Wednesday, April 3, 2013
The new trojan aimed at computers of the Middle East
FireEye researchers found a backdoor trojan that seems designed to attack computer systems of government in the Middle East and Central Asia. Malware is giving new abilities that allow him to evade detection by the fact that it is run after a lot of clicks.
Experts have found that the code contains a trojan tag relating to the soundtrack of Batman - "The Dark Knight: The Legend Continues."
Malicious program BaneChant activates its activity after the user clicks three times the left mouse button.
Only if the number of clicks the left mouse button, or even more than three malicious program proceeds to load malicious code on your PC.
In general, BaneChant acts just like regular Trojans: collects information on the infected machine, and installs a backdoor for remote access.
This Trojan can bypass the sandbox, by fixing a certain number of clicks. In addition, the Trojan uses multi-byte XOR-encrypted executables to escape from technology network extraction executables. BaneChant contains malicious code without the files and uses short URL or dynamic DNS-servers to redirect users to viral resources.
Attack with BaneChant starts by sending an e-mail message containing a malicious document entitled "Islamic Jihad." That file name allowed experts from FireEye suggest that victims of the new virus, the residents of the Middle East and Central Asia. After opening the attachment and passing on the link contained in the letter, the user is redirected to a specific site through which the connection to the C & C-server.
Details of the FireEye report can be found here.