Windows 10 News and info | Forum
October 23, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New Windows malware sets up proxies on your PC to relay malicious traffic  (Read 127 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30608


I Do Windows


WWW Email
« on: August 03, 2019, 03:25:16 PM »
ReplyReply

A new malware strain targeting Windows systems is rearing its ugly head. Named SystemBC, this malware installs a proxy on infected computers.

The bad news is that SystemBC never comes alone, and usually, the presence of this malware indicates that a computer was also infected by a second threat.

Proofpoint researchers, who recently analyzed the malware, say its creators are advertising it on underground cybercrime forums to other malware authors.

The SystemBC malware is effectively an on-demand proxy component that other malware operators can integrate and deploy on compromised computers alongside their primary strain.

SystemBC's main role is to create a SOCKS5 proxy server through which the other malware can create a tunnel to bypass local firewalls, skirt internet content filters, or connect to its command-and-control server without revealing its real IP address.

SYSTEMBC SOLD TO OTHER MALWARE OPERATORS

Proofpoint researchers said they identified an ad on a hacking forum for an unnamed malware strain that appears to be SystemBC, dated in early April, about a month before the malware was first seen online, in May.

The ad includes images of the SystemBC backend, through which other malware operators can list active installs, update the malware on users' computers, or configure the final IP to which the malware relays traffic from infected hosts.



While initially the malware has been seen in some isolated campaigns, Proofpoint researchers say they've now seen it in the past two months being distributed via exploit kits, such as RIG and Fallout.

Exploit kits are web-based systems that leverage browser vulnerabilities to plant malware on users computers, or redirect users to web pages that trick users into installing malware-laced apps themselves.

For example, Proofpoint said the operators of the DanaBot banking trojan and the Maze ransomware appear to have used exploit kits to infect hosts and then SystemBC's proxying capabilities to hide their malicious traffic.

PROBLEMS FOR DETECTING MALWARE INFECTIONS

Because of its ability to mask bad network traffic generated by other malware, SystemBC is bound to become even more popular as time goes by.

Furthermore, according to the Proofpoint team, SystemBC will also create "new challenges for defenders relying on network edge detections to intercept and mitigate threats like banking Trojans."

Either way, the main takeout here is that if you ever see a SystemBC detection, that means there's a second malware strain on your PC and removing SystemBC won't solve your problems.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page August 25, 2019, 02:06:18 AM