Google Groups trojan

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Google Groups trojan
Botnet Grups
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2009 / 2009-09-11
Editor/Conference Symantec
Link http://www.symantec.com/connect/blogs/google-groups-trojan (Archive copy)
Author Gavin O’Gorman
Type Blogpost

Abstract

Maintaining a reliable command and control (C&C) structure is a priority for back door Trojan writers. Recent developments have included the utilization of Web 2.0 social networking websites to deliver commands. By integrating C&C messages into valid communications, it becomes increasingly difficult to identify and shut down such sources. It's a concept very similar to that of chaffing and winnowing. Symantec has observed an interesting variation on this concept in the wild. A back door Trojan that we are calling Trojan.Grups has been using the Google Groups newsgroups to distribute commands. Trojan distribution via newsgroups is relatively common, but this is the first instance of newsgroup C&C usage that Symantec has detected.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2217,
   editor = {Symantec},
   author = {Gavin O’Gorman},
   title = {Google Groups trojan},
   date = {11},
   month = Sep,
   year = {2009},
   howpublished = {\url{http://www.symantec.com/connect/blogs/google-groups-trojan}},
 }