Does anyone know the name of the trojan used in the Dec. 2nd DNS hijack of CheckFree?
Printable View
Does anyone know the name of the trojan used in the Dec. 2nd DNS hijack of CheckFree?
DNS wasn't really hijacked. They managed to obtain the username/password that allowed them to change the domain.
They probably got those credentials with spear phishing.
As I said, they probably used spear phishing, not a trojan or any other type of malware.
http://en.wikipedia.org/wiki/Phishing
No. The users that were directed to the site in the Ukraine, as opposed to the real checkfree site could have had their computers infected with malicious software. My question is what would a antivirus scanner identified the threat as? Most sources say the fake web server attempted to download a Trojan using an IE exploit. I want the name of the Trojan. That is my question here.
According to CNET the name of the file was msn.exe.
Nov 26, 2008 ... Customers of CheckFree.com, an online bill paying site, .... and in the background downloads a password stealing Trojan named 'msn.exe.'" ...
news.cnet.com/8300-1009_3-83.html?keyword=%22trojans%22 - 139k -
http://voices.washingtonpost.com/sec...l?nav=rss_blog
There are many variants of this virus
http://www.viruslist.com/en/virusesd...pter=153317860
Ah.. Now I understand :D
AFAIK they used an adobe acrobat exploit to install a keylogger. See http://www.securityfocus.com/bid/30035
No names, so it's likely a custom build exploit.
Thank you both. Both posts contain info that I did not have!