Malicious PuTTY delivered via compromised download locations
A malicious version of the popular SSH (secure shell) client PuTTY has been compiled by cybercriminals with code for pilfering credentials used to remotely access servers and computers.
PuTTY is an open source terminal emulator for Windows systems primarily used for encrypted communication with remote machines often running Linux/Unix. It is employed by system administrators, web developers, and database managers across the world.
Trojanized version was compiled in late 2013
The threat actors have recompiled the Trojanized copy from the source code, an action PuTTY maintainers rarely resort to.
The login data is collected when the admin connects to the remote host, by encrypting the credentials and delivering them to the attacker’s web server.
Security researchers from Symantec first spotted the unofficial release in the wild in late 2013, in a limited number of detections; but a gap of one year and a half followed, with wider distribution occurring only recently.
Dumitru Stama from Symantec says that security products have PuTTY on their whitelist and its connections are trusted because of its popularity with system admins.
The bad copy can be recognized by checking the “about” information, which reads “Unidentified build, Nov 29 2013 21:41:02.”
Read more: http://news.softpedia.com/news/Popu...-Version-that-Steals-Credentials-481661.shtml
A malicious version of the popular SSH (secure shell) client PuTTY has been compiled by cybercriminals with code for pilfering credentials used to remotely access servers and computers.
PuTTY is an open source terminal emulator for Windows systems primarily used for encrypted communication with remote machines often running Linux/Unix. It is employed by system administrators, web developers, and database managers across the world.
Trojanized version was compiled in late 2013
The threat actors have recompiled the Trojanized copy from the source code, an action PuTTY maintainers rarely resort to.
The login data is collected when the admin connects to the remote host, by encrypting the credentials and delivering them to the attacker’s web server.
Security researchers from Symantec first spotted the unofficial release in the wild in late 2013, in a limited number of detections; but a gap of one year and a half followed, with wider distribution occurring only recently.
Dumitru Stama from Symantec says that security products have PuTTY on their whitelist and its connections are trusted because of its popularity with system admins.
The bad copy can be recognized by checking the “about” information, which reads “Unidentified build, Nov 29 2013 21:41:02.”
Read more: http://news.softpedia.com/news/Popu...-Version-that-Steals-Credentials-481661.shtml
