Posts Tagged: .in:3126


Botnet Trojan Adds “Gootkit” Code to Web Pages

by

An insidious new Trojan that finds its way onto Windows PCs in the course of a drive-by infection employs a novel method to propagate: It connects to Web servers using stolen FTP credentials, and if successful, modifies any HTML and PHP files with extra code. The code opens an iFrame pointing to a page that loads browser exploits. The exploit pushes down the infection, which then perpetuates the process. The initial infection vector in this case was a spam message supposedly from Amazon.com containing a link to the page which performs the drive-by attacks. The malware, which we’re calling Trojan-Backdoor-Protard, […]

Continue Reading »