Backdoor Trojan picks up commands from Evernote account
Posted on 28.03.2013
Trend Micro researchers have recently analyzed a backdoor Trojan that contacts an unusual command and control center - an Evernote account.


The backdoor - dubbed Vernot - can perform all the usual things malware of this kind does: it harvests system information and sends it to a remote server (or even possibly to the same Evernote account it picks its commands from), and can download, execute, and rename files.

Whether the information is dropped off at the account couldn't be verified, as the login credentials embedded in the malware were no longer valid - likely because of the service-wide password reset executed by Evernote following the recent breach.

"As stealth is the name of the game, misusing legitimate services like Evernote is the perfect way to hide the bad guys’ tracks and prevent efforts done by the security researchers. Because BKDR_VERNOT.A generates a legitimate network traffic, most antimalware products may not readily detect this behavior as malicious," the researchers pointed out. "This can be troubling news not only for ordinary Internet users, but also for organizations with employees using software like Evernote."

This is not the first time that a popular online service is used as a way for malware to communicate with its C&C servers - Google Docs, Sendspace, Twitter and others have been misused in the past.









Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //