In our latest Threat Research Update webinar I highlighted recent examples of mobile malware, information-stealing Trojans and the Blackhole Exploit Kit, which my team captured as they worked to bring latest protection to the Dell Next-Generation Firewalls. The telemetry data that we obtain from the large installed base of our Next-Generation Firewalls helps to enhance our threat prevention.
Several months ago, the team discovered the Android-based SuperClean malware, which was available through the Google Play app store and disguised as a memory optimization application (i.e., “memory cleaner”). This malware turned the phone into a bot used to infect Windows-based PCs via USB. Uniquely, it could also record the owner’s GPS-based location, voice conversations and screen captures, and send those to a remote botnet server location.
The team also observed several new variants of the Dorkbot worm and the Tepfer Trojan. The new variant of Dorkbot propagates via Skype to recruit machines into botnets. The Tepfer Trojan, on the other hand, propagates via email attachments, and specifically targets FTP and email client applications to harvest authentication credentials. Alex explained in detail how both Dorkbot and Tepfer participate in the Pay-Per-Install (PPI) malware installation scheme.
The webinar concluded with an explanation of the financial motivation behind the Blackhole Exploit Kit (BEK), as well as its infection cycle, attack vectors (“write once, run anywhere”) and its capability as “exploit-enabling” commercial software.
These are just a few examples of malicious code that bombard networks, large and small. Dell SonicWALL firewalls, with the security intelligence provided by our Threat Research team, protect networks automatically, drastically reducing the risk of an infection and a security breach. To stay updated on the latest threats research by Dell SonicWALL, please visit the Dell Security Center for up-to-the-minute information about viruses, vulnerabilities, and spyware. Subscribers to the Dell SonicWALL gateway threat prevention services receive proactive alerts.