Online newsgroups service Google Groups, which allow a user to post information, it also can be entered malware content. Symantec researchers found that the Trojan malware uses Google Groups to execute the command to run the attack. ”
“A backdoor Trojan which we refer to as Trojan.Grups been using the Google Groups newsgroup to distribute the Trojan. Trojan distribution via newsgroups is the first time since the command and control lists to run the Trojan. “Said Gavin O Gorman, Symantec researchers, Friday (11/09).
The Trojan designed to call the page from “escape2sun”, a private newsgroup. Page contains list Page contains the list of instructions to run malware, such as index numbers, command execution, and download files. Newsgorup escape2sun also save the response of the infected host. While for the command and response have been encrypted to hide the malware information.
Trojans in Google Groups does not appear explicitly. However, the fact that newsgroups have escape2sun orders in China and the command is saved to refer to a domain.tw, which means that the malware authors are operated from Taiwan.
However, from the Google side was not surprised by this. “By using Google Groups or Google’s product is a violation of our policy produt. We will be holding actions, including the account off. “Google said.
Interesting Stuff
Related Posts:
