Saturday, January 22, 2011

Malicious software: Koobfac

What is the worst that can happen to a malicious software? be hijacked by malicious software to self. Experts have discovered that a well-known Trojan poses a major security hole - which can be exploited by competitors. This makes the Trojans twice threatening. Actually the computer worm Koobface be a very bad pest.

Since 2008 he is driving in different variants on the loose, and uses entirely new - well - distribution channels to distribute its cargo from the computer to computer. For some time he is even on the road in a cross-platform version that feels on Windows PCs, Linux machines and Macs, OS X-native alike.


But now, the malware experts at Symantec have discovered: The latest version of Koobface called Janabot uses, not only security vulnerabilities to infiltrate to computers, which he himself - much to the delight of his competitors. It appeared the bad guy, when in summer 2008 for the first time made the rounds, still plenty of sneaky.

Instead, as usual, until then mostly to spread via e-mail, he used the mechanisms of social networks. Even users who were conditioned to delete emails of questionable origin rather just click and certainly not on any links in it, fell for Koobface. For example, if the feilbot in MySpace or Facebook as a delightful video link.

And it got worse. Koobface in 2010 became the universal weapon. As a Java software, he was on the operating system independent, could establish themselves not only on Windows PCs, the favorite target of malicious software programmers, but also on Linux and Mac computers. Once programmed, all the attack, one might say.

The goal to reach as many Koobface computer and interconnect to a remote-controlled botnet, came for his developers to grasp. But the experts of the Mac Intego security blog noted this at once, that it is the developer of this version were not quite at the level of the time when they sent their malware onto the track.

"Can I infect your computer?" The use of Java that is making the pest but universally applicable, but easily noticeable. For it is precisely because it was built as a Java applet that he had behaved to permit the user to ask to be allowed to install. The concealment efforts of the worm were not particularly difficult to see through.

Intego said in the blog as well: "Although this is a particularly malicious piece of malware, the current implementation for Mac OS X is still defective, so the risk is low." That this is not the only big error is that the Koobface-makers is to run, now have the Symantec researchers discovered.

Their analysis of the Trojan as well. Jnanabot designated pest has produced, that of all the worm itself is vulnerable to attack by malicious software. For the developers a bitter loss in the Symantec blog said Harshit Nayyar, could act as intruders. The weak point, the expert is in the peer-to-peer protocol (P2P), which used the malware to communicate with other infected people through the Internet and to coordinate actions.

This vulnerability allows attackers to steal files or put your own files at any location on the infected computers - even in the list of startup items, from where they are executed automatically each time the computer. This process would, for example, to build a botnet, which operates parallel to the designed by Koobface - piggyback, so to speak.

Cyber-criminals just as well but could also take over the entire Koobface botnet and use it for their own purposes. Given the commercial orientation of many botnets, which, for charge other people's computers to crash or send spam e-mails would be something connected with financial losses.

Particularly high these losses should certainly not be. For if the developers offer Koobface botnet of such actions, the prices can not be that high. The UK "register" to Symantec, said manager Dean Turner, the counting of the infected computer probably amounts to several thousand machines.

measured compared with really large botnets, their host computers in hundreds of thousands numbers are the peanuts. "The recipe for disaster" Harshit Nayyar warns nevertheless: "When a computer is infected with Janabot, the doors are wide open and it sports a big 'Wilkommen' sign, the other guests invited.

Furthermore, if the programmers of the pest - or anyone else - that weakness is known at all, Nayyar will not oracles once. Maybe it was the programmers simply does not matter, he speculates. Janabots weakness against invaders show in any case, "as a single malware infection to other infections push open the door" could.

"Therefore, the presence of Janabot up on a computer is a much greater threat than we previously thought," says Nayyar and warns: "In connection with the fact that Janabot can infect different platforms, we have here is a recipe for disaster ".

No comments:

Post a Comment