I wanted this to be seen by everyone so I'm posting it here. This is from a SANS newsletter I get.
--Trojan Horse Program Uses Google Groups as Command and Control Channel (September 11 & 14, 2009) The Grups Trojan horse program uses Google groups as a command and control channel. Grups requests a page from a certain private newsgroup to get instructions. Information gathered from examining the Trojan indicates that it is a prototype in the process of being tested. While news groups have been used to distribute malware, this is believed to be the first instance of such a group being used as a command and control channel, according to Symantec, which discovered the Grups Trojan. http://www.theregister.co.uk/2009/09/14/google_groups_control_trojan/ http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=219900032 http://www.itworld.com/security/77545/google-groups-botnet-command-and-control http://www.eweek.com/c/a/Security/Symantec-Google-Groups-Used-to-Send-Commands-to-Malware-183661/ [Editor's Note (Pescatore): Bot-net generation malware has been using all kinds of communication channels, from Twitter to news groups to more generic drop/search/find mechanisms using blog comment fields, etc. Yet more black list signature approaches (IP address/URL reputations) will not be sufficient - the executables themselves have to be dealt with.] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups ""Minds Eye"" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/minds-eye?hl=en -~----------~----~----~----~------~----~------~--~---
