Trojan Hides on Blogging Platform

Thursday, April 25, 2013 @ 06:04 PM gHale

The Vernot Trojan relies on legitimate applications and services to perform its malicious tasks.

A new variant of the Trojan, BKDR_VERNOT.B, relies on a Japanese blogging platform for command and control communications, said researchers at Trend Micro.

Spam Leads to ZeuS
Spam Campaign Hits Snapchat
Spam Not as Visible, but More Severe
Android Trojan Spreads through Botnet

Once it infects a machine, Vernot logs into an account on the Japanese blogging site and creates a draft which it names after the victimized machine.

This draft later sees use for various purposes, including to drop off stolen information and to receive backdoor commands. These commands include downloading files, executing files, renaming files, and extracting files from archives.

Each time one of the commands executes, a string adds to the blog draft.

This technique ensures security solutions don’t easily detect the threat because communications between the computer and a legitimate blogging platform don’t appear malicious.

Previous variants of Vernot abused notetaking and archiving software provider Evernote to hide their presence.

Leave a Reply

You must be logged in to post a comment.