Botnet commands spread by Google Groups

By

Botnet herders appear to be testing new ways to communicate with their drone computers.

A trojan targeting Google Groups turns newsgroups into a means for distributing command-and-control information for botnets.

“The trojan [dubbed Trojan.Grups] in this case is fairly simple,” wrote Gavin Gorman, security researcher for Symantec, in a post Friday on a Symantec blog. “But when executed, it logs onto a specific Google account and requests a page from a private newsgroup, which contains encrypted commands for the malware to carry out.”
In the past, Twitter has been used to deliver commands, by which an account was being used as a command-and-control hub to issue instructions to infected computers. Tweets coming from the malicious accounts were encoded and looked like a random combination of letters and numbers. But the tweets were actually being used to issue new instructions to bots.

“This is the first time a newsgroup being used as a command-and-control conduit,” Gerry Egan, director of Symantec Security Response, told SCMagazineUS.com Friday. “It establishes a two-way communications pipe, using a legitimate infrastructure.”
Experts believe this is just a test -- research-and-development for malware writers to see if the idea is feasible.
“Based on analysis of the source code, Symantec believes this may be a prototype implementation, testing the feasibility of web-based newsgroups as command-and-control structures,” Gorman wrote. “Analysis also indicates that this trojan is seeking to remain discreet and undetected, being used to subtly gather information and potentially determine future attack targets.”
The reason that this sort of attack is attractive to cybercriminals could be the difficultly in identifying and shutting down such sources, Egan said.
“In a sense, it makes it harder to detect,” he said.
A Google spokesperson could not immediately be reached for comment.


See original article on scmagazineus.com


Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?