Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Syrian Government and the New Method for Planting Malware

Researchers at Trend Micro the security company state that they have found one method, which apparently Syria's top authority has imbibed, for planting backdoors onto the PCs of its opponents.

The researchers explain that they found one web-page, which touts software supposedly for encrypting Skype. The web-page hosted internally within Syria using the domain name '{BLOCKED}encription.sytes.net,' settles down for {BLOCKED}.{BLOCKED}.0.28, the identical command-and-control (C&C) server, which carried out other attacks previously too. There is also one YouTube video embedded on the page supposedly for encrypting voice communications, and which IT Security Lab seems as having provided, the researchers continue.

If an end-user is made to download this video, software indeed gets presented, which claims to encrypt his communication contents on Skype. But Trend Micro identified the so-called video file labeled 'Skype Encryption v 2.1.exe' as BKDR_METEO.HVN.

There are certain interesting strings within this file which suggests its creator is "SyRiAnHaCkErS."

Identified as a backdoor namely BKDR_ZAPCHAST.HVN, the skype.exe for download in reality is DarkComet v 3.3, which links up with {BLOCKED}.{BLOCKED}.0.28 via the 771 port.

Soon as the backdoor gets planted, the attackers manage in wholly compromising the infected PC using the 'DarkComet' Remote Access Tool (RAT). This particular RAT is able to record keystrokes, access files and control them remotely, as well as gain hold over devices, in particular webcams and microphones.

There are two vital points here that merit mention. The dubious encrypting software for Skype data isn't just a malicious program; however, there isn't a single of the functionalities visible as claimed, including the encryption function.

Moreover, Skype essentially utilizes the 'Advanced Encryption Standard' encrypting system for video, audio as well as text communications, implying end-users needn't rely on intermediate applications for an encryption.

The Syrian incident, if nothing else, calls upon all people, belonging to Syria as also any other country, inclined towards any specific software to remain vigilant prior to hastily loading applications.

A lot of applications, particularly ones which pose as being sent from vital security software vendors, frequently conceal malicious content. Thus, end-users should rely only on trusted websites or the authorized vendors for downloading software.

Related article: Serena Williams Outburst Allows Hackers to Install Malware

» SPAMfighter News - 4/28/2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page