Results 1 to 1 of 1
Hybrid View
-
29th Jun 2014, 01:28 PM #1
Dropbox Used by Trojan to Update Command and Control Settings
A variant of the PlugX RAT (remote access tool) has been discovered to use a Dropbox account to update the settings for the command and control server.
Researchers at Trend Micro found that the new variant of the malware targets a government agency in Taiwan and that it contains some modifications compared to previous known versions.
The investigation revealed that the fresh sample comes with a changed header, most likely in order to prevent forensic analysis. It also has an authentication code from the attacker.
One particularity of the newly found Trojan is that it comes with a trigger date to start its activity. One reason for this could be to avoid being detected by the user immediately after the system has been infected.
According to Trend Micro, there are five command and control servers (C&C) the malware can contact. Further investigation revealed that one of them is related to Krypt Technologies, while another appears to be owned by a certain Zhou Pizhong.
In the case of another address, the registration details were protected and no information could be found.
By checking with Dropbox to update the settings for the command and control server, the intruders made sure that malicious network traffic was not easily detected, since the domain was a legitimate one.
The security company says that after the communication with the remote server has been established, “threat actors then move laterally into the network with the aid of malicious and legitimate tools to avoid being traced and detected.”
The capabilities of the malware include key-logging, port mapping and remote shell command execution.
They appeal to utilities for password recovery or remote administration, as well as network tools and Htran, which is designed to cloak the IP address of the attacker by bouncing the TCP traffic to different countries.
This is a technique that ensures persistence in the network, since tracing the source of the IP is not an easy task and takes some time to complete.
The use of legitimate cloud storage services is not a new practice for cybercriminals, but Trend Micro says that this is the first case they’ve seen in which such service was employed for updating the settings for the C&C server.
Normally, the abuse would occur by using the platform which stores the malware to be delivered to the targeted victim.
The company also says that the common ground in the PlugX RAT variants allows mitigation of the risks regarding sensitive information. “The publicly available information on indicators of compromise can determine if an enterprise is being hit by targeted attacks. This may be incorporated in their security solutions, thus, breaking the attack cycle and possible data exfiltration from the target enterprise or large organization,” writes Maersk Menrige in Trend Micro's blog post.Kepler Reviewed by Kepler on . Dropbox Used by Trojan to Update Command and Control Settings http://i1-news.softpedia-static.com/images/news-700/Dropbox-Used-by-Trojan-to-Update-Command-and-Control-Settings.jpg A variant of the PlugX RAT (remote access tool) has been discovered to use a Dropbox account to update the settings for the command and control server. Researchers at Trend Micro found that the new variant of the malware targets a government agency in Taiwan and that it contains some modifications compared to previous known versions. The investigation Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
10 Ways Network Marketers Can Use Resell Right Products to Generate Leads and Sales Online
By GarryField in forum Webmasters, Money MakingReplies: 0Last Post: 25th Feb 2014, 12:01 PM -
Malware increasingly uses DNS as command and control channel to avoid detection, expe
By cyber-cliff in forum News & Current EventsReplies: 1Last Post: 29th Feb 2012, 12:46 PM -
What is the Best Way to Use Zpag.es to Make Money? what allowed and what Not ??
By myincome2020 in forum Webmasters, Money MakingReplies: 2Last Post: 6th Jul 2011, 06:49 PM -
Ubisoft Caught Using a Crack to Fix Rainbow Six Vegas 2 After Patch Failed
By DJ Norix in forum News & Current EventsReplies: 7Last Post: 13th Oct 2009, 05:03 PM -
Xbox to intergrate Twitter and facebook.
By Luke in forum General DiscussionReplies: 3Last Post: 16th Jun 2009, 10:13 PM
themaLeecher - leech and manage...
Version 4.94 released. Open older version (or...