By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

A new malware strain targeting Windows systems is rearing its ugly head. Named SystemBC, this malware installs a proxy on infected computers. The bad news is that SystemBC never comes alone, and usually, the presence of this malware indicates that a computer was also infected by a second threat. Proofpoint researchers, who recently analyzed the malware, say its creators are advertising it on underground cybercrime forums to other malware authors. The SystemBC malware is effectively an on-demand proxy component that other malware operators can integrate and deploy on compromised computers alongside their primary strain. SystemBC's main role is to create a SOCKS5 proxy server through which the other malware can create a tunnel to bypass local firewalls, skirt internet content filters, or connect to its command-and-control server without revealing its real IP address. Proofpoint researchers said they identified an ad on a hacking forum for an unnamed malware strain that appears to be SystemBC, dated in early April, about a month before the malware was first seen online, in May. The ad includes images of the SystemBC backend, through which other malware operators can list active installs, update the malware on users' computers, or configure the final IP to which the malware relays traffic from infected hosts. While initially the malware has been seen in some isolated campaigns, Proofpoint researchers say they've now seen it in the past two months being distributed via exploit kits, such as RIG and Fallout. Follow this thread on OUR FORUM.

 

GTranslate