Trend Micro Uncovers Trojan Vernot in Fresh Version
Researchers from Trend Micro the security company report about one fresh version of Vernot a notorious Trojan, which they've analyzed and nicknamed BKDR_VERNOT.B.
The Vernot, notably, is a perfect example of how malware can bypass security detections by resorting to genuine software and services for carrying out their malevolent activities, describes Trend Micro.
Also, the researchers' study show that by utilizing an altered form of the identical ruse which BKDR_VERNOT.A applied using Trojan Evernote, the BKDR_VERNOT.B variant manages not to communicate with any sinister domain directly for using it like a central C&C (command-and-control) structure.
Rather it communicates with one blogging facility in Japan and steals data from it like system info and passwords, gets directions from a configuration file, and treats URLs from which it takes down and plants other malware.
Furthermore, with the command-and-control structure, which BKDR_VERNOT.B utilizes, really being one harmless text-based facility, a few anti-malware products may remain incapable of recognizing BKDR_VERNOT.B assaults.
Additionally, the investigators from Trend Micro report that BKDR_VERNOT.B hides itself by getting placed inside another program's memory process thus evading direct visibility.
It maybe mentioned that the Vernot group of Trojans exploits unique C&C server techniques, which's novel; however, the prominent assaults by BKDR_VERNOT.B continue to maintain the usual backdoor Trojan features.
Thus, once this malware receives instructions the blog A/C disburses, it'll likely run backdoor commands such as take down files, run them, rename them as well as extract zipped folders.
Besides, according to the security company, whenever the BKDR_VERNOT.B executes a backdoor command, the blog plan gets to add a string to itself. This method makes sure security software programs do not recognize the threat without difficulty, as the PC's communication with an authentic blogging environ doesn't look malicious.
Conclusively, utilizing websites, similar to the blogging service from Japan, yields network traffic which mayn't get recognized as malicious. Cyber-criminals have misappropriated lawful websites like Evernote, Sendspace and Google Docs for storing data as well as exchanging messages with far off servers. This indicates that well-known websites mayn't just be made targets, but used as means too for cyber-crime, indicates Trend Micro.
Related article: Trend Micro Warns of Flaw in its Anti-Virus
» SPAMfighter News - 01-05-2013