Programmable Malware Hits Specific Databases

As per the security firm Trend Micro, a latest HTTP programmable malware has been launched to use a specific database in a computer it is told to infect, as per the reports published in Technology on August 5, 2010.

As per Trend Micro, malware named BKDR_SOGU.A, which connects to {BLOCKED} n.duamlive.com, may be linked with the data breach on SK Comms, a famous South Korean social networking service provider.

Trend Micro researcher Marco dela Vegas said that one prominent routine in this backdoor is its capacity to use a certain database in the infected machine, and to collect information from the said database. This routine was being performed using many ODBC API such as SQLAllocHandle, SQLDriverConnect, SQLNumResultCols, SQLFetch, and SQLExecDirect, as per the reports by Technology on August 5, 2011.

The database being used and the kind of information being collected are stated based on the parameters offered by the remote server. He claimed that other backdoor routines (like enumerating registry values or listing files in a specified directory) can also provide such data.

Dela Vega stated that the backdoor connects to and interacts with a command-and-control (C&C) server. The C&C server interacts with the remote infected machine through HTTP post for sending and receiving commands from a remote harmful user.

Moreover, dela Vega informed that nothing in the code indicates that it was made specifically for certain attacks. It might be reused as the malware is not detected by the network's security software. As said earlier, attacks against large companies do not always require refined technologies but an integration of ingenious use of other techniques, (exploiting known vulnerabilities, social engineering etc, etc.) that can result in successful targeted attack. As per dela Vega, study showed that the remote server defines the database to be used and the kind of information to be collected.

Dela Vega also informed that they are observing possible connections between the new malware and an attack on SK Comms in July 2011. Trend Micro stated that the data breach at SK Comms might have targeted 35 million users.

Related article: Parser Bugs in AV Software could Increase Attack Risk

ยป SPAMfighter News - 16-08-2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next