Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Groups Used To Control Botnets

Posted by Soulskill on from the easier-than-by-carrier-pigeon-in-most-cases dept.

oDDmON oUT writes "'Maintaining a reliable command and control (C&C) structure is a priority for back door Trojan writers. ... Symantec has observed an interesting variation on this concept in the wild. A back door Trojan that we are calling Trojan.Grups has been using the Google Groups newsgroups to distribute commands,' writes Symantec employee Gavin O Gorman. He goes on to state that 'the Trojan itself is quite simple. It is distributed as a DLL,' and while the decrypted commands indicate it is used 'for reconnaissance and targeted attacks,' he does go on record as saying, 'It's worth noting that Google Groups is not at fault here; rather, it is a neutral party. The authors of this threat have chosen Google Groups simply for its bevy of features and versatility.'"

3 of 63 comments (clear)

  1. Re:Why not P2P? by sakdoctor · · Score: 3, Insightful

    Storm and many others used P2P.
    Using a distributed hash table, each node wouldn't need a FULL list of nodes; often just O(log(n)) nodes.

    They have used encrypted+signed commands since forever, port knocking, basically everything in the field has been incorporated into making a better, more robust bot.

  2. Re:C2, not C&C by Yvan256 · · Score: 3, Insightful

    And C2 can refer to a truckload of things, so that doesn't really help.

  3. Re:Those IRC dwelling 14 year olds... by flydpnkrtn · · Score: 3, Insightful

    I know eventually a true, almost impossible to counter exploit will be found by them, for Linux.

    I think you lay the melodrama on a bit too thick... there's not really such a thing as an "impossible to counter" exploit...

    --
    Here's to the crazy ones