Researchers from the Shape Security company found on the computer of one of the clients a malware , which was used an unusual form of communication with the command server. The program is authorized in the mail service Gmail and receives instructions from unsent draft.
Compounds occurs the browser Internet Explorer, running in invisible session. IE allows you to run itself to other programs in this mode to obtain information from the Internet.
Then the malware ran the script in Python to get the team and the code that the attacker Save to draft the letter. Malware left in the draft its response to the result of the operation. All communications are encrypted .
Researchers say that the traces of this malicious program was especially hard to find in the traffic, because the connection is made via a secure channel.
"We see here the C & C-server that runs through completely legal service that reliably protects it from detection," - says Wade Williamson, a security specialist from Shape Security. He also explained that this type of RAT - a kind of program Icoscript, of which the German company G-Data reported in August. Interestingly, the staff G-Data then suggested that Icoscript used more since 2012. Probably, after the incident with Petraeus, this method became well-known, but still Icoscript during two years was not found.
Because of the hidden nature of communications it is difficult to estimate how many computers in the world are infected this type of RAT.
Source: xzker.ru
No comments:
Post a Comment