Evernote used for Supporting Trojan Stealing Data; Trend Micro
At Trend Micro, Nikko Tamana a Threat Response Engineer has said that certain cyber-criminal gang is using Evernote, a widely used data-sharing service as well as cloud-related notes-recording application, to create an environment for activities by a particular info-capturing Trojan, thus published threatpost.com in news on March 28, 2013.
The security company Trend Micro identified and dubbed the malware "BKDR_VERNOT.A" which the company's researchers noticed trying to link up with an active Evernote URL being provided on 'hxxps://evernote[.]com/intl/zh-cn.' There was one executable inside the payload which reportedly installed one .DLL file carrying out backdoor activities.
When loaded, this backdoor would download, run as well as change filenames. It would as well garner system info particularly those related to its host computer's OS, user as well as PC name, time-zone, organization, and registered owner.
However, the fascinating aspect of BKDR_VERNOT.A is that it regains the central command-and-control system, which controls it, to receive commands pertaining to the notes stored inside the Evernote account. Vernot.A sometimes utilizes the Evernote A/C for delivering its stolen data.
Luckily for consumers, the backdoor failed to gain access utilizing the credentials implanted inside it. This may be certain security mechanism Evernote created, after a recent hacking incident that understandably happened during the 1st-week of March 2013.
Investigators at Trend Micro explain that the game being one of stealth, misappropriation of genuine software like Evernote quite ideally helps to conceal con artists' traces as also block security agencies' efforts towards aborting the miscreants' operations. Moreover, since BKDR_VERNOT.A produces authentic e-traffic, the majority of anti-malware solutions likely can't spot the malware's activity. This not only adversely impacts common Internauts, however, impacts organizations' workforce too who maybe utilizing Evernote, the investigators indicate. Help Net Security published this in news on March 28, 2013.
Furthermore, although the use of Evernote for eschewing detection is a highly cunning strategy, the method within the background of legitimate software isn't uncommon. There are other well-known genuine Internet applications with which malicious programs have been made for reaching their C&C servers, such as Twitter, Sendspace, Google Docs, and so on, highlight specialists at Trend Micro.
Related article: Everyone is Supposed to be Infected in Banks, Advised by ENISA
» SPAMfighter News - 03-04-2013