Menu
» »Unlabelled » Facebook and Yahoo users hit by 'polite' IM Trojan

Facebook and Yahoo users hit by 'polite' IM Trojan

Over 1,300 systems got infected with the latest Instant Messaging Trojan, which uses polite social engineering and biblical verses to hide encrypted data, Bitdefender warns. The antivirus software provider spotted an increasing wave of infections in the past week in countries such as the US, the UK, Germany, Canada, France, Denmark, Japan and Romania.

The ‘Gen:Variant.Downloader.167' Trojan was first spotted by researchers at security firm Bitdefender on 13 May. It targets users of Facebook instant messaging and Yahoo Messenger (YM) and fools them into downloading its payload by pretending to be from a friend asking them a question.

 It disarms people and triggers their curiosity “by asking a wonderfully polite question such as ‘I want to post these pictures on Facebook. Do you think it's OK?'.” The malware also reassures victims by providing a link to storage services Dropbox or Fileswap, which are frequently used for sharing files, where they can supposedly view the pictures., says Catalin Cosoi ,Bitdefender chief security strategist.
More from Bitdefinder:
The malicious file is first executed without parameters. The malware then creates a folder with a random name in Application Data and it copies itself to this folder with a random name and an “.exe” extension.

Then, it creates a registry entry in “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” with the name Counter Background WWAN Thread Mapper User NetBIOS. Once all this is done, the victim is presented with the following error message in an effort to avoid raising any suspicion: “This application is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.”

Another executable file with a random name is created in the same folder in Application Data. This file is executed with two parameters: WATCHDOGPROC, and the path to the first executable file.

Finally, a configuration file is created in the same folder, and the malware connects to a command and control server.

According to Bitdefender, Cybercriminals can command the Trojan to download other pieces of malware and eventually harvest confidential data, such as usernames, passwords and even banking credentials.
Posted by Anonymous
at 3:57 AM

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )
 
Top