The infected computer chooses 2-4 words, queries Google, Bing, or Yandex, and retrieves the first few pages of results. This starts with the C&C server sending the infected PC a list of over 5,000 words. While the first action is mundane for most malware botnet operations, the second part is more interesting because it leads to brute-force attacks on WordPress sites.
It can instruct it to download additional malware (Boaxxe, Kovter, or Fleercivet), or perform a series of search queries. This first C&C server can tell it to perform one of two actions. Sathurbot victims search Google for more victimsĪfter installation, Sathurbot performs a DNS query that will return the address of its first C&C (command and control) server. When executed, it will show an error message claiming an error during the download, but in reality, the Sathurbot infection has already taken root by that point. This installer contains the Sathurbot malware.
#MAC OS HACKED TORRENT MOVIE#
The torrent will download a movie file, a codec pack installer, and a text file explaining to the user he has to run the codec installer first, in order to view the movie. Users that download the torrent will find it very well seeded, mostly be previously infected users. Taking advantage of the original site's good search engine ranking, some of these results appear prominently in search listings. Using previously compromised WordPress sites, attackers create hidden pages on these websites where they host a torrent download page. The infection chain starts when users search for a movie torrent on search engines such as Google, Bing, or Yandex. Searching for movie torrents leads to malware The purpose of this malware is to help crooks take over WordPress sites, which they can later use to host anything from SEO spam to malware download centers. Security researchers from ESET have discovered a new malware called Sathurbot that relies on malicious torrent files to spread to new victims and carries out coordinated brute-force attacks on WordPress sites.
0 kommentar(er)
