Jump to content

Search the Community

Showing results for tags 'RAT'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. A new remote administration Trojan (RAT) receives command and control instructions through Yahoo Mail, and could be easily modified to communicate with its authors through Gmail or other popular webmail providers. This new RAT’s significance stems primarily from its ability to elude the notice of intrusion detection systems by operating over seemingly benign domains. According to an analysis written Paul Rascagnères of the German security firm G-Data and published by Virus Bulletin, RATs generally transmit the information they steal from victimized machines over a specified port, or by regularly connecting to remote server. Each of these behaviors are well-known flags that are likely to trigger detection on corporate networks. This RAT, known as IcoScript, has gone largely undetected since 2012. Part of the reason, Rascagnères explains, is because access to webmail services is rarely blocked or blacklisted in corporate environments and such traffic is very unlikely to be considered suspicious. IcoScript makes use of Component Object Model technology in Microsoft Windows, making HTTP requests for remote services through Internet Explorer. Another of its novelties is that it appears to use its uniquely tailored scripting language to perform various tasks. In the sample analyzed by G-Data, IcoScript connected to a Yahoo Mail account controlled by its authors. The authors manipulate the malware by sending specially crafted emails containing coded instructions. “Moreover,” Rascagnères writes, “the modular nature of the malware makes it very easy for the attackers to switch to another webmail service, such as Gmail, or even to use services like Facebook or LinkedIn to control the malware while running a low risk of the communication being blocked.” Incident response teams generally contain malware like this, Rascagnères claims, by blocking the URL on the proxy. However, in the case of IcoScript, these URLs are not easily blocked, because they originate from the servers of a trusted service. The efficacy of IcoScript is likely to increase if the attackers diversify the sources of their command can control, configuring samples of the malware to use any number of legitimate webmail providers, social networking sites, and cloud storage services. “The containment must be performed on the network flow in real time,” Rascagnères concludes. “This approach is harder to realize and to maintain. It demonstrates both that attackers know how incident response teams work, and that they can adapt their communication to make detection and containment both complicated and expensive.” Source
×
×
  • Create New...