Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (70)
  • add to favourites
    Add to Bookmarks

"Official" Trojans

Read: 11728 Comments: 2 Rating: 9

Wednesday, November 1, 2017

We often advise our readers to download software programs only from the official sites of the respective developers in order to avoid computer infections. Indeed, this approach is much more reliable than downloading applications from dubious sites or software catalogues that are completely disassociated with the applications' authors. But is this method 100 percent secure?

As it turns out, criminals also read security tips intended for law-abiding citizens and use them to their own advantage—it would be a shame not to exploit users' trust in official sites.

And every now and then attackers compromise official sites belonging to popular software developers.

  • Someone compromised the download server (download.handbrake.fr), and replaced the official HandBrake distribution with a malicious file containing the RAT (Remote Access Trojan) Proton. The application's developers published a corresponding warning for users.

    http://www.securitylab.ru/news/486082.php

  • Samsung's US corporate site was compromised by a Trojan that operated as a keylogger, disabled anti-virus software, and stole passwords for online banking accounts.

    https://xakep.ru/2006/09/08/33786

  • The Ammyy Admin installer available on the developer’s official site didn't have a digital signature and turned out to be a dropper. If it was launched, two executable files were created in a temporary directory and launched. One of them was a utility installer and the other turned out to be the malicious program Trojan-Spy.Win32.Lurk. Furthermore, attackers modified a PHP script on the Ammyy Group webserver so that if a user attempted to download the remote administration utility, the script would check whether the target machine was part of a corporate network. If it was, the Lurk malware program would be launched in addition to the utility installer.

    https://www.kommersant.ru/doc/3053357

#application_stores #Trojan #cyber-crime

The Anti-virus Times recommends

  1. Some users believe that because they are extra careful and visit only secure sites and never download dubious files or consent to suspicious proposals (right, but where do online banking theft stats come from?), their systems will never get infected.
  2. However, most sites are vulnerable and almost any of them can be hijacked. Attackers just can't lay their hands on all of them due to the sheer number of sites. If your system hasn't been compromised yet, it’s probably just because it has yet to be targeted.
  3. Surely, confidence is a good feeling. But you need to understand how far your area of expertise goes. There is nothing wrong in delegating your system's security to an anti-virus.
    And, by the way, user computers protected by Dr.Web weren't compromised by the threat we described at the beginning of this issue. Dr.Web detects that malware program as Mac.BackDoor.Proton.1.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments