Palo Alto Networks Discovers “Jericho” an Emerging Botnet
A botnet, in its process of building, has been found targeting financial institutions, particularly banks, caution security researchers from Palo Alto Networks. According to these experts, the botnet known as 'Jericho' represents the family of widely employed Jorik banker Trojans.
The researchers stated that over 42 distinct samples of the banking malware, in a continuous cyber-crime venture, were designed for attacking financial institutions to filch login credentials and passwords.
The Jericho's origin i.e. its Internet Protocol address is located in Israel, but it's engineered to arrive from a Romanian source. Indeed there's a relation among both these origins. The malware, which's served through multitude URLs, in most instances, ended in the website lerihon.com, where lerihon means Jericho when translated in Romonian language, the researchers explain. Darkreading.com published this dated May 6, 2012.
Interestingly, Jericho resembles several other modern malicious programs that coexist with it. Thus, it displays the behaviors such as of being treacherous, persistent as well as the typical ability towards bypassing conventional signature-based types of infection identification.
What's more, the researchers at Palo Alto in describing Jericho the botnet state that it installs malware on popular software like browser applications, in particular on Firefox, while also attempts at infecting Internet Explorer, Opera and Chrome, as also the WinMail and Outlook e-mail clients. In addition, the botnet targets Java, Skype as well as Reader_sl.exe. The installed malicious software is also made to utilize the features of the target applications without the requirement of it for downloading networking libraries, since there are those the said applications already downloaded.
Indeed, the installed malware as well manages for automatically infecting the logging in process of Windows for being able to maintain its presence on the host computer even following a restart.
It seems the treacherous behavior of the malware combined with its craftiness for cashing in on popular applications along with its authors' quick-iteration process facilitated the botnet for bypassing most anti-virus agencies' detection. Palo Alto, which examined the 42 variants, found that the best anti-virus programs merely accomplished a 3.2% identification percentage simultaneously with the company's first identification of the malware.
Related article: PL/SQL Attack: New Way to Hack into Oracle
» SPAMfighter News - 12-05-2012