Google Groups as botnet command and control
We’ve seen this happen with Twitter, now it appears that botnet writers are using Google Groups newsgroups as a base for controlling infected PCs.
Hackers need to be able to quickly and easily spread commands to their botnets, or networks of compromised PCs that they can gain control over to spread spam and malware, and have recently turned to social networking sites such as Twitter to distribute their instructions.
Recent efforts to hide botnet command and control communications in mainstream places have a new back-door Trojan called Trojan Grups (sic) using Google Groups to command and control botnets, according to a post (http://www.symantec.com/connect/blogs/google-groups-trojan) on Symantec’s security blog. Symantec notes that distributing the malware that infects PCs and turns them into bots through news groups – so that visitors to those groups become infected -- is common, but this is the first instance the security company knows of where hackers are spreading their commands through a news group.
This Trojan is distributed as a DLL and logs onto a specific Google Groups account. Once logged on, it requests a page from a private newsgroup that contains commands for the compromised PC to carry out, and can also post responses. All communication is encrypted.
As savvy as this form of command and control may seem, there are some downsides -- because the commands to botnets are stored as postings to the newsgroup, researchers can read them and decipher what type of action the controller is telling the bots to take. With Trojan Grups, it appears the botnet is used for reconnaissance and targeted attacks.
Also because Google Groups includes version controlling, communication and the growth of the botnet over time can also be tracked. This Trojan was released in November of 2008, says Symantec, and peaked in activity during February.
Do you tweet? Follow me on Twitter here.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
