Thursday, October 11, 2012

Virus Backdoor.Proxybox created by Russian hacker

Symantec: Virus Backdoor.Proxybox created by Russian hacker

Attacker for 3 years supported botnet size of 40 thousand infected computers.

The investigation began with the reverse engineering of the Backdoor.Proxybox malware. According to the company Symantec, the study of malicious code Backdoor.Proxybox, discovered three years ago, the experts were able to establish that the creator of the malware is hacker from Russia.

To locate the hacker managed to track its accounts in payment systems on sites that distribute malware.

According to the company Symantec, detect malware Backdoor.Proxybox, the experts found that the virus is composed of three constituent parts - the dropper, the main part of malware and rootkit.



Dropper installs on the infected computer core code copies the executable files in the system and loads the rootkit. Last task is to protect the virus from detection by antivirus software. When you turn the infected system malicious code loads a dynamic library that performs low-level proxy server, and connects the computer to the botnet.

According to the researchers, the hacker who created the botnet, maintained a constant number of active computers in a network of at least 40 thousand

The investigation of Symantec experts have established that the spread of the virus involved people with Ukrainian name, in the territory of Russia. Their findings were transferred to law enforcement authorities, which should establish the identity of the perpetrator.

Results of the survey Symantec can be found here

No comments:

Post a Comment