MMPC Says that a New Computer Trojan Targets SAP Software

The Microsoft malware Protection Center (MMPC) is warning companies about a new malware strain dubbed TrojanSpy:Win32/Gamker.A which is targeting SAP software.

Notably, SAP with it's headquarter in Germany develops enterprise software apps to track and manage business operations.

Gamker is amused to be the first ever-malware stain created by crooks targeting SAP but may not be the last.

Part of Gamker code resembles Carberp's code, the financial malicious software, source code of that was revealed earlier in 2013, together with the 'remote control code', explained, Geoff McDonald, a Researcher at MMPC, as per news published by Infosecurity-magazine.com on 26th November, 2013.

McDonald said that this VNC (virtual network computing) code usage highlights that Gamker possess the potentiality to control a tainted machine remotely. The attacker can initiate a VNC session to seize any extra details to hijack the SAP server and can also hit the SAP server straight from the contaminated machine.

Gamker contains a keylogging component which registers all 'keystrokes' entered into any app operating on a tarnished computer and this component has the ability to capture all login details including 'usernames' and 'passwords' that includes those entered in SAP patron apps.

The malware has a detailed list of explicit applications for that it also maintains command line parameters and captures screenshots of their activity windows.

McDonald added that this is a particular attack on SAP itself and not merely a harmless data collecting operation to establish the installation of SAP. The crooks are using execution of SAP component 'saplogon.exe' to activate footage of the disagreements of command line passed into it together with ten screenshots to the 'C7C server', published by blogs.technet.com on 20th November, 2013.

MMPC says that the fact that this Trojan is hitting businesses instead of individual Internauts is a disturbing move.

MMPC advised in its concluding statement that to minimize the harm on their 'SAP' machines by possible attacks, firms must grant users the minimal access privilege levels essential to complete their works, must implement 2FA (two-factor authentication), scan their systems with anti-malware software and network intrusion detection systems, grant training to their workers to shun malware pollution and keep updating software running currently on their workstation machines.

» SPAMfighter News - 12/5/2013