Backdoor uses Evernote as command and control server

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Backdoor uses Evernote as command and control server
Botnet Vernot
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-03-27
Editor/Conference Trend Micro
Link http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/ (Archive copy)
Author Nikko Tamaña
Type Blogpost

Abstract

With its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks.

We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, the malware attempts to connect to Evernote using https://evernote.com/intl/zh-cn as its referrer, perhaps to make it look like a malicious user.

Bibtex

 @misc{Tamaña2013BFR2206,
   editor = {Trend Micro},
   author = {Nikko Tamaña},
   title = {Backdoor uses Evernote as command and control server},
   date = {27},
   month = Mar,
   year = {2013},
   howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/}},
 }