Tag Archives: trojans

Popular RATs Found Riddled With Bugs, Weak Crypto

Posted on by

The researchers, in conjunction with their research paper (PDF), released tools for decrypting RAT traffic and proof-of-concept exploits for the bugs they found. They found that the tools include weak, or no, encryption: Bandook, for example, uses obfuscation, not encryption, to protect its traffic between the victim’s machine and the C&C server.

via Popular RATs Found Riddled With Bugs, Weak Crypto – Dark Reading.

“A good understanding of their protocols is critical to network and system administrators deploying tools that can notice the presence of a RAT,” they said.

RAT = Remote Administrative Tool which is a tool used by the bad guys to snoop on a victim.  To the victim this is more commonly referred to as a trojan.

New targeted Mac OS X Trojan requires no user interaction

Posted on by

After infecting a given Mac, this Trojan is like most: it connects to a remote website using HTTP in typical command and control C&C fashion to fetch instructions from remote hackers telling it what to do. The backdoor contains functionality to take screenshots of the user’s current session, upload and download files, as well as execute commands remotely on the infected machine. Encrypted logs are sent back to the control server, so the hackers can monitor activity.

via New targeted Mac OS X Trojan requires no user interaction | ZDNet.

Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan

Posted on by

Rasmussen said there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”

via Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan — Krebs on Security.

Given the Conficker Working Group’s experience, shutting down the surrogate DNS network on March 8 may actually be a faster — albeit more painful — way to clean up the problem.