Matsuda Posted September 23, 2013 Share Posted September 23, 2013 (edited) Security researchers from Trend Micro have uncovered a new backdoor malware family which they’ve dubbed “BLYPT.” The main targets of this threat are regular Internet users from the United States.According to experts, the Java exploits used to distribute BLYPT are delivered via drive-by downloads or hijacked websites. The exploit leverages CVE-2013-1493, a vulnerability that was patched by Oracle in March.First, the exploit downloads an installer which retrieves and installs BLYPT’s main component –named logo32.png or logo64.png depending on the victim’s operating system. Once it infects a computer, the malware allows its master to send various commands to the infected system. These commands include receiving an updated DLL binary, an updated configuration and HTTP request commands.As far as the command and control (C&C) servers are concerned, most of them are located in Romania (65%), and Turkey (18.4%). Some servers have also been spotted in Belize, China and the United States.Additional technical details on BLYPT are available on Trend Micro’s blog.Source Edited September 23, 2013 by Matsuda-NSANE Link to comment Share on other sites More sharing options...
emerglines Posted September 23, 2013 Share Posted September 23, 2013 Good article, thanks bro :) Link to comment Share on other sites More sharing options...
smallhagrid Posted September 26, 2013 Share Posted September 26, 2013 Very interesting, but...no detection or removal info at Trend's site.Any ideas on this, anyone ??? Link to comment Share on other sites More sharing options...
Recommended Posts