Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to DevilRobber Trojan Ruomu Guo CPSC 620 Presentation.

Similar presentations

Presentation on theme: "An Introduction to DevilRobber Trojan Ruomu Guo CPSC 620 Presentation."— Presentation transcript:


2 An Introduction to DevilRobber Trojan Ruomu Guo CPSC 620 Presentation

3 What is DevilRobber Trojan  1: Transmission: Bit Torrent Seed  2: Function: access user’s computer steel user’s private information generate Bitcoin virtual currency

4 The Principle of Trojan  Trojan Application consists of two parts 1: Server Part (Server) 2: Controller Part (Client)  Interaction Open clients’ ports to send data back to the specified server Hackers could take advantage of such ports to enter OS X

5 The Principle of Trojan  Operation Trojan horse programs cannot operate automatically Embedded in some documents or files users may be interested in  Trigger Must open infected files or implement infected application  Categories Universal VS Transitive

6 Analysis of DevilRobber Trojan  Operation System Platform Mac OS X ( Based on UNIX ) Mac OS X application such as Graphic Converter software  Function Steal user’s sensitive information and private data Control GPU to generate BitCoin virtual currency automatically Monitoring computers’ activities

7 Analysis of DevilRobber Trojan Copy TrueCrypt and its relevant data Copy Safari browsing history Copy users’ Bash_history to dump.txt

8 Analysis of DevilRobber Trojan  Unusual Features take advantage of GPU to automatically generate Bit-coins Bits-coins also can be used for exchange for real current currency. One Bit currency is equivalent to about $ 3.00

9 New Version of DevilRobber Trojan  Dispersal Old Version: Disguise as a popular image editing program such as PixelMator New Version: Disguise as download tools and contact with some FTP server

10 New Version of DevilRobber Trojan  Circumvention Not trying to capture a screenshot sent back to the remote server No longer check the Little Snitch firewall  Confuse User Little Snitch users can authorize the Trojans to communicate with an external server without their known.

11 How to Avoid DevilRobber infection  Check source of download files Trust of source of download  Various types of DevilRobber Trojan Disguise as a PDF file Disguise as Adobe Flash update installation

12 Vulnerability Fixed and Solution  Enhance Mac OS X Security Apple has released update package for users to download Virus Feature Definition XProtect.plist

13 Reference 1 : What Apple's sandboxing means for developers and users sandboxing-means-for-developers-and-users/ 2 : Mac Trojan poses as PDF to open botnet backdoor pdf-to-open-botnet-backdoor.ars 3 : Apple kills code-signing bug that threatened iPhone users g.html

14 Lecture End Thanks

Download ppt "An Introduction to DevilRobber Trojan Ruomu Guo CPSC 620 Presentation."

Similar presentations

Ads by Google