Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Fresh Chinese Trojan Disseminating through Duped Routers; Kindsight

Investigators from Kindsight a security company report discovering one fresh Trojan, which originating from China, poses as a router so it can seize Web traffic as well as disseminate itself across a given network.

Warp, name of the Trojan, does not function like the common SpyEye or ZeuS info-stealing Trojans, while it seemingly proliferates chiefly within China, with its controllers too located inside China.

Chief Security Researcher John Morris at Kindsight Security Labs who visited one lawful, trustworthy website uncovered the assault when his attention was drawn to the site's improper resolution. Morris leveraged a Hyper Text Markup Language (HTML) script that was transmitted onto his Web-browser and detected one dubious iFrame. However, according to him, the malevolent HTML insertion did not occur from any remote Web-server rather it was a separate computer, which made to work like a man-in-the-middle system, belonged to certain subsidiary network of the security company's laboratory. Darkreading.com published this in news on July 12, 2012.

A fascinating aspect of the Warp malware is that it contaminates PCs running Windows operating system that are vulnerable due to flawed Java and/or Adobe software. However, the Trojan is unique in the way it spreads such as utilizing an unusual man-in-the-middle assault, which dispatches an unwanted Address Resolution Protocol (ARP) query to the said subsidiary network's router, so the network gets duped into drawing other networked computers' traffic towards the actual contaminated PC.

Morris elaborates that the Trojan utilizes ARP, while it lies to the original network router about the infected PC being all that's of the network's total PCs. Incompassit.com published this in news dated July11, 2012.

Elsewhere Morris additionally stated that to find out if it was hazardless for deceiving routers into accepting the fake ARP queries, his team's experiment at Kindsight's laboratory indicated that plentiful routers rather than discard accepted an uninvited ARP. Networkworld.com published this in news dated July 10, 2012.

Essentially according to Morris, overall, Trojan Warp is not a bot released to filch intellectual property or financial information; however, it can potentially be utilized for installing more malware onto the PC(s) it infects.

Related article: Force 9 and TalkTalk Are the Highest Spam-Delivering ISPs

» SPAMfighter News - 21-07-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next