Researchers have found a family of malware that targets both Windows and OS X. Janicab.A, is the trojan which is also unusual because it uses a YouTube page to direct infected machines to command-and-control (C&C) servers and follows a clever trick to conceal itself.
When researchers from F-secure and Webroot documented new trojan threatening Mac Users. Like other recently discovered OS X malware, Janicab was also digitally signed with valid Apple Developer ID. It also used special unicode character known as right-to-left override to make infected file appear as PDF document rather than a potentially dangerous executable file.
On Monday researchers from Avast published an article reporting that Janicab can also infect computers running Windows. The strain exploits a vulnerability Microsoft patched in 2012 to install a malicious Visual Basic script that can remain active even after infected machines are restarted.
Like the Mac versions, Janicab randomly chooses a YouTube link from a hard-coded list to find the C&C sever that issues updates and instructions. One such page contained the words "just something i made up for fun, check my website at 111.90.152.210/cc bye bye.". Researchers presume the IP address may have been the location of one of the C&C severs.
[Source : ArsTechnica]
0 comments:
Post a Comment