Language Selection

English French German Italian Portuguese Spanish

Triple-Barreled Trojan Attack Builds Botnets

Filed under
Security

Anti-virus researchers are sounding the alert for a massive, well-coordinated hacker attack using three different Trojans to hijack PCs and create botnets-for-hire.

The three-pronged attack is being described as "unprecedented" because of the way the Trojans communicate with each other to infect a machine, disable anti-virus software and leave a back door open for future malicious use.

"This is so slick, it's scary," said Roger Thompson, director of malicious content research at Computer Associates International Inc. "It clearly points to a very well-organized group either replenishing existing botnets or creating new ones."

According to Thompson, the wave of attacks start with Win32.Glieder.AK, dubbed Glieder, a Trojan that downloads and executes arbitrary files from a long, hardcoded list of URLs.

Glieder's job is to sneak past anti-virus protection before definition signatures could be created and "seed" the infected machine for future use. At least eight variants of Glieder were unleashed on one day, wreaking havoc across the Internet.

On Windows 2000 and Windows XP machines, Glieder.AK attempts to stop and disable the Internet Connection Firewall and the Security Center service, which was introduced with Windows XP Service Pack 2.

The Trojan then quickly attempts to connect to a list of URLs to download Win32.Fantibag.A (Fantibag) to spawn the second wave of attacks.

With Fantibag on the compromised machine, Thompson said the attackers can ensure that anti-virus and other protection software is shut off. Fantibag exploits networking features to block the infected machine from communicating with anti-virus vendors. The Trojan even blocks access to Microsoft's Windows Update, meaning that victims cannot get help.

Once the shields are down, a third Trojan called Win32.Mitglieder.CT, or Mitglieder, puts the hijacked machine under the complete control of the attacker.

Once the three Trojans are installed, the infected computer becomes part of a botnet and can be used in spam runs, distributed denial-of-service attacks or to log keystrokes and steal sensitive personal information.

A botnet is a collection of compromised machines controlled remotely via IRC (Inter Relay Chat) channels.

According to CA's Thompson, the success of the three-pronged attack could signal the end of signature-based virus protection if Trojans immediately disable all means of protection.

"These guys have worked out that they bypass past signature scanners if they tweak their code and then release it quickly. The idea is to hit hard and spread fast, disarm victims and then exploit them," Thompson said in an interview with Ziff Davis Internet News.

He said he thinks the attack, which used virus code from the Bagle family, is the work of a very small group of organized criminals. "There's no doubt in my mind we are dealing with organized crime. The target is to build a botnet or to add to existing ones. Once the botnets reach a certain mass, they are rented out for malicious use."

Full Story.

More in Tux Machines

Ondemand vs. Performance CPU Governing For AMD FX CPUs On Linux 3.17

In the tests shared yesterday of looking at the AMD FX-9590 CPU on Linux and other CPU benchmarks from this weekend, some Phoronix readers raised concerns about the CPU scaling governor differences between the AMD and Intel hardware. The AMD FX CPUs continue to use the CPUfreq driver by default to handle their scaling while modern Intel CPUs have the new Intel P-State driver. Beyond the Intel-specific P-State vs. CPUfreq, the AMD CPUs generally default to using the "ondemand" governor while with Intel desktop CPUs on P-State it generally ends up with the "performance" mode. Some Phoronix readers found performance vs. ondemand differences to be unfair, but for AMD FX CPUs, there isn't much of a difference in our common CPU torture test benchmarks found in the Phoronix Test Suite. Read more

Google Sends Invites for September 15 India Event; Android One Launch Likely

Google has sent invitations for an event in India on September 15. While the invite itself says "More details closer to the date!", it is expected that the much-awaited Android One smartphones will make their debut at the event. Android One was announced back in June at Google I/O with India's Karbonn, Micromax, and Spice the confirmed launch partners, though more Indian companies have reportedly joined the list since then. Read more

SHIRTS AND METHODS TO IDENTIFY THE PLAYERS - NFL JERSEYS

The jersey inside outwards, observe the situation embroidery section. Genuine jerseys are embroidered was "Z" shaped, embroidered on shirts, very smooth, in-house embroidery almost no sense of touch. Cheap nfl jerseys from china. The fakes are tight with the line directly to the number sewn on clothes.

Cheap nfl jerseys wholesale. Genuine Hawks player version jersey. Careful observation will find clothes with black "Z" shaped seams on clothes, that this line will be connected to the number and shirts, can make the wearer feel very comfortable, there will be uneven sense!

Finally, I want to make a comparison between true and false jersey, we want to want to buy a shirt to help a friend. Want to buy legal copies of NFL jerseys in the country is quite difficult. Domestic NFL licensed should be small. I discovered two years ago have sold Packers and bengals jerseys offset printing adults at a Reebok store in Xiamen. The price is very expensive, like the shelves soon after never seen. Now search for Taobao, filled with many counterfeit NFL jerseys player version. Cheap jerseys free shipping. Most of these jerseys rough work, by a number of embroidery, the workmanship is very sick.

Seven tips for reinvigorating your SMS campaign

Mobile marketing has come a long way in the last decade. Mobile marketing has gone from being a marketing channel to an entire industry encompassing dozens of marketing channels. While newer mobile technologies such as push notifications, QR codes, and geo-targeting have been getting all of the attention, it is still the humble text message that dominates the industry. While other channels can be beneficial, none can replace the value of a good SMS campaign. Seven tips If you’ve been neglecting your SMS campaign, here are seven tips to get it back on track: Encourage interaction. In the past, marketing efforts have always been focused on one-way communication. With mobile marketing, simply sending texts isn’t enough. In fact it comes across as spamming. A better option is to encourage interaction. For instance, customers who opt-in to receive your texts should be rewarded with a positive experience. Make sure messages are timely. You’ll find that certain messages are more effective at certain times. Sometimes it’s obvious but other times it won’t be. Texts sent by a restaurant about a lunch time special will be more effective when sent just before lunch time. Make sure you’re sending texts that are relevant, valuable, and timely. No marketing effort exists in a vacuum. Every business should be using at least a few different marketing channels. SMS is a great way to tie them all together because nearly everyone has a mobile device capable of texting. SMS marketing can link your email campaign to your social media campaign, and your social media campaign to your content marketing campaign and any other marketing channels you might have. Supplement your local advertisements. Despite the tremendous success of digital marketing strategies, traditional advertising channels such as radio and print ads can still be effective. In can be difficult to measure the effectiveness of these efforts however. You can use SMS to measure success by including a short code and keyword in your traditional advertising then watch how many opt-ins you get as a result. The trouble with sweepstakes has always been that people don’t want to take all the time to enter a sweepstakes they probably won’t win. SMS makes it extremely easy to enter sweepstakes. In fact, it’s one way to get people to opt-in. Customers can enter by simply texting a keyword to a short code. Provide in-store recommendations. A major fear about mobile is that it’s robbing businesses of their foot traffic. So much shopping is done online these days that many business owners worry they can’t compete. Mobile doesn’t have to work against in-store business however. In fact, mobile can improve it. For example, an auto parts store might allow customers looking for a specific part to text a keyword to a short code in order to get reply with the correct part. Use SMS to build loyalty. Typically, it’s 20% of your customers that are driving 80% of sales. SMS is a great way to get those kinds of customers. Make sure you’re doing everything you can to build a solid SMS marketing list. Mobile Technology News brought to you by businesstexter.com Source: streetfightmag.com/2014/08/18/7-strategies-for-better-text-message-marketing/