Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on September 12, 2009, 11:47:20 am

Title: Google Groups Trojan
Post by: SysAdMini on September 12, 2009, 11:47:20 am
http://www.symantec.com/connect/blogs/google-groups-trojan

Quote
Maintaining a reliable command and control (C&C) structure is a priority for back door Trojan writers. Recent developments have included the utilization of Web 2.0 social networking websites to deliver commands. By integrating C&C messages into valid communications, it becomes increasingly difficult to identify and shut down such sources. It's a concept very similar to that of chaffing and winnowing. Symantec has observed an interesting variation on this concept in the wild. A back door Trojan that we are calling Trojan.Grups has been using the Google Groups newsgroups to distribute commands. Trojan distribution via newsgroups is relatively common, but this is the first instance of newsgroup C&C usage that Symantec has detected.