An Introduction to DevilRobber Trojan
An Introduction to DevilRobber TrojanRuomu GuoCPSC 620 Presentation
What is DevilRobber Trojan1: Transmission: Bit Torrent Seed
2: Function: access users computer steel users private information generate Bitcoin virtual currency
The Principle of Trojan Trojan Application consists of two parts 1: Server Part (Server) 2: Controller Part (Client)
Interaction Open clients ports to send data back to the specified server Hackers could take advantage of such ports to enter OS X
The Principle of Trojan Operation Trojan horse programs cannot operate automatically Embedded in some documents or files users may be interested in Trigger Must open infected files or implement infected application
Categories Universal VS Transitive
Analysis of DevilRobber TrojanOperation System Platform Mac OS X Based on UNIX Mac OS X application such as Graphic Converter software Function Steal users sensitive information and private data Control GPU to generate BitCoin virtual currency automatically Monitoring computers activities
Analysis of DevilRobber Trojan Copy TrueCrypt and its relevant data Copy Safari browsing history Copy users Bash_history to dump.txt
Analysis of DevilRobber TrojanUnusual Features take advantage of GPU to automatically generate Bit-coins Bits-coins also can be used for exchange for real current currency. One Bit currency is equivalent to about $ 3.00
New Version of DevilRobber TrojanDispersal Old Version: Disguise as a popular image editing program such as PixelMator New Version: Disguise as download tools and contact with some FTP server
New Version of DevilRobber TrojanCircumvention Not trying to capture a screenshot sent back to the remote server No longer check the Little Snitch firewall
Confuse User Little Snitch users can authorize the Trojans to communicate with an external server without their known.
How to Avoid DevilRobber infectionCheck source of download files Trust of source of download
Various types of DevilRobber Trojan Disguise as a PDF file Disguise as Adobe Flash update installation
Vulnerability Fixed and SolutionEnhance Mac OS X Security Apple has released update package for users to download Virus Feature Definition XProtect.plist
Reference1What Apple's sandboxing means for developers and usershttp://news.cnet.com/8301-1009_3-57318099-83/what-apples-sandboxing-means-for-developers-and-users/
2 Mac Trojan poses as PDF to open botnet backdoorhttp://arstechnica.com/apple/news/2011/09/mac-trojan-poses-as-pdf-to-open-botnet-backdoor.ars
3 Apple kills code-signing bug that threatened iPhone usershttp://www.theregister.co.uk/2011/11/10/apple_iphone_security_bug.html
Lecture EndThanks