Duuzer Trojan: A Recent Backdoor Targeting Organizations
A recent Backdoor Trojan better named as Duuzer has been uncovered and is in the news for malicious purposes. Yes you guessed it right, it is wreaking havoc particularly in the Organizations and firms in South Korea. However, it is known to spread elsewhere sooner or later. This has been a major security issue that is giving sleepless nights to researchers as they are seriously looking to curb this menace. It is known to target computers that are running with security loop holes and other flaws and is targeting both 32-bit and 64-bit Operating system of Win 7, Windows Vista and XP.
Summary : Duuzer Trojan
Discovered: August 21st 2015
Threat Type: Trojan
Nature of infection: Severe
Windows Targeted: Win 7, Windows Vista & Windows XP
Duuzer Trojan is known to invade on the compromised system that has already been infected by some malware or other known threats. However there is no specific information regarding exactly how it spreads or what is the vector distributing it. According to experts, this trojan is known to use spear phishing emails as well as watering hole attacks are the main strategy that has been used by hackers for its distribution. However, as soon as it executes on the compromised PC, it opens and operates a back door and establishes a remote connection to the following locations having these IP’s
This is why it is considered as a big threat for the very nature of stealing important data and sensitive information. It tracks vital information viz, Computer Name, Username, IP, Location etc to the hackers. In order to target maximum Windows machine, Duuzer Trojan uses obfuscation mechanism. A process which is being used to rename files with some legit ones so that it remains hidden from security program and keeps on running in the background. This is why it is most difficult to be traced.
What makes Duuzer Trojan so Deadly
- access system and drive information
- activates and end processes without manual intervention
- easily accesses, modifies and deletes files.
- Uploads and Downloads additional files
- Changes attributes of files
- drops malicious codes and commands
- hacks data of infected system
Research is being conducted on exactly how this dreadful trojan spreads or targets system all across. As of now, Researchers of Symantec have revealed that it might be using Spear Phishing and Watering Hole attack to infect and target computers. Besides, it also detects whether the system is running on VMWare, Virtual Box or any other virtual machine before carrying out is Routine attack. It uses obfuscation to rename the files with that of legit application to escape detection easily. Therefore it becomes quite necessary to stay alert and even if slight changes are evident on system, scan our system in order to get rid of malware .