1 / 13

An Introduction to DevilRobber Trojan

An Introduction to DevilRobber Trojan. Ruomu Guo CPSC 620 Presentation. What is DevilRobber Trojan. 1: Transmission: Bit Torrent Seed 2: Function: access user’s computer steel user’s private information generate Bitcoin virtual currency.

sybil
Download Presentation

An Introduction to DevilRobber Trojan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. An Introduction to DevilRobber Trojan Ruomu Guo CPSC 620 Presentation

  2. What is DevilRobber Trojan • 1: Transmission: Bit Torrent Seed • 2: Function: access user’s computer steel user’s private information generate Bitcoin virtual currency

  3. The Principle of Trojan • Trojan Application consists of two parts 1: Server Part (Server) 2: Controller Part (Client) • Interaction Open clients’ ports to send data back to the specified server Hackers could take advantage of such ports to enter OS X

  4. The Principle of Trojan • Operation Trojan horse programs cannot operate automatically Embedded in some documents or files users may be interested in • Trigger Must open infected files or implement infected application • Categories Universal VS Transitive

  5. Analysis of DevilRobber Trojan • Operation System Platform Mac OS X (Based on UNIX) Mac OS X application such as Graphic Converter software • Function Steal user’s sensitive information and private data Control GPU to generate BitCoin virtual currency automatically Monitoring computers’ activities

  6. Analysis of DevilRobber Trojan CopyTrueCrypt and its relevant data Copy Safari browsing history Copy users’ Bash_history to dump.txt

  7. Analysis of DevilRobber Trojan • Unusual Features take advantage of GPU to automatically generate Bit-coins Bits-coins also can be used for exchange for real current currency. One Bit currency is equivalent to about $ 3.00

  8. New Version of DevilRobber Trojan • Dispersal Old Version: Disguise as a popular image editing program such as PixelMator New Version: Disguise as download tools and contact with some FTP server

  9. New Version of DevilRobber Trojan • Circumvention Not trying to capture a screenshot sent back to the remote server No longer check the Little Snitch firewall • Confuse User Little Snitch users can authorize the Trojans to communicate with an external server without their known.

  10. How to Avoid DevilRobber infection • Check source of download files Trust of source of download • Various types of DevilRobber Trojan Disguise as a PDF file Disguise as Adobe Flash update installation

  11. Vulnerability Fixed and Solution • Enhance Mac OS X Security Apple has released update package for users to download Virus Feature Definition XProtect.plist

  12. Reference 1:What Apple's sandboxing means for developers and users http://news.cnet.com/8301-1009_3-57318099-83/what-apples-sandboxing-means-for-developers-and-users/ 2: Mac Trojan poses as PDF to open botnet backdoor http://arstechnica.com/apple/news/2011/09/mac-trojan-poses-as-pdf-to-open-botnet-backdoor.ars 3: Apple kills code-signing bug that threatened iPhone users http://www.theregister.co.uk/2011/11/10/apple_iphone_security_bug.html

  13. Lecture End Thanks

More Related