Google Groups hosts first-of-its kind Trojan

Analysis
Sep 14, 20092 mins

Symantec says a new Trojan taps Google Groups to to distribute commands.

Symantec has discovered a new Trojan that is making use of Google Groups to to distribute commands. Symantec is calling this malware Trojan.Grups. While Trojan writers routinely use newsgroups to infect machines, this is the first time that Syamntec has ever seen them use Google Groups for “command and control” malware.

According to a report by IDG News Service

These “command and control” instructions are used by criminals to keep in touch with hacked PCs and update their malicious software. Researchers have also seen criminals hide their messages in RSS feeds that are set up to broadcast Twitter messages, said Gerry Egan, a director with Symantec Security Response. “We’re seeing a trend toward using more mainstream social media-type interactions to hide command and control,” he said.

“The Trojan itself is quite simple. It is distributed as a DLL, and when executed will log onto a specific account,” the Symantec blog post describes.

For now, Symantec discovered the C&C Trojan located only in one place, a private newsgroup called escape2sun. But Symantec believes the Trojan was a prototype and that we can expect to see more C&C Trojans show up in other newsgroup sites as well as other types of file-sharing social media sites.

Like this post? Visit the Google Subnet home page for more news, blogs and podcasts. Sign up for the weekly Google newsletter. (Click on News/Google News Alert.) More blog posts from Google Subnet:
  • My, What a Long Tail You Have
  • Searching For Cream: The Endless Battle To Find The Best
  • Google is not interested in competing against Apple
  • Two startups offer free ‘computers’ as cloud services
  • Amazon’s latest competition offers secure enterprise cloud
  • Idea Checklists: How Companies Can Utilize the Power of Social Media

Subscribe to all Google Subnet bloggers or Follow Google Subnet on Twitter

Follow Julie Bort on Twitter.