Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Latest version of Flashback uses Twitter as a backup command and control network

suraj.sun (1348507) writes | more than 2 years ago

Desktops (Apple) 0

suraj.sun (1348507) writes "The Russian antivirus company Dr. Web report that the latest version of Flashback, the backdoor malware targeting Macs through a Java exploit, is using Twitter as a backup command and control network. Dr. Web was the first to report on the rapidly growing Flashback botnet—the largest recorded malware attack ever focused on Macs.

In an analysis of current variants of the malware, Dr. Web’s team found that the Trojan initially configured with a list of servers through which it can receive additional commands and configuration updates. If the malware doesn’t get a correct response from one of the control servers in its own internal generated list, it will search Twitter for posts containing a string of text generated from the current date, and look for a control server address embedded in the posts. “For example, some Trojan versions generate a string of the ‘rgdgkpshxeoa’ format for the date 04.13.2012,” the Dr. Web team wrote in their blog post. “If the Trojan manages to find aTwitter message containing bumpbegin and endbump tags enclosing a control server address, it will be used as a domain name.”"

Link to Original Source

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?