Sykipot Trojan now in Fresh Version, Says Alienvault

Researchers from Alienvault Labs the security company report one fresh incarnation of Sykipot a Trojan that steals information, often employed in assaults targeting defense contractors and agencies, and now used for launching novel ones against the aerospace sector as well as other industries.

Remarking about the new Trojan-laced spam campaign, Jaime Blasco, Manager at Alienvault Labs stated that his organization had spotted one fresh surge of Sykipot attacks, which had been going on in the last several weeks, with varied alterations observed in the new assaults vis-à-vis the previous campaigns. Techcentral.ie published this on July 6, 2012.

Referring to the newly detected Sykipot attacks, Blasco also stated that evidences suggested their source as China albeit it remained short of confirmation with cent percent surety.

The said Sykipot version is reportedly disseminating through electronic mails having web-links that take onto malevolent sites executing drive-by download assaults aimed at the e-mail recipients. The assaults utilize attack codes that abuse recently revealed software vulnerabilities, particularly the MSXML (Microsoft Windows XML Core Services) security flaw first revealed during June 2012.

CTO Ram Pemmaraju of New Jersey-situated Strikeforce Technologies specialist in developing mobile security, keystroke encryption and authentication products explains that Sykipot is capable of inserting itself into Outlook, Web-browsers along with various computer processes. Crn.com published this dated June 6, 2012.

Pemmaraju continues that the Trojan works like a keylogger while hunts smart card details, in particular, in order to help seize the PIN as also obtain unauthorized admission into data on computers. Normally, it bypasses security detection while receives and executes commands from its command-and-control systems for pulling down additional malware alternatively installing encrypted files. Unlike standard encryption, Sykipot is more familiarly known to utilize custom encryption, the CTO adds.

Meanwhile, Trojan Sykipot has been known to associate with attacks vis-à-vis defense industry and government agencies earlier too. For e.g. during January 2012, security investigators at Alienvault discovered a Sykipot sample, which was designed for capturing credentials from computers running software for ActivClient smart-card belonging to ActivIdentity. The software is reportedly associated with Common Access Card a smart card that the United States Department-of-Defense utilizes.

» SPAMfighter News - 7/17/2012