Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Symantec reveals attack mechanism of Hydraq Trojan

Symantec : 25 January, 2010  (Technical Article)
Trojan allows remote users to stream video from exploited computer using modified VNC code, Virtual Networking Code originally designed for desktop sharing applications
Symantec has revealed further details about how the much publicised Trojan.Hydraq attack works, via a video in a controlled lab environment.

One of the components of the Trojan is based on VNC code and has the ability to allow an attacker to control and stream a live video feed of a compromised computer's desktop to a remote computer in real-time.

Once Trojan.Hydraq is installed by means of an exploit, it downloads additional files from a remote location to aid with the attack. Two of the additional files downloaded are named VedioDriver.dll and Acelpvc.dll. These files are placed into the %System% folder on the exploited computer. Analysis of the files and communication protocol suggests that they were specifically written for use with Hydraq using modified VNC code. In conjunction with Hydraq, these files allow a remote attacker to control and stream a live video feed from an exploited computer. When looking at the information stored in the files, one thing stands out. The file creation information states that the files were created back in 2006.

Other components of Hydraq have creation dates in 2009. This leads to the possibility that the Hydraq samples that we are seeing today may have been in development or evolved over time. However, another possibility is that the time and date were set wrong on the computer that was used when the source files were compiled.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo