Trend Micro Detected New Bifrose Backdoor

Security researchers of security firm Trend Micro recently said that Bifrose version used communication with the command and control (C&C) server via Tor (The Onion Router) and IT administrators leveraged this to detect cyber invasion.

Tor (The Onion Router) is a network of systems particularly crafted out to anonymize communication among two parties by hiding their position and to fight suppression and to guard the privacy of the Internauts.

Researchers of Trend Micro investigated an assault against an unnamed manufacturer of device and discovered a build of malware Bifrose using this network (referring to TOR) to get orders from its operator.

Bifrose, also nicknamed as Bifrost, is mainly known for its capabilities as regards keylogging but build, which was discovered by researchers, can put together many functions like for instance: uploading and downloading of information, deleting and creating folders, renaming files, executing command lines and polarizing application windows via keyboard and also through mouse events. It can also terminate a process and confine webcam image and screenshot to get display resolution.

Researchers of Trend Micro think that IT administrators would find it difficult to trace this malware.

Security experts of Trend Micro said that IT administrators may check the existence of a variant of BIFROSE in the network and one easiest method to check its presence is to trace the file klog.dat in systems, which is related to keylogging routines.

Abnormal activities seen in network and mail logs are some other indicators that highlight the presence of the malware. Trend Micro stresses that activities of the network like logins and electronic mails during "abnormal" times should be checked out.

IT admins can conclude upon the presence of an attack with the help of a solution equipped to identify malicious activity. For example, as this edition of Bifrose uses Tor network to communicate with its command and control server, it can intercept Tor activity in a network which will help in identifying potential attacks and others in the network.

Security firm concludes that to identify such atrocious malware and to keep one's computer safe from such malicious attacks it is good to install premium quality anti-malware software on one's system.

» SPAMfighter News - 9/8/2014