Skip to main content

Gameover trojan hides in SSL

posted onOctober 7, 2013
by l33tdawg

Saboteurs spreading the Gameover banking trojan are using an encrypted secure sockets layer connection to remain undetected and have infected at least a quarter of a million machines.

Researchers at Dell SecureWorks Counter Threat Unit (CTU) detailed attackers' latest schemes to spread the financial malware in a blog post published last Friday.

According to the team, Gameover operators are delivering downloader malware called "Upatre" to victims via spam, then having the downloader retrieve the Gameover payload from infected websites hosting the malware. Instead of receiving instructions from an attacker-operated command-and-control server, the Upatre downloader uses an encrypted SSL connection to download malware directly from compromised web servers.

Source

Tags

SSL Viruses & Malware

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th