Language Selection

English French German Italian Portuguese Spanish

Triple-Barreled Trojan Attack Builds Botnets

Filed under
Security

Anti-virus researchers are sounding the alert for a massive, well-coordinated hacker attack using three different Trojans to hijack PCs and create botnets-for-hire.

The three-pronged attack is being described as "unprecedented" because of the way the Trojans communicate with each other to infect a machine, disable anti-virus software and leave a back door open for future malicious use.

"This is so slick, it's scary," said Roger Thompson, director of malicious content research at Computer Associates International Inc. "It clearly points to a very well-organized group either replenishing existing botnets or creating new ones."

According to Thompson, the wave of attacks start with Win32.Glieder.AK, dubbed Glieder, a Trojan that downloads and executes arbitrary files from a long, hardcoded list of URLs.

Glieder's job is to sneak past anti-virus protection before definition signatures could be created and "seed" the infected machine for future use. At least eight variants of Glieder were unleashed on one day, wreaking havoc across the Internet.

On Windows 2000 and Windows XP machines, Glieder.AK attempts to stop and disable the Internet Connection Firewall and the Security Center service, which was introduced with Windows XP Service Pack 2.

The Trojan then quickly attempts to connect to a list of URLs to download Win32.Fantibag.A (Fantibag) to spawn the second wave of attacks.

With Fantibag on the compromised machine, Thompson said the attackers can ensure that anti-virus and other protection software is shut off. Fantibag exploits networking features to block the infected machine from communicating with anti-virus vendors. The Trojan even blocks access to Microsoft's Windows Update, meaning that victims cannot get help.

Once the shields are down, a third Trojan called Win32.Mitglieder.CT, or Mitglieder, puts the hijacked machine under the complete control of the attacker.

Once the three Trojans are installed, the infected computer becomes part of a botnet and can be used in spam runs, distributed denial-of-service attacks or to log keystrokes and steal sensitive personal information.

A botnet is a collection of compromised machines controlled remotely via IRC (Inter Relay Chat) channels.

According to CA's Thompson, the success of the three-pronged attack could signal the end of signature-based virus protection if Trojans immediately disable all means of protection.

"These guys have worked out that they bypass past signature scanners if they tweak their code and then release it quickly. The idea is to hit hard and spread fast, disarm victims and then exploit them," Thompson said in an interview with Ziff Davis Internet News.

He said he thinks the attack, which used virus code from the Bagle family, is the work of a very small group of organized criminals. "There's no doubt in my mind we are dealing with organized crime. The target is to build a botnet or to add to existing ones. Once the botnets reach a certain mass, they are rented out for malicious use."

Full Story.

More in Tux Machines

Linux Foundation LFCS and LFCE: Alberto Bullo

I started using Linux few years ago out of curiosity when my old computer started to get slow and wanted to try something lighter. At the time, I had a disk of Fedora lying around from a conference and managed to get it installed and working. Since then, I started using it for everyday tasks to get more familiar with the alternative software. I really liked the fact that I could select any distro I wanted and have full control of the operating system. I also used Linux for university projects and started to better understand how to use the utilities and services. Open source projects caught my attention when I started using them on my first job as they gave me the ability to adjust the features and code to my needs but also to contribute back to the community. I then started visiting open source conferences to get more involved and became a big fan of the initiative. Read more

RF-enabled Raspberry Pi add-on brings Google Assistant to gizmos, speakers, and robots

JOY-iT and Elector have launched a $42 “Talking Pi” RPi add-on that enables Google Home/AIY compatible voice activation of home automation devices linked to the Pi’s GPIO, and includes a mic board, PWM servo controls, and support for a 433MHz SRD radio. Elektor has begun selling a $42, open source voice control add-on board that is programmable via the Google Assistant SDK. Built by Germany based JOY-iT, and marketed by Conrad Business Supplies, the RF-enabled Talking Pi enables voice control of home automation equipment such as smart lights, power sockets, and other gizmos via addressable extensions to the Raspberry Pi’s GPIO. Read more

How To Install Windows 10 In Virtualbox On Linux

​You might be a developer and just want to try out your application in a Windows environment, or just want the thrill of doing something in Windows 10. Well, the solution might be as easy as using Virtualbox to install windows 10 unlike installing it on your machine, which may bring may problems to your Linux installation such as grub being overwritten. Read
more

OSS Leftovers and Security

  • How to get all the benefits of open source software
    Open source software continues its meteoric rise, as more and more large enterprises weave open source code into various areas of their operations, increasingly shunning the big-name, proprietary software vendors. In fact, according to open source software development company, Sonatype, represented locally by 9TH BIT Consulting, 7,000 new open source software projects kick-off around the world every week, while 70,000 new open source components are released. Accessing this massive ‘hivemind’ of software development expertise is a highly attractive prospect for CIOs and business managers in all industries.
  • What is open source?
    What is open source software and how do vendors make their money? We answer your questions Open source is the foundation of modern technology. Even if you don't know what it is, chances are you've already used it at least once today. Open source technology helped build Android, Firefox, and even the Apache HTTP server, and without it, the internet as we know it would simply not exist. The central idea behind open source is a simple one: many hands make light work. In short, the more people you have working on something, the quicker and easier it is to do. As it applies to software development, this means opening projects up to the public to let people freely access, read and modify the source code.
  • Open Source Initiative Announces New Partnership With Adblock Plus
    Adblock Plus, the most popular Internet ad blocker today, joins The Open Source Initiative® (OSI) as corporate sponsors. Since its very first version, Adblock Plus has been an open source project that has developed into a successful business with over 100 million users worldwide. As such, the German company behind it, eyeo GmbH, has decided it is time to give back to the open source community. Founded in 1998, the OSI protects and promotes open source software, development and communities, championing software freedom in society through education, collaboration, and infrastructure. Adblock Plus is an open source project that aims to rid the Internet of annoying and intrusive online advertising. Its free web browser extensions (add-ons) put users in control by letting them block or filter which ads they want to see.
  • What if Open-Source Software Can Replace Dozens of Multi-Billion Dollar Companies? That is Exactly What Origin Protocol Wants to do Using Blockchain
  • Bonitasoft gets cute on AWS for low-code BPM
    There has been an undeniable popularisation of so-called ‘low-code’ programming platforms. This is a strain of technology designed to provide automated blocks of functionality that can be brought together by non-technical staff to perform specific compute and analysis tasks to serve their own business objectives.
  • Red Hat Certification: for developers too!
    Red Hat’s certification program provides validation of IT professionals’ skills and knowledge using our subscription products. Red Hat’s certifications carry credibility in the market because they are all earned by taking one or more hands-on, practical exams that last multiple hours. Like most programs offered by technology vendors, our most familiar certifications are those for system administrators.
  • LXD Weekly Status #30
    The main highlight for this week was the inclusion of the new proxy device in LXD, thanks to the hard work of some University of Texas students! The rest of the time was spent fixing a number of bugs, working on various bits of kernel work, getting the upcoming clustering work to go through our CI process and preparing for a number of planning meetings that are going on this week.
  • GitHub Alternative SourceForge Vies for Comeback with Redesigned Site
    SourceForge wants to be more than just another GitHub alternative, but an additional repository for developers to utilize to help gain users.
  • The Clock Is Ticking for Chip Flaw Fixes to Start Working
    Cures for the pervasive Meltdown and Spectre chip flaws aren’t working, and hacks may soon be incoming.
  • Intel: No Financial Meltdown
    Yves here. It is telling that the very measured Bruegel website is pretty bothered that Intel looks likely to get away with relatively little in the way of financial consequences as a result of its Spectre and Meltdown security disasters. This is a marked contrast with Volkswagen, where the company paid huge fines and executives went to jail. However, it was the US that went after a foreign national champion. The US-dominated tech press is still frustratingly given the Intel train wrecks paltry coverage relative to their importance.
  • CIP related work during the second half of 2017
    As you probably know by now, I have been involved in the Civil Infrastructure Project (CIP), a Linux Foundation Initiative formed in 2016, representing Codethink, a founder Member and coordinating the engineering work in two areas within the project: