The Latest in IT Security

Krebs/Danchev Trojan Pushes Adult Website

28
Jun
2011

Complete malware analysis is often limited by real-world circumstances.

Many of the trojans that we analyze will attempt to connect to a remote server for further instructions. At this point, we know that the software is not legitimate and should be blocked from installation on our customer’s computers. We don’t really need to examine it any further (and often times, the server is offline). But just what would that trojan do if it only had access to its remote master?

We use automation to test malware in an isolated network. We don’t generally test malware with a real Internet connection because we want to limit possible exposure to the rest of the world’s netizens. But every now and then something catches our interest and we’ll perform a manual test.

Such as the trojan we blogged about last Thursday which creates a mutex called:

DANCHODANCHEV_AND_BRIANKREBS_GOT_MARRIED

When we first encountered the trojan, its server, fatgirlsloveme.com, was offline, and then, it went live two days later.

So we configured a Windows 7 test computer, infected it with Trojan-Downloader:W32/Agent.DTBM, connected it to the Internet, and opened Internet Explorer.

One Bing search and then — a pop-up window opened promoting the following webiste:

www.russiansexbrides.com

Russian Sex Brides?

Adult website pop-ups?

We had been hoping for something a bit more interesting. Ah well…

The website doesn’t appear to affiliates as part of its marketing efforts. It’s unknown what type of connection the trojan author has with the website’s owner, Thunder Road, Inc.

www.russiansexbrides.com Whois

The trojan is still not prevalent, but our customer statistics show that it currently remains active in the wild.

Leave a reply


Categories

MONDAY, AUGUST 02, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments