Forgot your password?
typodupeerror

+ - Clever Trojan Uses SPF For C&C Server->

Submitted by
halls-of-valhalla
halls-of-valhalla writes "A new trojan called Trojan.Spachanel is being used by hackers to inject JavaScript into each webpage opened in infected users' browsers. This malware inserts external scripts which display rogue advertisements in pop-up windows and trick users into clicking on them to generate income for the hackers.

This malware updates its URLs by generating domain names based on a predefined algorithm, and by making an SPF (Sender Policy Framework) lookup for it. This is interesting because SPF was actually created to validate emails and prevent spam by detecting email spoofing. Using SPF, administrators can specify which hosts have permission to send mail from a given domain by creating an SPF record on the domain name system. Mail exchangers then use this DNS to verify that the mail from given domains is being sent by a host with the proper permissions. If the sender's hostname or IP is not listed in this record, it is probably a spoofed email.

This trojan is quite clever in hiding itself because it uses this security feature to sneakily obtain a list of new addresses to use. This successfully disguises traffic from firewalls and other security programs which would normally block requests to command-and-control servers."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Clever Trojan Uses SPF For C&C Server

Comments Filter:

"Catch a wave and you're sitting on top of the world." - The Beach Boys

Working...