Difference between revisions of "Google Groups trojan"
(Created page with "{{Publication |Botnet=Grups, |Editor=Symantec |Link=http://www.symantec.com/connect/blogs/google-groups-trojan |Author=Gavin O’Gorman, |Type=Blogpost |Abstract=Maintaining a...") |
|||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Botnet=Grups, | |Botnet=Grups, | ||
|Year=2009 | |||
|Date=2009-09-11 | |||
|Editor=Symantec | |Editor=Symantec | ||
|Link=http://www.symantec.com/connect/blogs/google-groups-trojan | |Link=http://www.symantec.com/connect/blogs/google-groups-trojan |
Latest revision as of 14:42, 3 August 2015
(Publication) Google search: [1]
Google Groups trojan | |
---|---|
Botnet | Grups |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2009 / 2009-09-11 |
Editor/Conference | Symantec |
Link | http://www.symantec.com/connect/blogs/google-groups-trojan (Archive copy) |
Author | Gavin O’Gorman |
Type | Blogpost |
Abstract
“ Maintaining a reliable command and control (C&C) structure is a priority for back door Trojan writers. Recent developments have included the utilization of Web 2.0 social networking websites to deliver commands. By integrating C&C messages into valid communications, it becomes increasingly difficult to identify and shut down such sources. It's a concept very similar to that of chaffing and winnowing. Symantec has observed an interesting variation on this concept in the wild. A back door Trojan that we are calling Trojan.Grups has been using the Google Groups newsgroups to distribute commands. Trojan distribution via newsgroups is relatively common, but this is the first instance of newsgroup C&C usage that Symantec has detected.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2217, editor = {Symantec}, author = {Gavin O’Gorman}, title = {Google Groups trojan}, date = {11}, month = Sep, year = {2009}, howpublished = {\url{http://www.symantec.com/connect/blogs/google-groups-trojan}}, }