By Ionut Ilascu 24 Mar 2015
Includes RDP, FTP and SOCKS 5 server support
http://i1-news.softpedia-static.com/images/news2/Yebot-Backdoor-Built-for-a-Slew-of-Malicious-Operations-476654-2.jpg
A backdoor Trojan called Yebot by security researchers, has been discovered to include an impressive list of functions, which allow it to take over the machine and manipulate it for various purposes desired by the threat actor.
It reaches the victim’s computer through other pieces of malware and once executed it sets up an FTP and a proxy server, which can be used for transferring data collected from other infected computers, possibly with a different type of threat, thus creating a secure communication tunnel for the cybercriminals.
Full Article
Userlevel 7
By Ian Barker
http://betanews.com/wp-content/uploads/2014/08/Backdoor-vulnerability-600x400.jpg
New variants of malware come and go with depressing regularity, but some have capabilities that offer more cause for concern than others.
The latest piece of scary software comes from researchers at security company Doctor Web who have uncovered a new Trojan dubbed BackDoor.Yebot that's capable of carrying out a wide range of destructive actions on an infected machine.
It's spread via another piece of malware, Trojan.Siggen6.31836. When launched on the target machine, this injects its code into the svchost.exe, csrss.exe, lsass.exe and explorer.exe processes. After sending a request to the remote server it then downloads and decrypts BackDoor.Yebot and transfers control to it. Some features of Trojan.Siggen6.31836 are encrypted (and can be decrypted only while it's being executed). It also incorporates mechanisms to verify the virtual machine in a target system and bypass User Account Control
full article
http://betanews.com/wp-content/uploads/2014/08/Backdoor-vulnerability-600x400.jpg
New variants of malware come and go with depressing regularity, but some have capabilities that offer more cause for concern than others.
The latest piece of scary software comes from researchers at security company Doctor Web who have uncovered a new Trojan dubbed BackDoor.Yebot that's capable of carrying out a wide range of destructive actions on an infected machine.
It's spread via another piece of malware, Trojan.Siggen6.31836. When launched on the target machine, this injects its code into the svchost.exe, csrss.exe, lsass.exe and explorer.exe processes. After sending a request to the remote server it then downloads and decrypts BackDoor.Yebot and transfers control to it. Some features of Trojan.Siggen6.31836 are encrypted (and can be decrypted only while it's being executed). It also incorporates mechanisms to verify the virtual machine in a target system and bypass User Account Control
full article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.