected computers. Tweets coming from the malicious accounts were encoded and looked like a random combination of letters and numbers. But the tweets were actually being used to issue new instructions to bots.
“This is the first time a newsgroup being used as a command-and-control conduit,” Gerry Egan, director of Symantec Security Response, told SCMagazineUS.com Friday. “It establishes a two-way communications pipe, using a legitimate infrastructure.”