Posts Tagged ‘Trojan’

Cross Platform Trojan Then Steals Linux and Mac Passwords

Posted: August 28, 2012 in Cyber Crime, Hacking, linux, Mac
Tags: , , , , , , , , , , ,
0

Russian anti-virus company Doctor Web reported about the first cross-platform backdoor to run under Linux and Mac OS X identified as “BackDoor.Wirenet.1“. This malicious program designed to steals passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin.
BackDoor.Wirenet.1 is the first-ever Trojan that can simultaneously work on these operating systems. BackDoor.Wirenet.1 is still under investigation.
At launch BackDoor.Wirenet.1 creates a copy in the user’s home directory. To interact with the command server located at 212.7.208.65, the malware uses a special encryption algorithm Advanced Encryption Standard (AES). BackDoor.

Russian Botnet Hacker Arrested for Hacking Six Million Computers

Posted: June 26, 2012 in Anonymous, Cyber Crime, Geek Stuff, Hacking, In The News
Tags: , , , , , , , ,
0

Police have detained a 22-year-old hacker who created a system of networked computers that was used to steal more than 150 million rubles ($4.47 million) from people’s bank accounts and already one of the most wanted hacker in the world. But now, “Hermes” is, has been tapped over six million computers and earns around 5 million francs, was caught in Russia.

he network infected around six million computers with a Trojan virus, which helped get access to users’ bank accounts. About the Trojans secretly installed, he had arranged illegal money transfers, said the interior ministry in Moscow on Friday.

Police from Division K, the cybercrime branch of the Interior Ministry, searched the hacker’s place of residence, confiscating computers and arresting the suspect. The statement did not specify when the arrest was made.The botnet built by the hacker included around 6 million computers from regions that included Krasnodar, Samara, and Ivanovo, as well as from the cities of Moscow and St. Petersburg, where the majority of the infected computers were located.
The hacker faces a lengthy jail term if convicted on fraud charges.

Sabpab – Another Mac OS Backdoor Trojan Discovered

Posted: April 17, 2012 in Cyber Crime, Hacking, Mac
Tags: , , ,
0

Security firm Sophos has discovered more malware for the Mac OS X platform called Sabpab. It uses the same Java vulnerability as Flashback to install itself as a “drive-by download.” Users of older versions of Java now have still more malware to worry about.

It also doesn’t require any user interaction to infect a system either just like Flashback all that needs to happen is for you to visit an infected webpage. Sabpab, according to Sophos, installs a backdoor that allows the hackers to capture screen snapshots, upload or download files and execute commands on infected Macs remotely.

The Trojan creates the files

Encrypted logs are sent back to the control server, so the hackers can monitor activity. Although one variant of Flashback installed a file in the LaunchAgents folder, not all tools for detecting Flashback do anything with that folder.

Symantec identifies the trojan as OSX.Sabpab which exploits the Oracle Java SE Remote Java Runtime Environment Denial Of Service Vulnerability (BID 52161) in order to install itself on to the compromised computer.

Sophos products, including free Mac anti-virus for home users, detect the Trojan horse as OSX/Sabpab-A.

Trojan Written in Mystery Programming Language

Posted: March 9, 2012 in All Teched UP!, antivirus, Cyber Crime, Geek Stuff, In The News
Tags: , , , ,
0

The mystery of the Stuxnet-like ‘Duqu’ Trojan has deepened with the news that elements of its payload appear to have to have been written in an unidentifiable programming language.

An on-going analysis effort by Kaspersky Lab researchers has now uncovered much of the inner programming structure of the software, overwhelmingly written quite conventionally in C++.
However, delving inside the Payload.dll, the team discovered a section of the code dedicated to stealthy communication with the Trojan’s command and control servers that defied their analysis.
Dubbing it the ‘Duqu Framework’, the team has not been able to go much further than identifying it as an object-oriented language of considerable sophistication.
“The mysterious programming language is definitively NOT C++, Objective C, Java, Python, Ada, Lua and many other languages we have checked,” said Kaspersky Lab engineer, Igor Soumenkov.
Payload.dll looks to be a critical element of the program. According to Kaspersky, it is used to receive instructions from remote servers but also to relay stolen data, and can operate completely independently of the rest of the program. It was also important for spreading the Trojan to other Windows machines.

“Given the size of the Duqu project, it’s possible that an entirely different team was responsible for creating the Duqu Framework as opposed to the team that created the drivers and wrote the system infection exploits,” said Kaspersky’s chief security expert,  Alexander Gostev.

“With the extremely high level of customisation and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the C&Cs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.”

Discovered by Budapest University security researchers last September, Duqu’s provenance, intention and design matters because it has been plausibly connected to the infamous Stuxnet malware that many believe was created to disrupt vulnerable SCADA systems connected to Iran’s nuclear enrichment program.The connections between the two programs are contentious but eery, based on the two programs’ use of common elements. What is clear is that Duqu is sophisticated enough to be the work of a well-resourced and skilled team trying to cover its tracks.In that they have failed as they were always doomed to do. The more sophisticated a piece of software, the more unusual its programming design and structure is likely to be and the more this very expert-level complexity draws attention to itself, raising suspicions.Despite turning itself into the expert hub on the Trojan, Kaspersky has now appealed to programmers for help in identifying the programming language used to create the Duqu Framework.

Android Phone Apps Could Be Hiding Malware

Posted: November 10, 2011 in Android, antivirus, Cyber Crime
Tags: , , ,
0

Mobile phone apps downloaded from Android’s official store could contain malware that steals sensitive information and banking passwords, a report has claimed.

Anti-virus firm Kaspersky said that the number of attempts by hackers and malicious mobile phone programs to steal data from Android phones spiked by 34 per cent last month.

Once inside a handset, criminals need only seconds to drain entire bank accounts using stolen TAN codes (transaction authentication codes) sent by the banks to the phones for follow-up verification.

In October, Kaspersky records showed that for mobile threats, “Android leads the way” with 46.9 per cent of mobile threats by platform.

“An example of a malicious app distributed through the official store is Trojan-Spy.AndroidOS.Antammi.b,” said Kaspersky in a statement to Gulf News.

“Like traditional desktop malware, Antammi.b steals almost everything: contacts, texts, GPS coordinates and even photos. The activity log is then sent to the criminal behind the scam via a simple e-mail message, and the data is uploaded to a server.”

AVG Antivirus for Smartphones & Tablets automatically detects harmful Apps & SMS

AVG Mobilation is a free security solution that protects your phone from viruses, malware, spyware & online exploitation in real-time.

Download AVG for free today>HERE

Also you might want to consider the following:

Mac Trojan – RAT ‘BlackHole’ Now in Beta

Posted: February 27, 2011 in Cyber Crime, In The News, Mac
Tags: , , , ,
0

In a sign that hackers, like everyone else, are taking an interest in everything Apple, researchers at Sophos say they’ve spotted a new Trojan horse program written for the Mac.

It’s called the BlackHole RAT (the RAT part is for “remote access Trojan”) and it’s pretty easy to find online in hacking forums, according to Chet Wisniewski a researcher with antivirus vendor Sophos. There’s even a YouTube video demonstration of the program that shows you what it can do.

Sophos hasn’t seen the Trojan used in any online attacks — it’s more a bare-bones, proof-of-concept beta program right now — but the software is pretty easy to use, and if a criminal could find a way to get a Mac user to install it, or write attack code that would silently install it on the Mac, it would give him remote control of the hacked machine.

BlackHole is a variant of a Windows Trojan called darkComet, but it appears to have been written by a different developer. The darkComet source code is freely available, so it looks like BlackHole’s author simply took that code and tweaked it so it would run on the Mac, Wisniewski said.

Mac OS X has been gaining market share on Windows lately, and that’s starting to make it a more interesting platform for criminals. Wisniewski said that while Mac malware is still very rare, he has seen another Trojan, called HellRTS, circulating on file-sharing sites for pirated Mac software.

The version suggest that ‘BlackHole’ is currently in its early stage. However, the author seems to start showcasing the following functionalities:

  • Remote execution of shell commands.
  • Opens webpage using user’s default browser.
  • Sends a message which is displayed on the victims screen.
  • Creates a text file.
  • It is capable to perform shutdown, restart and sleep operation.
  • It is capable to request for admin privileges.