Trojan moves its configuration to Twitter, LinkedIn, MSDN and Baidu
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Trojan moves its configuration to Twitter, LinkedIn, MSDN and Baidu | |
|---|---|
| |
| Botnet | |
| Malware | Sogu, Thoper, TVT, Destory Rat |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 26 mars 2012 |
| Editor/Conference | Norman |
| Link | http://blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu blogs.norman.com (blogs.norman.com Archive copy) |
| Author | Snorre Fagerland |
| Type | |
Abstract
“ Sogu (alias Thoper, TVT, Destory Rat etc) is a large remote access trojan that has been used in a number of intrusions and targeted attacks. One of these was the large scale intrusion into servers owned by SK Communications in South Korea July 2011, where personal information of up to 35 million users (!) of the CyWorld and Nateon services were compromized.
The Command&Control servers, through which Sogu communicates with its masters, are typically defined in an encoded configuration block near the end of the trojan.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR968,
editor = {Norman},
author = {Snorre Fagerland},
title = {Trojan moves its configuration to Twitter, LinkedIn, MSDN and Baidu},
date = {27},
month = Mar,
year = {2012},
howpublished = {\url{http://blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu blogs.norman.com}},
}