Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Sophisticated spam Trojan unmatched
Veteran security expert Joe Stewart thinks he has embraced malware until he comes across SpamThru Trojan, a malicious program designed to spread spam from infected computers.
Using P2P technology to send commands to hijacked PCs, the Trojan is equipped with a separate virus scanner, with complexity and sophistication on par with the mainstream antivirus scanning software.
" This is the first time I've encountered this phenomenon, " Stewart exclaimed. He is currently working as a senior security expert at SecureWorks.
" The purpose of this virus scanner is simply to protect every Trojan's" resources ", in case it has to compete with a mass mailing virus, it will eliminate obnoxious opponents. ".
Source: codycafe The vast majority of viruses and Trojans are currently only trying to block antivirus software from downloading updated versions but fighting against rival malware this way is "rare to find", if not said the first case. SpamThru has lifted the game to a new level - using an entire antivirus tool to destroy the "party".
However, its motivation is not difficult to understand at all. Computers have only one hacker who wants to gain control. Of course, hackers will fight with each other, find ways to destroy other malware by deleting the registry key or tricking other malware into thinking . they are already running.
Smart and cheeky
Initially, the Trojan will load a DLL from the hacker-controlled central server. After that, it will download the computer infected with a pirated copy of Kaspersky Antivirus. 10 minutes after downloading the DLL, it starts scanning the system to kill other malware and ignores "home" files.
" Any malware detected will be deleted by Windows in the next reboot, " Stewart explained. He himself was initially confused with the purpose of hackers when installing Kaspersky virus scanning software.
" I just thought it was disguising itself smartly. But it was not until I analyzed it more carefully that I realized a very sophisticated mechanism that hackers thought of to capture the bandwidth for his spam ".
And yet, SpamThru uses an extremely clever command and control mechanism to avoid being shut down. It uses a customized P2P protocol to share information with other peers, including the IP address, ports and software version of the control server.
In case the control server is turned off, the spammer will be able to update all this information to a new control server in the peer network.
Spam messages spread by SpamThru are based on templates available, but with random phrases in content, random sender names. These templates are all encrypted and use a special authentication method, preventing others from downloading.
And yet, it can also change the width and height of GIF images to bypass filters.
Trong Cam
Jessica TannerYou should read it
- The 5 most 'dirty' tricks of malware
- Trojan 2.0 - Implications of Web 2.0 technology
- Warning Ghimob new banking malware, mobile users cannot remove
- SonicWall launches anti-malware software
- What is a Trojan? How to avoid trojan attack?
- Risks from malware and how to prevent it
- Instructions on how to remove multi-platform malware on Facebook Messenger
- New banking malware discovered that can remotely control Android devices
May be interested
- New Android Trojans lead users to phishing websites by notification on the application
security researchers have found that a dangerous trojan appears on android platforms, using the same web messages to redirect users to sophisticated phishing sites. - Distributing spam with the theme of US-Iran wartaking advantage of the tension in relations between the united states and iran, from the weekends, hackers have triggered the spam wave bringing topics of war between the two sides.
- Trojan 'Pirates of the Caribbean'a fake garbage campaign provides information about the new 'pirates of the caribbean' movie to spread a newly launched trojan. in terms of content, the above spam messages are full of information and a fake malicious link brings c
- Trojans appear fake Microsoft patcha new spam campaign has just been launched over the weekend by the emergence of a trojan capable of stealing passwords attached to a genuine microsoft windows update.
- 'Super stealth' rootkita new trojan program is so clever that many security experts have called it a 'new chapter' in the fight against malware. with the name rustock (according to symantec) or mailbot.az (according to f-secure), this trojan uses sophisticated rootkit techniques to prevent viruses.
- Use SEO to bring Google search results to bank trojanswhen you think you know all the tricks, malware teachers always have new tricks that surprise you.
- Don't click 'Unsubscribe': This is how spam is actually stopped!email, as we know, is the most spammed subject on the internet today. anyone who has ever used email is no stranger to having to spend time 'dealing' with spam on a regular basis.
- What is Trojan? How to avoid Trojan horse virusa trojan or trojan horse is a type of malicious code or software that can take control of a user's computer remotely.
- How to handle when email automatically sends bulk spamsuddenly, on a beautiful day, you get complaints from friends and colleagues that they receive a lot of spam emails from ... your email address. what happens when you don't know anything at all? chances are, your email has been malicious or hacked.
- What is Trojan Dropper?one particular program used by cyber criminals in their illegal transactions is the trojan dropper program. so how does this happen and how can you prevent it?
Alarm of dangerous bot, Trojan infection rate
Warezov Deep 'take meat to crush you'
Top 10 most dangerous malware in October
The virus shoots the video clip
Symantec launched antivirus software for Windows Mobile
Virus attacks Mac OS X operating system