Filename | Rodpicom Botnet spreading via Skype and MSN Messenger |
Permission | rw-r--r-- |
Author | Unknown |
Date and Time | 2/10/2013 |
Label | Cyber News |
Action |
Ethical Hacking Institute in Pune
./Arizona Team
Malwares are getting updated during the age of social networking. FortiGuard Labs researchers have discovered a new malware called 'Rodpicom Botnet' that spreads via messaging applications such as Skype and MSN Messenger.
Dubbed W32/Rodpicom.A - Rodpicom Botnet sends a message to the victim with a link to a malicious site that leads to downloadable content. When the user clicks the link, the attack downloads another strain of malware, known as Dorkbot. Once the target machine is infected, it checks to see if the victim is using any messaging applications such as Skype or MSN Messenger.
It is revealed that, the malware employs new stealth tactics, including an exception handling technique that generates its own error to dodge analysis and relies on an anti-emulator that attacks the heuristic-scanning capabilities in antivirus software and enables its code to jump around several hundred times.
The malware is enough smart to checks the language of the installed operating system on the computer by scanning the country code and then customize the message sent to all of the victim’s Skype contacts.
For example, If the infected computer is sourced to the U.S., the malicious link will send a message “lol is this your new profile pic? http:// goo.gl/[removed]”.
The Whole objectives of modules implemented in this malware is to downloading more malicious code, contacting the Command and Control server, spamming and a host of other bot-related activities.
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE
./Arizona Team
Malwares are getting updated during the age of social networking. FortiGuard Labs researchers have discovered a new malware called 'Rodpicom Botnet' that spreads via messaging applications such as Skype and MSN Messenger.
Dubbed W32/Rodpicom.A - Rodpicom Botnet sends a message to the victim with a link to a malicious site that leads to downloadable content. When the user clicks the link, the attack downloads another strain of malware, known as Dorkbot. Once the target machine is infected, it checks to see if the victim is using any messaging applications such as Skype or MSN Messenger.
It is revealed that, the malware employs new stealth tactics, including an exception handling technique that generates its own error to dodge analysis and relies on an anti-emulator that attacks the heuristic-scanning capabilities in antivirus software and enables its code to jump around several hundred times.
The malware is enough smart to checks the language of the installed operating system on the computer by scanning the country code and then customize the message sent to all of the victim’s Skype contacts.
For example, If the infected computer is sourced to the U.S., the malicious link will send a message “lol is this your new profile pic? http:// goo.gl/[removed]”.
The Whole objectives of modules implemented in this malware is to downloading more malicious code, contacting the Command and Control server, spamming and a host of other bot-related activities.
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE