Welcome Guest [Log In] [Register]

Kia Ora
You are currently viewing our forum as a guest. This means you are limited to certain areas of the board and that there are some features you can't use or read.

We are an active community of worldwide senior members participating in chat, politics, travel, health, blogging, graphics, computer issues & help, book club, literature & poetry, finance discussions, recipe exchange and much more. Also, as a member you will be able to access member only sections, many features, send personal messages, make new friends, etc.

Registration is simple, fast and completely free. Why not register today and become a part of the group. Registration button at the very top left of the page.

Thank you for stopping by.

Join our community!

In case of difficulty, email worldwideseniors.org@gmail.com.
If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
KOOBFACE Propagates via Torrent P2P File Sharing
Topic Started: Aug 18 2011, 04:45 PM (61 Views)
Deleted User
Deleted User

Quote:
 
Aug17
KOOBFACE Propagates via Torrent P2P File Sharing

The KOOBFACE botnet became known for using popular social networking sites as a propagation vector and abusing these platforms for malicious purposes. We recently observed that KOOBFACE no longer actively propagates via social networks but rather does so via a torrent P2P network through sharing Trojanized application files.

While conducting research, we found a “loader” that KOOBFACE uses. This component is responsible for downloading the botnet’s other components and arrives on victims’ systems either via the download of Trojanized torrent files or via a new KOOBFACE component called tor2.exe, which we detect as WORM_KOOBFACE.AV.

WORM_KOOBFACE.AV, upon execution, accesses a C&C domain to request for a torrent file. Once received, it executes a torrent client, which is found in the resource section of the binary. This torrent client, a version 2.2.1 of uTorrent, is executed without the users’ knowledge and runs as a background process. The torrent client downloads the files referenced by the previously downloaded torrent file from the C&C. A sample of the downloaded torrent file references four files that supposedly comprise an Adobe Lightroom installer package:


Details plus screenshots - http://blog.trendmicro.com/
Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
ZetaBoards - Free Forum Hosting
Fully Featured & Customizable Free Forums
« Previous Topic · ALERTS, UPDATES, WARNINGS, NEWS · Next Topic »
Add Reply