FireEye Spots Fresh Backdoor Targeting Corporate Networks

Researchers from FireEye a security company caution of one fresh backdoor Trojan they have spotted which attacks computers and steals confidential corporate data.

The backdoor, which is named VinSelf, contains 3 components: monitory software that maintains the installation of subsidiary components on the infected computer with the help of an extremely malicious rootkit, a Dynamic Link Library (DLL) file that takes care of the key working of the backdoor, and a subsidiary .exe file that inserts the DLL file inside iexplore.exe i.e. the Internet Explorer process.

The Trojan, reportedly, sustains its custom disguised element by utilizing HTTP. It eludes IDS/IPS (Intrusion detection system and Intrusion prevention system) by generating the URLs at random that are extremely vibrant vis-à-vis the current period.

Moreover, this backdoor encrypts data that contains a Graphic Interchange Format (GIF) caption just like in the case of Pirpi, the Internet Explorer 0-day backdoor.

Emphasizes FireEye, VinSelf lets hackers to issue instructions to the contaminated PC along with downloading files and loading programs onto it.

Clearly, this malicious program has been created to carry out its activities while remaining invisible to firewalls as it primarily targets corporate networks.

Furthermore, the backdoor bears strange hibernation ability. After hunting for winfont.cpl, a file inside the system32 directory, it waits to become active till the date as mentioned inside.

Remarking about the malware, Security Research Engineer Atif Mushtaq at FireEye writes in a blog post that as fresh and strong backdoors emerge that are utilized within targeted assaults it becomes evident that modern malicious programs aren't just employed for pushing spam or stealing end-users' payment card details, but they help in many other purposes as well. Fireeye.com published this on November 23, 2010.

The engineer cautions that there are several crime syndicates a few of which may have political affiliations that seek things beyond material benefits. These groups create targeted malware designed for infiltrating sensitive data-holding computers, while the gangs wait for the opportunity when they can seize intellectual property and/or secret documents. Instances such as VinSelf suggest that here too it isn't individual desktops that are the key points of attack, Mushtaq analyzes.

Related article: Free Web Host Services: spammer’s bull’s eye

» SPAMfighter News - 12/4/2010