Another big botnet

Next story

The antivirus community has been allerted to the activities of the botnet using the Win32/Hexzone.AP. trojan.

It is a typical Trojan that reports to a command and control server using the HTTP protocol. The malware lets an attacker control your computer and do whatever he wants with it. It can be used to send spam, launch a denial of service attack or install other malware. The variants we have analyzed use a custom packer that makes multiple calls to graphical user interface API, probably to fool emulators and analysts into thinking they are dealing with a standard application.

As was reported by the Virus Total portal, cited by Finjan , as well as USA Today, ESET is on of the four antivirus companies that has been protecting its users from this particular malware at a time of its onset.Win32/Hexzone.AP seems to be distributed from a server located in the United Kingdom. Infected computers also communicate with a command and control server located in that same country. Both servers use domain names that have been registered in Russia. We have seen Win32/Hexzone.AP install RansomWare in Russian, meaning that its victims are probably from this area.

To combat the trojans of the Hexzone family, ESET has developed a time-tested generic signature for its detection. According to ESET‘s statistical system ThreatSense.Net®, the mentioned trojan does not even make the first twenty of the most wide-spread infiltrations despite the fact that other security software vendors are reporting a 1.9 million-strong botnet of infected workstations.

About ESET

Founded in 1992, ESET is a global provider of security solutions for corporate customers and households. From a small family-sized venture, ESET has evolved into a leader in proactive malware detection and is in the front lines of combating emerging cyberthreats. Its flagship solutions - ESET NOD32 Antivirus and ESET Smart Security, built on the award-winning ThreatSense® engine are trusted by millions of users to protect their computers against a host of Internet-borne malware, such as viruses, trojans, worms, adware, spyware, phishing, rootkits. ESET has headquarters in Bratislava, Slovakia with branch offices in Prague, Czech Republic; San Diego, USA; and Buenos Aires, Argentina. ESET‘s solutions are available in more than 160 countries worldwide. In 2008, ESET opened its new development center in Krakow, Poland and was ranked by Deloitte Technology Fast 500 as one of the fastest growing technology companies in the EMEA region.