Language Selection

English French German Italian Portuguese Spanish

Triple-Barreled Trojan Attack Builds Botnets

Filed under
Security

Anti-virus researchers are sounding the alert for a massive, well-coordinated hacker attack using three different Trojans to hijack PCs and create botnets-for-hire.

The three-pronged attack is being described as "unprecedented" because of the way the Trojans communicate with each other to infect a machine, disable anti-virus software and leave a back door open for future malicious use.

"This is so slick, it's scary," said Roger Thompson, director of malicious content research at Computer Associates International Inc. "It clearly points to a very well-organized group either replenishing existing botnets or creating new ones."

According to Thompson, the wave of attacks start with Win32.Glieder.AK, dubbed Glieder, a Trojan that downloads and executes arbitrary files from a long, hardcoded list of URLs.

Glieder's job is to sneak past anti-virus protection before definition signatures could be created and "seed" the infected machine for future use. At least eight variants of Glieder were unleashed on one day, wreaking havoc across the Internet.

On Windows 2000 and Windows XP machines, Glieder.AK attempts to stop and disable the Internet Connection Firewall and the Security Center service, which was introduced with Windows XP Service Pack 2.

The Trojan then quickly attempts to connect to a list of URLs to download Win32.Fantibag.A (Fantibag) to spawn the second wave of attacks.

With Fantibag on the compromised machine, Thompson said the attackers can ensure that anti-virus and other protection software is shut off. Fantibag exploits networking features to block the infected machine from communicating with anti-virus vendors. The Trojan even blocks access to Microsoft's Windows Update, meaning that victims cannot get help.

Once the shields are down, a third Trojan called Win32.Mitglieder.CT, or Mitglieder, puts the hijacked machine under the complete control of the attacker.

Once the three Trojans are installed, the infected computer becomes part of a botnet and can be used in spam runs, distributed denial-of-service attacks or to log keystrokes and steal sensitive personal information.

A botnet is a collection of compromised machines controlled remotely via IRC (Inter Relay Chat) channels.

According to CA's Thompson, the success of the three-pronged attack could signal the end of signature-based virus protection if Trojans immediately disable all means of protection.

"These guys have worked out that they bypass past signature scanners if they tweak their code and then release it quickly. The idea is to hit hard and spread fast, disarm victims and then exploit them," Thompson said in an interview with Ziff Davis Internet News.

He said he thinks the attack, which used virus code from the Bagle family, is the work of a very small group of organized criminals. "There's no doubt in my mind we are dealing with organized crime. The target is to build a botnet or to add to existing ones. Once the botnets reach a certain mass, they are rented out for malicious use."

Full Story.

More in Tux Machines

European Unified Patent Court goes Open Source

Using Private Cloud and Drupal as a starting point together with small expert partners and agile management the new platform for the European UPC has been shaped to the exact requirements and quickly adapted while more needs surfaced. The only ready to use Open Source tool used has been Zarafa Collaboration Platform which integrated with the Case Management System will provide secure email, instant messaging, file sharing and video conferencing to the platform's users. The result is that, thanks to Open Source based platform and by working with SMEs, the UK IPO team has been able to deliver to the Unified Patent Court team the project earlier than planned and under budget. Read more

Linux Foundation: Open Source Programming and DevOps Jobs Plentiful

Open source can help you make money, especially if you have skills in programming or DevOps, which is emerging as one of the hottest areas of interest for hiring managers seeking open source admins and developers. That's according to the latest Open Source Jobs Report from the Linux Foundation, which is out this week. Read more Also: The 2016 Open Source Jobs Report: Companies Hungry for Professional Open Source Talent

Basho Open Sources Some Bits

Leftovers: Ubuntu

  • The Simply Ubuntu Desktop
    Over on Flickr, fosco_ submitted this simple Ubuntu desktop, with just a few things tweaked for a cleaner experience. Like we’ve said, sometimes less is more, and this desktop makes good use of a few widgets to make a great UI even better.
  • HP Linux Imaging and Printing 3.16.5 Supports Ubuntu 16.04 LTS and Debian 8.4
    The team of developers behind the HPLIP (short for HP Linux Imaging and Printing) project, announced a few moments ago the availability of the fifth maintenance build in the 3.16 stable series of the software. For those of you who are not in the loop, HP Linux Imaging and Printing is an open-source initiative to bring the latest HP (Hewlett-Packard) printer drivers to GNU/Linux operating systems. The software has a pretty active development team working behind it, releasing maintenance builds at least once a month.
  • Convergence delayed: Unity 8 won’t be the default desktop in Ubuntu 16.10
    Canonical’s vision of convergence—a single, highly adaptive environment that spans mobile and desktop uses—has been delayed yet again. The Unity 8 desktop and Mir display server, which are key to that vision, won’t be used by default in Ubuntu 16.10, according to discussion in the Ubuntu Online Summit.
  • Questions and answers: Ubuntu bq tablet
    After Jack Wallen's recent review of the bq Aquaris M10 tablet, he was hit with a number of questions about the tablet. Jack addresses some of those questions to help you decide if the Ubuntu tablet is a worthy investment.