Botnet C&C Commands Spread by Google Groups

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via SC Magazine US.

[snip]

A trojan targeting Google Groups turns newsgroups into a means for
distributing command-and-control information for botnets.

“The trojan [dubbed Trojan.Grups] in this case is fairly simple,” wrote
Gavin Gorman, security researcher for Symantec, in a post [1] Friday on a
Symantec blog. “But when executed, it logs onto a specific Google account
and requests a page from a private newsgroup, which contains encrypted
commands for the malware to carry out.”

In the past, Twitter has been used to deliver commands, by which an account
was being used as a command-and-control hub to issue instructions to
infected computers. Tweets coming from the malicious accounts were encoded
and looked like a random combination of letters and numbers. But the tweets
were actually being used to issue new instructions to bots.

“This is the first time a newsgroup being used as a command-and-control
conduit,” Gerry Egan, director of Symantec Security Response, told
SCMagazineUS.com Friday. “It establishes a two-way communications pipe,
using a legitimate infrastructure.”

[snip]

More:
http://www.scmagazineus.com/Botnet-commands-spread-by-Google-Groups/article
/148736/

[1] http://www.symantec.com/connect/blogs/google-groups-trojan

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFKqurYq1pz9mNUZTMRAqr9AJ4kuVsXSts7RD+0sc2CTErm2/tEzwCghJcF
LHXtOs6opgOz/JGbGcY+M40=
=47mz
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.