Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Dell: Cybercriminals Deploy ‘Upatre’ Downloader in an Attempt to Distribute ‘Gameover’ Trojan

Security researchers of Dell's SecureWorks Counter Threat Unit (CTU) have been securitizing the actions of a group of cybercriminals that depend on the P2P (peer-to-peer)variant of the infamous Zbot or Zeus Trojan also referred to as Gameover. They found that besides the Pony Loader, the cybercriminals have also been employing the 'Upatre' downloader to dispense the malware.

The Upatre downloader, as accords to Dell researchers, has a tiny file size and is awfully simple, employing its functionality completely in a single function. It (Upatre) downloads and implements a file from a hard coded URL above an encrypted SSL (secure sockets layer) connection from a hijacked web-server and later departs, as published by scmagazine.com.au on October 8, 2013.

The handlers of Gameover-Zeus botnet dispense both 'Pony Loader' and 'Upatre' downloader via spam mails sent through Cutwail botnet. Many allures have employed social engineering tactics by mimicking financial organizations and government-based agencies to dupe a victim into executing the malicious software. The spam mails carry an implanted malware as a ZIP attachment and user's execution is required to infect the system.

Once executed, it (Upatre) duplicates its own self to a short-term directory together with a hard coded filename and executes the transitory copy and ceases the present process. It erases the original executable file and joins to a hard coded URL in order to download the malicious payload. It notes down the payload to a disk by employing a hardcoded name in the short-termed directory and executes the malware payload and then exits.

Interestingly, the authors of malware mainly used SSL encryption to delay net base signature detection system.

"The Gameover Zeus operators on a regular basis update their TTP or tactics, techniques, and procedures. Their most recent move appears to obscure signature based net detection for their malware downloaders by employing hijacked web sites and SSL," experts from Dell's CTU noted, as reported by softpedia.com on October 8, 2013.

The CTU researchers' advice businesses to remain alert and to install a defense-in-depth strategy which includes educating staff on phishing tactics by miscreants and to block executable file types to detect the incoming malicious emails. They also recommend keeping updating antivirus operating system.

» SPAMfighter News - 21-10-2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page