silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,048
Read more below:A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits (EKs), according to researchers.
Proofpoint researchers said on Thursday that in the most recently tracked example, the Fallout EK is used to download the Danabot banking trojan and the SystemBC SOCKS5 proxy, the latter of which is then used on a victim’s Windows system to evade firewall detection of C2 traffic.
SystemBC has so far been found mainly in Asia, where EKs remain important attack tools thanks to the fact that Windows piracy is common, leading to unpatched, buggy systems, researchers said. The use of Fallout is particularly interesting, according to Proofpoint, given that malvertising-based EK has historically been used to deliver instances of Maze ransomware.
Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth
The proxy is being distributed by the RIG and Fallout exploit kits.
threatpost.com
SystemBC: RIG & Fallout Exploit Kits Campaign Analysis | Proofpoint US
Proofpoint researchers detail a previously undocumented proxy malware, dubbed "SystemBC, " distributed by the Fallout and RIG exploit kits. Learn more.
www.proofpoint.com