Thursday, March 28, 2013
The new malicious code works through the Evernote service
For criminals problem is that the botnet tied to one or more command server, turning off the server command millions of client computers included in the network will not be available to attackers, in addition, often the security system of computers detect and block suspicious communications strange communication . In other words, the task before the crooks to create unusual communications between them and the army of bots-computers.
In the anti-virus company Trend Micro said that detects such an unusual way of communication. As "command server" criminals used popular notes service Evernote, which turned infected PCs.
Created a backdoor, which was hooked to your computer criminals, anti-virus company Trend Micro identifies as Vernot.A. It is delivered via an executable file and places the malicious code in the form of a dynamic library. The installer also hiding in the DLL-file to hide the process of malicious code detection. After starting the backdoor will collect data on the system, and then it connects to Evernote, or more precisely to a specially created Chinese account, where operators distribute further commands for the malware. It publishes all technical data, interpreted code.
According to the blog post Trend Micro Threat Response, antivirus company discovered Evernote-account code when examined, in particular the methods for sending stolen data.
Note that hackers are not the first time you use the public services in their own interests. So, before they used SkyDrive service to host spam, and Twitter-account to communicate with the malware. The latter, in particular, the famous Mac-Trojan Flashback. In Trend Micro said that such moves are necessary not only because of the fact that such services have powerful communication channels, but also due to the fact that services such as SkyDrive, Dropbox, Evernote, Twitter and the like made to the a priori white lists of filtering traffic.