Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Trend Micro Discovers New Variant of PlugX RAT Leveraging Dropbox

Security researchers of security firm Trend Micro analyzed a targeted attack against a government agency in Taiwan and found a variant of the infamous PlugX remote access tool (RAT) which abuses the popular file hosting service Dropbox.

According to the security firm, the RAT downloads its command and control (C&C) settings from Dropbox to avoid raising any suspicion by concealing malicious traffic. Security systems might not flag communications with the website as a potential threat because Dropbox is often used by organizations to store files for legitimate purposes.

The security company notified Dropbox about the incident but experts emphasize that the attackers are not exploiting any vulnerabilities in the service. Securityweek.com published news on 27th June, 2014 stating that although it is common for cybercriminals to abuse legitimate file sharing services, this is the first time that Dropbox has been used to store C&C settings as part of a targeted attack.

Trend Micro analyzed the samples and identified them as BKDR_PLUGX.ZTBF-A and TROJ_PLUGX.ZTBF-A.

When execution of BKDR_PLUGX.ZTBF-A takes place, it performs numerous commands from a remote user, including keystroke logging, port mapping, and remote shelling together with many others. Generally remote shell empowers cybercriminals to run any command on the tainted system to compromise its security.

This backdoor also connects to a certain URL for its C&C settings.

Trend Micro also observed that this malware has a trigger date of May 5, 2014, meaning that it got activated on that date. Perhaps, this has been done to shun users from suspecting any malevolent activities on their PCs, immediately.

Therefore, this is a type II PlugX variant with new features and modifications from its version 1.

The company also says that the common ground in the PlugX RAT variants reduces the risks regarding sensitive information. Softpedia.com published news on 27th June, 2014 quoting a write-up of Maersk Menrige, Threat Analyst of Trend Micro as: "The information available publicly on indicators of compromise can determine if an enterprise is being hit by targeted attacks. This may be included in their security solutions to break the attack cycle and exfiltrate possible data from the target enterprise or large organization.

ยป SPAMfighter News - 7/8/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page