Backdoor uses Evernote as command and control server
Jump to navigation
Jump to search
(Publication) Google search: [1]
Backdoor uses Evernote as command and control server | |
---|---|
Botnet | Vernot |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-03-27 |
Editor/Conference | Trend Micro |
Link | http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/ (Archive copy) |
Author | Nikko Tamaña |
Type | Blogpost |
Abstract
“ With its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks.
We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, the malware attempts to connect to Evernote using https://evernote.com/intl/zh-cn as its referrer, perhaps to make it look like a malicious user.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR2206, editor = {Trend Micro}, author = {Nikko Tamaña}, title = {Backdoor uses Evernote as command and control server}, date = {27}, month = Mar, year = {2013}, howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/}}, }