November 29, 2016 By Larry Loeb 2 min read

Malvertising efforts sometimes exploit the victim’s greed. Ever since the days of Nigerian princes offering money from secret bank accounts, cybercriminals have used victims’ gluttony against them.

Backdoor Trojan Exploits Greed

Bleeping Computer reported that Symantec discovered a website offering free keys to software commonly used within the enterprise, such as woodworking design program SketchList3D and hard disk cloning tool HDClone. These keys can infuse life into pirated software, allowing illegitimate users to gain full access. However, the website in question is designed to infect visitors with the Stegoloader Trojan.

This campaign seems to be targeted vertically. That is, the perpetrators are hoping to lure anyone who might have the pirated software to visit their poisoned site for free activation keys. Needless to say, the keys are phony. The miscreants simply want victims run the keygen binary program to assure infection.

According to Symantec, once the Stegoloader payload is installed, it conducts a basic survey of the infected computer. Only 62 percent of victims are attacked for a second time, which demonstrates the Trojan’s selectivity.

Sinister ‘Steganography’

The backdoor Trojan is notable for its use of embedded instructions within an image. When the infection calls home to the hardcoded command-and-control (C&C) server, it does not get easily identifiable HTTP commands thrown back to tell it about the next stage of operation. Instead, it gets an image that it can decode and run to conduct its criminal activity. The image looks like normal traffic and slips by most antivirus detectors.

Symantec discovered lateral movement on the network within two hours of the initial infection in 62 percent of the attacks observed. Some transversals took longer to initiate, which may suggest a manual mode of operation.

The researchers think this network movement occurs because the malware operators exploit weak passwords, not to mention the poor security often found in file shares and network drives. There was no evidence that the perpetrators used zero-day exploits or sophisticated tools during this transversal.

If something seems to be too good to be true, it probably is. Don’t fall for it.

More from

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today