Backdoor uses Evernote as command and control server
Revision as of 12:30, 3 August 2015 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
| Backdoor uses Evernote as command and control server | |
|---|---|
| Botnet | Vernot |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-03-27 |
| Editor/Conference | Trend Micro |
| Link | http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/ (Archive copy) |
| Author | Nikko Tamaña |
| Type | Blogpost |
Abstract
“ With its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks.
We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, the malware attempts to connect to Evernote using https://evernote.com/intl/zh-cn as its referrer, perhaps to make it look like a malicious user.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR2206,
editor = {Trend Micro},
author = {Nikko Tamaña},
title = {Backdoor uses Evernote as command and control server},
date = {27},
month = Mar,
year = {2013},
howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/}},
}