Language Selection

English French German Italian Portuguese Spanish

Triple-Barreled Trojan Attack Builds Botnets

Filed under
Security

Anti-virus researchers are sounding the alert for a massive, well-coordinated hacker attack using three different Trojans to hijack PCs and create botnets-for-hire.

The three-pronged attack is being described as "unprecedented" because of the way the Trojans communicate with each other to infect a machine, disable anti-virus software and leave a back door open for future malicious use.

"This is so slick, it's scary," said Roger Thompson, director of malicious content research at Computer Associates International Inc. "It clearly points to a very well-organized group either replenishing existing botnets or creating new ones."

According to Thompson, the wave of attacks start with Win32.Glieder.AK, dubbed Glieder, a Trojan that downloads and executes arbitrary files from a long, hardcoded list of URLs.

Glieder's job is to sneak past anti-virus protection before definition signatures could be created and "seed" the infected machine for future use. At least eight variants of Glieder were unleashed on one day, wreaking havoc across the Internet.

On Windows 2000 and Windows XP machines, Glieder.AK attempts to stop and disable the Internet Connection Firewall and the Security Center service, which was introduced with Windows XP Service Pack 2.

The Trojan then quickly attempts to connect to a list of URLs to download Win32.Fantibag.A (Fantibag) to spawn the second wave of attacks.

With Fantibag on the compromised machine, Thompson said the attackers can ensure that anti-virus and other protection software is shut off. Fantibag exploits networking features to block the infected machine from communicating with anti-virus vendors. The Trojan even blocks access to Microsoft's Windows Update, meaning that victims cannot get help.

Once the shields are down, a third Trojan called Win32.Mitglieder.CT, or Mitglieder, puts the hijacked machine under the complete control of the attacker.

Once the three Trojans are installed, the infected computer becomes part of a botnet and can be used in spam runs, distributed denial-of-service attacks or to log keystrokes and steal sensitive personal information.

A botnet is a collection of compromised machines controlled remotely via IRC (Inter Relay Chat) channels.

According to CA's Thompson, the success of the three-pronged attack could signal the end of signature-based virus protection if Trojans immediately disable all means of protection.

"These guys have worked out that they bypass past signature scanners if they tweak their code and then release it quickly. The idea is to hit hard and spread fast, disarm victims and then exploit them," Thompson said in an interview with Ziff Davis Internet News.

He said he thinks the attack, which used virus code from the Bagle family, is the work of a very small group of organized criminals. "There's no doubt in my mind we are dealing with organized crime. The target is to build a botnet or to add to existing ones. Once the botnets reach a certain mass, they are rented out for malicious use."

Full Story.

More in Tux Machines

Eltechs Debuts x86 Crossover Platform for ARM Tablets, Mini-PCs

The product, called ExaGear Desktop, runs x86 operating systems on top of hardware devices using ARMv7 CPUs. That's significant because x86 software, which is the kind that runs natively on most computing platforms today, does not generally work on ARM hardware unless software developers undertake the considerable effort of porting it. Since few are likely to do that, having a way to run x86 applications on ARM devices is likely to become increasingly important as more ARM-based tablets and portable computers come to market. That said, the ExaGear Desktop, which Eltechs plans to make available next month, currently has some steep limitations. First, it only supports Ubuntu Linux. And while Eltechs said support for additional Linux distributions is forthcoming, there's no indication the product will be able to run x86 builds of Windows on ARM hardware, a feat that is likely to be in much greater demand than Linux compatibility. Read more

It's Elementary, with Sparks, and Unity

In today's Linux news Jack Wallen review Elementary OS and says it's not just the poor man's Apple. Jack Germain reviewed SparkyLinux GameOver yesterday and said it's a win-win. Linux Tycoon Bryan Lunduke testdrives Ubuntu's Unity today in the latest entry in his desktop-a-week series. And finally tonight, just what the heck is this Docker thing everybody keeps talking about? Read more

5 Linux distributions for very old computers

This is part 4 in a series of articles designed to help you choose the right Linux distribution for your circumstances. Here are the links to the first three parts: Which desktop environment should you use? 5 easiest to use Linux distributions for modern machines 5 easiest to use Linux distributions for older machines Some of you will have computers that are really old and none of the solutions presented thus far are of much use. This guide lists those distributions designed to run with limited RAM, limited disk space and limited graphics capabilities. Ease of use is sometimes comprimised when using the really light distributions but once you get used to them they are every bit as functional as a Ubuntu or Linux Mint. Read more

Open source software: The question of security

The logic is understandable - how can a software with source code that can easily be viewed, accessed and changed have even a modicum of security? opensource-security-question Open source software is safer than many believe. But with organizations around the globe deploying open source solutions in even some of the most mission-critical and security-sensitive environments, there is clearly something unaccounted for by that logic. According to a November 28 2013 Financial News article, some of the world's largest banks and exchanges, including Deutsche Bank and the New York Stock Exchange, have been active in open source projects and are operating their infrastructure on Linux, Apache and similar systems. Read more