Cyber News

Mon, 9 Jan 2017 Trojan

Backdoor Returns As BigBoss and SillyGoose

All
backdoor

Researchers have discovered two new versions of the MM Core backdoor – BigBoss and SillyGoose – used in recent attacks on African and American industries. The MM Core backdoor is capable of sending system details about the infected system to its developers, downloading and executing files, updating and uninstalling itself. It is distributed via DOC files that exploit a Microsoft Word vulnerability, and then executed using a Dynamic-Link Library (DLL) side-loading vulnerability. Once executed in memory, MM Core extracts and installs an embedded downloader for persistence. To evade detection, newer campaigns use C&C servers registered using a registrant privacy protection service to make it more difficult to track the developers' infrastructure.

 

References:
MM Core In-Memory Backdoor Returns as BigBoss and SillyGoose
Windows PC Spy Nasty Dormant for Three Years, Mutates and Resurfaces


Certis CISCO Terms of Use Privacy Policy © 2017 Quann
Back to top