Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Clever Trojan Uses SPF For C&C Server (

halls-of-valhalla writes: "A new trojan called Trojan.Spachanel is being used by hackers to inject JavaScript into each webpage opened in infected users' browsers. This malware inserts external scripts which display rogue advertisements in pop-up windows and trick users into clicking on them to generate income for the hackers.

This malware updates its URLs by generating domain names based on a predefined algorithm, and by making an SPF (Sender Policy Framework) lookup for it. This is interesting because SPF was actually created to validate emails and prevent spam by detecting email spoofing. Using SPF, administrators can specify which hosts have permission to send mail from a given domain by creating an SPF record on the domain name system. Mail exchangers then use this DNS to verify that the mail from given domains is being sent by a host with the proper permissions. If the sender's hostname or IP is not listed in this record, it is probably a spoofed email.

This trojan is quite clever in hiding itself because it uses this security feature to sneakily obtain a list of new addresses to use. This successfully disguises traffic from firewalls and other security programs which would normally block requests to command-and-control servers."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Clever Trojan Uses SPF For C&C Server

Comments Filter:

"Well, it don't make the sun shine, but at least it don't deepen the shit." -- Straiter Empy, in _Riddley_Walker_ by Russell Hoban