Language Selection

English French German Italian Portuguese Spanish

Triple-Barreled Trojan Attack Builds Botnets

Filed under
Security

Anti-virus researchers are sounding the alert for a massive, well-coordinated hacker attack using three different Trojans to hijack PCs and create botnets-for-hire.

The three-pronged attack is being described as "unprecedented" because of the way the Trojans communicate with each other to infect a machine, disable anti-virus software and leave a back door open for future malicious use.

"This is so slick, it's scary," said Roger Thompson, director of malicious content research at Computer Associates International Inc. "It clearly points to a very well-organized group either replenishing existing botnets or creating new ones."

According to Thompson, the wave of attacks start with Win32.Glieder.AK, dubbed Glieder, a Trojan that downloads and executes arbitrary files from a long, hardcoded list of URLs.

Glieder's job is to sneak past anti-virus protection before definition signatures could be created and "seed" the infected machine for future use. At least eight variants of Glieder were unleashed on one day, wreaking havoc across the Internet.

On Windows 2000 and Windows XP machines, Glieder.AK attempts to stop and disable the Internet Connection Firewall and the Security Center service, which was introduced with Windows XP Service Pack 2.

The Trojan then quickly attempts to connect to a list of URLs to download Win32.Fantibag.A (Fantibag) to spawn the second wave of attacks.

With Fantibag on the compromised machine, Thompson said the attackers can ensure that anti-virus and other protection software is shut off. Fantibag exploits networking features to block the infected machine from communicating with anti-virus vendors. The Trojan even blocks access to Microsoft's Windows Update, meaning that victims cannot get help.

Once the shields are down, a third Trojan called Win32.Mitglieder.CT, or Mitglieder, puts the hijacked machine under the complete control of the attacker.

Once the three Trojans are installed, the infected computer becomes part of a botnet and can be used in spam runs, distributed denial-of-service attacks or to log keystrokes and steal sensitive personal information.

A botnet is a collection of compromised machines controlled remotely via IRC (Inter Relay Chat) channels.

According to CA's Thompson, the success of the three-pronged attack could signal the end of signature-based virus protection if Trojans immediately disable all means of protection.

"These guys have worked out that they bypass past signature scanners if they tweak their code and then release it quickly. The idea is to hit hard and spread fast, disarm victims and then exploit them," Thompson said in an interview with Ziff Davis Internet News.

He said he thinks the attack, which used virus code from the Bagle family, is the work of a very small group of organized criminals. "There's no doubt in my mind we are dealing with organized crime. The target is to build a botnet or to add to existing ones. Once the botnets reach a certain mass, they are rented out for malicious use."

Full Story.

More in Tux Machines

Security Leftovers

GNU News

Leftovers: OSS

  • Mozilla Firefox 47.0.1 Is Now Available in the Arch Linux and Solus Repos
    Mozilla quietly delivered the first point release of the Mozilla Firefox 47.0 web browser to users of Microsoft Windows and Mac OS X operating systems on the day of June 28, 2016. However, because the built-in updater of the Mozilla Firefox web browser doesn't work on GNU/Linux distributions, users have to wait for the latest version of the software to be first pushed by the maintainers of their operating systems on the main repositories before they can upgrade.
  • Questions loom about the future of open source at VA
    The CIO for the Department of Veterans' Affairs sought to reassure stakeholders that the agency was committed to open source in the future, but with Congress pressuring the agency to give up the homegrown health record system VistA, the open source community is a bit perplexed.
  • Watch out for job offers from Google after this open source course
    Over five lakh polytechnic students from 500 colleges across Tamil Nadu would begin training on open source software from Friday, learning more about the nitty-gritties of ‘free’ software under a programme run by the Indian Institute of Technology – Bombay along with the Tamil Nadu government.
  • Bombay Stock Exchange: Open source is a mindset
    Open source is still gaining momentum in the industry worldwide. Despite naysayers, open-source software and hardware are making believers out of a broad array of users. In the case of Bombay Stock Exchange, LTD (BSE), the transition has been cost efficient, as well as has improved order processing power. By switching from proprietary hardware to open source, Kersi Tavadia, CIO of BSE, reported going from being able to process 10 million orders a day to 400 million. Even with the increase, the new open-source hardware is only using 10 percent capacity.
  • GitHub releases data on 2.8 million open source repositories through Google BigQuery
    GitHub today announced that it’s releasing activity data for 2.8 million open source code repositories and making it available for people to analyze with the Google BigQuery cloud-based data warehousing tool. The data set is free to explore. (With BigQuery you get to process up to one terabyte each month free of charge.) This new 3TB data set includes information on “more than 145 million unique commits, over 2 billion different file paths and the contents of the latest revision for 163 million files, all of which are searchable with regular expressions,” Arfon Smith, program manager for open source data at GitHub, wrote in a blog post.
  • How one company is using open source to double its customers’ mobile business
    Most retailers today stay a step or two behind when it comes to modern technology, especially on the mobile side. Sawyer Effect, LLC, a consultant for J.Crew Group, Inc., has been using Red Hat, Inc.’s open-source product Ansible, an IT automation engine, to get its customer’s mobile business up to speed and greatly improve its business.
  • Can Capital One change banking with open source, mobile apps, and NoSQL?
    Oron Gill Haus of Capital One came to MongoDB World to present on Hygieia, an open source DevOps dashboard built on MongoDB. Behind that dashboard lies an ambition to change the customer banking experience – no small feat. Prior to his keynote, Haus shared his team’s story with me.
  • How bank Capital One developed an open source DevOps visualisation tool based on MongoDB
    In order to keep up with customers' expectation of a proactive service available 24x7 on many devices, US bank Capital One moved to an agile DevOps structure and a year ago released its own DevOps dashboard. While visualisation tools were available for continuous integration, scanning and testing, Capital One's development team was unable to find one that provided a complete overview of the whole production process. The dashboard they developed, called Hygieia, was open sourced to encourage rapid development. It is currently in version 2.0. VP of engineering Gil Haus explained some of the thought processes that went into the creation of Hygieia.
  • What is DC/OS?
    What if we could take the total amount of power in any cloud computing datacentre and provide a means of defining that as one total abstracted compute resource? This notion has given brith to DC/OS, a technology base built on Apache Mesos to abstract a datacentre into a single computer, pooling distributed workloads and (allegedly) simplifying both rollout and operations.
  • What's holding your conference back
  • Airtel Leverages Cloudera Enterprise to Improve Customer Experience and Product Personalization
  • Airtel adopts Cloudera for business intelligence
  • Airtel moves customer data on an open source platform
  • ​RightScale can help you pick out the right public cloud
    For example, let's say you need a local cloud in Australia. With the tool, you'll see that Google can't help you while the others can. Or, for instance say you've tied your business to Oracle and you want Oracle Linux as your operating system. The program will quickly and easily tell you that AWS and Azure are the clouds for you.
  • The Apache Software Foundation Announces Apache® Bahir™ as a Top-Level Project
    Apache Bahir bolsters Big Data processing by serving as a home for existing connectors that initiated under Apache Spark, as well as provide additional extensions/plugins for other related distributed system, storage, and query execution systems.
  • Bahir is the Latest Big Data Project to Advance at Apache
    Recently, we've taken note of the many projects that the Apache Software Foundation has been elevating to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to Big Data and developer-focused tools in recent months. As Apache moves Big Data projects to Top-Level Status, they gain valuable community support and more.
  • MongoDB launches Atlas, its new database-as-a-service offering
    MongoDB, the company behind the eponymous open source database, is launching Atlas today, its third major revenue-generating service. Atlas is MongoDB’s database-as-a-service offering that provides users with a managed database service. The service will offer pay-as-you-go pricing and will initially allow users to deploy on Amazon Web Services (AWS), with support for Microsoft Azure and Google Cloud Platform coming later.

Open Hardware

  • Denver Mini Maker Faire Roundup
    We told you about NixCore in a links post last fall. This is a small Linux-based router board with a dev board add-on option. [Drew] himself was on hand giving live demos and selling boards. $30 is a pretty good price for this small SBC that’s not quite a Pi or an Arduino nor an ESP8266.
  • Mechaduino Powerful Open Source Servo Motor (video)
    Tropical Labs has this week unveiled a new open source industrial servo motor it has created in the form of the Mechaduino which takes the form of an affordable solo that is Arduino compatible. Check out the video below to learn more about this new Mechaduino servomotor which is taken to Kickstarter to raise $7500 over the next 20 days to go into production.
  • Will Open-Source Work For Chips?
    The open source movement, as we know it today, started in the 1980s with the launch of the GNU project, which was about the time the electronic design automation (EDA) industry was coming into existence. EDA software is used to take high-level logical descriptions of circuits and map them into silicon for manufacturing. EDA software starts in the five digits, even for the simplest of tools, tacking on two or three zeros for a suite of tools necessary to fully process a design. On top of this, manufacturing costs start at several million dollars.
  • DIY Off the Grid: Open Building Institute to Change Face of Home Construction & Home Ownership
  • Building Your Own Home From Open Source Blocks
    What if your next house were to cost 1/10th of the average home while sporting a long list of high-tech hyper-ecological features? With the help of the Open Building Institute (OBI), which is designing affordable, ecological housing accessible to everyone - you may be able to do just that. [...] OBI is following the same open source methodology that has made the Internet so successful --- sharing the source code with a free license. Google and Facebook and many other Internet companies use open source software on the backend because large scale collaboration generally leads to superior technology. Open source hardware follows the same approach from electronics to 3-D printers.