|The danger of personal information leaks||--||05/16/11|
Written by HAURI Virus Lab.
For the purpose of financial gain, the personal information leaks cases by utilizing computer virus continue. Recently, this kind of issue happened in the US, so the US government proactively respond against this malicious attack by impounding the related C&C server and blocking the domains.
The used malicious code is Coreflood/AFcore botnet, and according to analysis, it downloads other malicious codes also creates additional malicious codes. The created malicious codes act by injecting to running process. Moreover, it creates/modifies the registry key so that the malicious code can be activated automatically on system boot.
The malicious code contains IRC commands like [PIC 1], [PIC 2], and saves user keyboard input datas into a certain file with encryption. Then, it connects to the Botnet and does other malicious acts by following attacker's command.
[PIC 1] Some part of code in the malicious code
[PIC 2] Some part of IRC command in the malicious code
For preventing PC from this kind of virus infection, user must update security patch for using OS regularly, and maintain the latest engine version for Anti-Virus programs all the time.
- What is the C&C server?: It is a server that manage the command/control for the zombie PC which is infected by malicious bot.
[ViRobot Detection Name]