‘A back door Trojan that we are calling Trojan.Grups has been using the Google Groups newsgroups to distribute commands. Trojan distribution via newsgroups is relatively common, but this is the first instance of newsgroup C&C usage that Symantec has detected.
It’s worth noting that Google Groups is not at fault here; rather, it is a neutral party. The authors of this threat have chosen Google Groups simply for its bevy of features and versatility.
The Trojan itself is quite simple. It is distributed as a DLL, and when executed will log onto a specific account:
Escape[REMOVED]@gmail.com
h0[REMOVED]t symantec.com’
Advertisement
pochp
