First Trojan discovered using a newsgroup to control attacks

Symantec has discovered the first Trojan using newsgroups to control botnets
Written by Tom Foremski, Contributor

Symantec says it has discovered the first instance of a Trojan using a newsgroup to deliver commands to botnets.

The Trojan.Grups is described as a backdoor Trojan and it utilizes Google Groups newsgroups.

Symantec says:

The Trojan in this case is fairly simple, but when executed, it logs onto a specific Google account and requests a page from a private newsgroup which contains encrypted commands for the malware to carry out.
Based on analysis of the source code, Symantec believes this may be a prototype implementation, testing the feasibility of Web-based newsgroups as command and control structures. Analysis also indicates that this Trojan is seeking to remain discreet and undetected, being used to subtly gather information and potentially determine future attack targets. Such a Trojan could have been developed for targeted corporate espionage where anonymity and discretion are priorities.

There is more information on the Symantec blogs: http://www.symantec.com/connect/blogs/google-groups-trojan.

Editorial standards