I wanted this to be seen by everyone so I'm posting it here. This is from a SANS newsletter I get.
--Trojan Horse Program Uses Google Groups as Command and Control Channel: (September 11 & 14, 2009) The Grups Trojan horse program uses Google groups as a command and control channel. Grups requests a page from a certain private newsgroup to get instructions. Information gathered from examining the Trojan indicates that it is a prototype in the process of being tested. While news groups have been used to distribute malware, this is believed to be the first instance of such a group being used as a command and control channel, according to Symantec, which discovered the Grups Trojan. http://www.theregister.co.uk/2009/09/14/google_groups_control_trojan/ http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=219900032 http://www.itworld.com/security/77545/google-groups-botnet-command-and-control http://www.eweek.com/c/a/Security/Symantec-Google-Groups-Used-to-Send-Commands-to-Malware-183661/ [Editor's Note (Pescatore): Bot-net generation malware has been using all kinds of communication channels, from Twitter to news groups to more generic drop/search/find mechanisms using blog comment fields, etc. Yet more black list signature approaches (IP address/URL reputations) will not be sufficient - the executables themselves have to be dealt with.] On Sep 16, 8:20 am, retiredjim34 <[email protected]> wrote: > In reading some threads recently, I noticed how open and frank some of > the posts were. They talked about scamming the system, legendary > promiscuity, and not quite being the real thing for example. > Given the degree to which electronic gadgets and social sites > have invaded our lives, and the degrees to which some will go when > vetting a job applicant, I suggest that it behoves us all to rein in > our occassional frank and revealing comments. If a prudish HR staff > member happened to come across such comments, they might be shocked, > or worse. And we well might be asked to lead them to such comments by > listing all social sites we patronize. > Just a word of caution. > By the way, does anyone know the post retention policies of Minds > Eye? I fear that it they may keep our posts forever. Jim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups ""Minds Eye"" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/minds-eye?hl=en -~----------~----~----~----~------~----~------~--~---
