Symantec Gets into Depth of Hydraq

As Google, the search engine giant, is on thinking terms to retreat from China, the notion regarding the involvement of targeted attacks is getting stronger, with the participation of Hydraq Trojan in the attack comprising a major part of discussion.

Hydraq Trojan, once installed using the IE (Internet Explorer) vulnerability fixed by Microsoft, downloads additional files, reported security firm Symantec after examining the Trojan.

On the basis of its functionality, it can be suspected that Hydraq's intends to open a back door on an infected system. This is done to permit a remote attacker to keep a check on the activity of the user and promptly procure information from both the compromised machine as well as the larger infrastructure with which the system is associated.

Symantec, in its blog said that one of the elements of Hydraq is based on VNC code (Virtual Network Computing, and open source remote desktop access application), and this particular element is potential enough to stream live desktop feed to a remote machine, thereby giving the attacker an access to check user's online activities.

The security firm added that created in 2006, VNC files - Acelpvc.dll and VedioDriver.dll - were purposely authored for Hydraq. Further, this fact can be associated with a recent report given by Joe Stewart, a SecureWorks security researcher, stating that certain components of Hydraq aged four years, as per the news published by infosecurity.com on January 22, 2010.

When it compromises a system, the Hydraq Trojan enables an assailant to perform a number of operations, including restarting and shutting down the system, manipulating files, adjusting token privileges, and accumulating information such as computer name, version of the operating system, and the client IP.

A Hydraq Trojan based attack was observed by the firm previously in July 2009, wherein attackers used a PDF file to exploit the Reader, Adobe Acrobat and Flash Player Remote Code Execution Vulnerability. A Trojan horse (former version of the current Hydraq) was installed into the systems through this PDF.

Researchers reported that command and control servers of this Trojan are not active as of now, therefore Trojan still left are being neutralized in an effective manner.

Related article: Sentence for American Contractor for Sabotaging Government Navy Computers

» SPAMfighter News - 30-01-2010

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial