Home Business IT Security Russian hackers attack anti-US supporters
Russian hackers attack anti-US supporters Featured

A Russian self-proclaimed hacker community is stealing user data by pretending the software was designed to attack Western governments and the US, according to researchers.

Reports out today are suggesting that due largely to the ongoing Ukrainian conflict hackers have crafted specially targetted spam messages to deliver a trojan that "supports the Russian cause" and dislikes measures taken against the country.

Users who click the malicious links are unwillingly joining the botnet and spreading the malware further.

The news comes from researchers from security software Bitdefender, who said the Trojan drops three clean files used for traffic monitoring (npf_sys, packet_dll, wpcap_dll) and is capable of mining sensitive browser data, internet traffic and other personal information.

After clicking the links, victims download an executable file known as Kelihos. The Trojan communicates with the command and control center by exchanging encrypted messages via HTTP to retrieve further instructions.

Bitdefender said depending on the type of payload, Kelihos can do any of the following:

· Communicate with other infected computers

· Steal bitcoin wallets

· Send spam emails

· Steal FTP and email credentials, but also login details saved by the browsers

· Download and execute other malicious files on the affected system

· Monitor traffic for FTP, POP3 and SMTP protocols

“We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that Western states imposed against our country,” malicious messages read.

“We have coded our answer and below you will find the link to our program. Run the application on your computer, and it will secretly begin to attack government agencies of the states that have adopted those sanctions.”

The Bitdefender Labs analysed one of the recent malicious spam waves and noticed that all the .eml files lead to setup.exe links, with five unique IPs. Three belonged to Ukraine, while the other two were retrieved in Poland and the Republic of Moldavia.

“Some might be servers specialised in malware distribution or other infected computers that became part of the Kelihos botnet,” Bitdefender Virus Analyst Doina Cosovan said.

“It is somehow ironic that most of the infected IPs are from Ukraine. This either means that computers in the country were also infected, or that Ukraine itself is where the distribution servers are located.”

To convince many users of their authenticity, the Russian hackers claim their program works silently, using no more than 10 to 50 megabytes of traffic per day, and takes almost no CPU time.

“After rebooting your computer, our program will terminate its activities, and if you want to - you can run it again,” spam e-mails also read. “If necessary, turn off your antivirus at that time.”

“Of course, turning off your security solution is not advisable. Instead, keep it installed and updated, just like your other software and operating system because malicious programs usually take advantage of vulnerabilities found in non-updated software,” said Cosovan.

Also known as Hlux, the Kelihos botnet was discovered four years ago and is mainly involved in the theft of bitcoins and spamming. The botnet has a peer-to-peer structure, where individual nodes can act as command-and-control servers for the entire botnet, increasing its longevity.

In January 2012 a new version of the botnet was discovered, and Microsoft pressed charges against a Russian citizen who was the alleged creator of the Kelihos Botnet’s sourcecode.

FREE CLOUD BACKUPS MANAGEMENT WEBINAR

Are your technicians spending too much time just managing your clients cloud backups?

Backups are an important part of any IT business but they should not consume more than their fair share of time and money.

Discover how to reduce the amount of time & money spent managing your Cloud Backups during this Free Webinar.

REGISTER FOR FREE WEBINAR!

FREE NETWORKING SERVICES CASE STUDY

As one of the world’s largest social networking services, Facebook handles a lot of user information, and requires input from an astounding range of stakeholders 24 hours a day, 7 days a week — from both inside and outside the business.

Discover how Facebook was helped to connect remote employees, vendors, consultants, and partners to applications and web services quickly and reliably - without risking sensitive data.

GET CASE STUDY!

GET THE IT BUDGET YOU WANT

Explore your Network Treasure Trove to get the IT Budget you want

With Australian businesses projected to spend over $78.7 Billion why does it feel like you can never get the budget you need?.

In most cases your budget will get approved because the proposals are not only technically correct, but also provide good, credible evidence on how the spend aligns with key business objectives.

Did you know that your Network Monitoring tool can help you build a comprehensive business case without an MBA?

HERE ARE 8 TIPS TO GET THE IT BUDGET YOU WANT.

CLICK HERE!

David Swan

David Swan is a tech journalist from Melbourne and is iTWire's Associate Editor. Having started off as a games reviewer at the age of 14, he now has a degree in Journalism from RMIT (with Honours) and owns basically every gadget under the sun.

Connect

 

 

 

 

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities