- Feb 4, 2016
- 549
Cisco’s Talos security intelligence and research group has come across a piece of software that installed backdoors on 12 million computers around the world.
The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The firm, previously known as Eorezo Group and apparently linked to another company called Wizzlabs, has been targeted by French authorities over its questionable practices regarding the installation of unwanted software and harvesting of users’ personal details.
Cisco started analyzing Tuto4PC’s OneSoftPerDay application after its systems detected an increase in “Generic Trojans” (i.e. threats not associate with any known family). An investigation uncovered roughly 7,000 unique samples with names containing the string “Wizz,” including “Wizzupdater.exe,” “Wizzremote.exe” and “WizzInstaller.exe.” The string also showed up in some of the domains the samples had been communicating with.
Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other software, such as a known scareware called System Healer, but also of harvesting personal information. Furthermore, experts found that the software is designed to detect the presence of sandboxes, antiviruses, security tools, forensic software and remote access doors.
These “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.”
According to Tuto4PC’s website, the company offers hundreds of tutorials that users can access for free by installing a piece of software that displays ads. However, based on Cisco’s research, it appears the company is doing more than just displaying ads.
Tuto4PC said its network consisted of nearly 12 million PCs in 2014, which could explain why Cisco’s systems detected the backdoor on 12 million devices. An analysis of a sample set revealed infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand.
“Based on the overall research, we feel that there is an obvious case for this software to be classified as a backdoor. At minimum it is a potentially unwanted program (PUP). There is a very good argument that it meets and exceeds the definition of a backdoor,” Cisco Talos researchers said in a blog post.
“The creation of a legitimate business, multiple subsidiaries, domains, software and being a publicly listed company do not stop this adware juggernaut from slowing down their attempts to push their backdoors out to the public,” they added.
full article : Cisco Finds Backdoor Installed on 12 Million PCs | SecurityWeek.Com
I did not think this news here, I may be wrong
The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The firm, previously known as Eorezo Group and apparently linked to another company called Wizzlabs, has been targeted by French authorities over its questionable practices regarding the installation of unwanted software and harvesting of users’ personal details.
Cisco started analyzing Tuto4PC’s OneSoftPerDay application after its systems detected an increase in “Generic Trojans” (i.e. threats not associate with any known family). An investigation uncovered roughly 7,000 unique samples with names containing the string “Wizz,” including “Wizzupdater.exe,” “Wizzremote.exe” and “WizzInstaller.exe.” The string also showed up in some of the domains the samples had been communicating with.
Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other software, such as a known scareware called System Healer, but also of harvesting personal information. Furthermore, experts found that the software is designed to detect the presence of sandboxes, antiviruses, security tools, forensic software and remote access doors.
These “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.”
According to Tuto4PC’s website, the company offers hundreds of tutorials that users can access for free by installing a piece of software that displays ads. However, based on Cisco’s research, it appears the company is doing more than just displaying ads.
Tuto4PC said its network consisted of nearly 12 million PCs in 2014, which could explain why Cisco’s systems detected the backdoor on 12 million devices. An analysis of a sample set revealed infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand.
“Based on the overall research, we feel that there is an obvious case for this software to be classified as a backdoor. At minimum it is a potentially unwanted program (PUP). There is a very good argument that it meets and exceeds the definition of a backdoor,” Cisco Talos researchers said in a blog post.
“The creation of a legitimate business, multiple subsidiaries, domains, software and being a publicly listed company do not stop this adware juggernaut from slowing down their attempts to push their backdoors out to the public,” they added.
full article : Cisco Finds Backdoor Installed on 12 Million PCs | SecurityWeek.Com
I did not think this news here, I may be wrong
