The Latest in IT Security

APT group`s malware retrieved C&C IP addresses from Microsoft`s TechNet portal

15
May
2015

malware-virus-security-threat

A China-based APT group has been using #microsoft’s TechNet web portal to host encoded Command and Control IP addresses for its BLACKCOFFEE #malware, FireEye researchers have revealed.

“While other groups have used legitimate websites to host C&C IP addresses, APT17 took the additional step of embedding encoded C&C IP addresses for the BLACKCOFFEE malware in legitimate Microsoft TechNet profile pages and forum threads, a method some in the information #security community call a ‘dead drop resolver’,” the researchers explained in a report (registration required).

Related posts:
  1. A fresh face for the Microsoft Malware Protection Center
  2. Crypto-Malware Steals Email Addresses and Passwords, Spreads Itself
  3. Hot on the trail of Duqu with Microsoft’s MAPP
  4. Hackers Exploit ColdFusion Flaw in Microsoft IIS Malware Attack
  5. Microsoft Knocks Out 4 Million Websites in Malware Hunt

Read More

Tags:  
Written by Feedproxy
0 Comments

Leave a reply


Categories

FRIDAY, APRIL 19, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments