Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

FireEye Unravels Association between Backdoor.ADDNEW and Gh0st RAT

According to researchers at FireEye the security company, the notorious RAT (Remote Access Trojan) namely Gh0st is spreading infection together with Backdoor.ADDNEW a novel kind of backdoor Trojan which seizes passwords stored in Firefox while carries out Distributed Denial-of-Service assaults.

Gh0st that's basically used for online spying, targets Windows computers while having phone-home abilities for certain C&C (command-and-control) server. As the malware controllers maneuver Gh0st-contamianted systems remotely, they plant more malware that include surveillance-featured programs especially keyloggers. The attacks are mainly aimed at high-profile persons' computer systems within the government, finance and also the military.

ADDNEW, in the meantime, complements Gh0st, says Zheng Bu, Senior Director of Security Research at FireEye. He adds that both the malware programs exchange messages with the identical C&C Internet Protocol address (31.33.33.7) through various ports.

Also, the majority of Gh0st infections are linked with China-based command-and-control servers whereas the ADDNEW contaminations are associated with a France situated IP address. When Gh0st came into existence, China-based hackers were its chief users, says Bu. Further, according to Bu, when the developers of Gh0st published the remote access Trojan's source code for many versions, it became possible for attackers to use it by modifying wherever necessary.

The security researchers at FireEye who investigated Gh0st found that the computers that became contaminated with ADDNEW became contaminated with Gh0st as well in 7 days. Thereafter, the PCs utilized one trickiest keyword of Gh0st for communicating with the related C&Cs, elucidates Security Content Researcher Vinay Pidathala for FireEye. Darkreading.com published this dated November 6, 2012.

Here it needs mention that ADDNEW, alongside filching passwords as well as aiding in DDoS assaults, is importantly, derived from the DaRK DDoSer Russian malware that results in the backdoor's association with the alleged China related Gh0st even more intriguing.

Actually, a still continuing examination by FireEye of the command elements pertaining to ADDNEW indicates that several connecting elements exist within the binary relating to the DaRK DDoSer. It's therefore solely a matter of speculation whether there's a complementary relationship between Gh0st RAT and the DaRK DDoSer as well, remarks Pidathala. Infosecurity-magazine.com published this dated November 6, 2012.

Related article: Free Web Host Services: spammer’s bull’s eye

» SPAMfighter News - 13-11-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next