New Malicious Methods Keep Malware Communicating with C&C Server

Online-criminals are devising fresh methods whereby they're creating a communication system between their malicious software and remote C&C (command-and-control) servers, warn researchers from Symantec a security company. In this context, the researchers discovered that the crooks were beginning to apply the SPF (Sender Policy Framework) for keeping the malware solidly connected with the said servers.

SPF, evidently, is one authentication system through e-mail that lets administrators to stop junk electronic mails from entering inboxes. This system is related to Domain Name System queries and replies. Thus, when any DNS server utilized for dispatching the e-mail employs SPF at that time the reply from the DNS carries one SPF validation which's exclusive for every genuine website.

Explaining the problem further, Takashi Katsuki, Security Researcher at Symantec said that for the creators of malicious software, a DNS query could help them obtain IP addresses alternatively domains within SPF, while the particular DNS query needn't necessarily get asked from any PC straight away. Normally, there was the use of an area specific DNS server to work like one DNS repository server. This repository server could dispatch one query rather than the PC, Katsuki said. Softpedia.com published this dated January 26, 2013.

Moreover, Symantec detected that the malware was Trojan.Spachanel and that after contaminating any PC it issued a DNS query through one domain produced with the Top Level Domain: .net else .com. The query formerly got dispatched to the area specific DNS server and subsequently got dispatched to the cyber crook's server. The latter subsequently sent back a reply having the SPF validation which carried malevolent IP addresses else domains. Thereafter it automatically got inserted inside the user's browser while watched over the Internet traffic so as for injecting one JavaScript while the malevolent IP address and domain were injected inside an HTML code already planted. Eventually, the JavaScript planted whole malevolent material.

Notably, the HTML-code produced 'malvertisements' so the attackers earned revenue via getting the victims to click on them.

Ultimately, for keeping users' computers free from the Spachanel Trojan, all updated software patches must be deployed while AV solutions maintained up-to-date, wraps up Symantec.

Related article: New Spam Mail Charges For IPod

» SPAMfighter News - 1/31/2013