Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Whitewell Exploits Facebook to Contact C&C Server

IT security firm Symantec has detected a Trojan that uses social networking site Facebook for communicating with a command and control (C&C) server.

A C&C server is used by a botnet (a cluster of malware-infected PCs that communicate via Internet) as a means of managing the swarm of botnet.

The Trojan, called Whitewell, is spreading via e-mails using infected documents (MS-Office format or PDF) which embrace exploits for known vulnerabilities. These e-mails purport to be coming from courier companies or other similar firms.

It is noteworthy that Whitewell works by contacting Facebook's mobile version and using its Notes section.

In the analyst blog, Security Analyst at Symantec Security Response Operation, Andrea Lelli stated that the recently spotted Trojan is using Facebook account to receive URLs to communicate and may post some time date stamps back to the account, reported Info Security on November 3, 2009. The actual command and data processing is done via remote URL which was received from the notes, and that URL may point to any site, added the analyst.

Apart from this, researchers at Symantec have found that the Trojan seems to perform four different activities, based on the titles of the notes discovered.

This has evolved as a prevalent strategy for targeted assaults that have substituted mass mailing worms as the major malware threat to businesses worldwide. The unique attribute of Whitewell is its trial use of Facebook to receive instructions instead of conventional botnet control channels, like Internet Relay Chat (IRC). However, bulk of core functions, say uploading stolen information, is still conducted by means of a Web server, noted Symantec.

As such there are no vulnerabilities or exploits of any sort in Facebook, informed experts. In fact, this Trojan just logs onto a Facebook account so as to use it as a central node for receiving further commands.

Nevertheless, with security experts quick enough to detect and shut down such malicious activities, malware authors are always seeking innovative ways to control the network of infected PCs.

ยป SPAMfighter News - 17-11-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next