Cisco found a million PCS there is a backdoor spying program-vulnerability warning-the black bar safety net

ID MYHACK58:62201674219
Type myhack58
Reporter 佚名
Modified 2016-04-30T00:00:00


Security expert to remind the majority of PC users: France Tuto4PC company quietly on your PC the binding of adware and spyware. ! Cisco's Talos Group of security researchers says: the French company of some of the other tools, including OneSoftPerDay and the System Healer, etc., are the presence of malicious behavior of the Trojan. Talos Group estimates that about 1 2 0 0 million PC users already in the lure under Download. Tuto4PC company is one of the malicious software program. The researchers said: “Once the PC users install Tuto4PC any kind of utility, the software will run a malicious program and install called“Wizz”the Trojan.” Talos researchers on Wednesday in a blog post wrote: “Wizz have administrative privileges, can not only download and install other programs, also can collect personal information, install and run the control above the upload of executable files and the like.” Talos group senior technical Director, Craig Williams said, via the Wizz software for preliminary analysis, we found that it also can detect the sandbox, antivirus software, security software, forensics software and remote access tools. Most disturbing is that the software can through the EULA, in the case of unauthorized Secret on the PC to install malicious software. Talos team wrote: “Obviously, the software should be classified as backdoors. At least it is a potentially unwanted programs PUP, and there is, which fully meet or even beyond the‘backdoor’of the definition.” Talos said: “Tuto4PC past history is very wonderful, it worked with the Conseil d’Etat the French government MPs)conflict. In 2 0 1 2, 2 0 1 3 and 2 0 1 5 year multiple occasions that Tuto4PC had faced the French regulatory authority of its in the users computer unknowingly installing the software the opinion bashing.” Talos group Technical Director Warren Mercer says: “In the past, it is in the user's computer to install adware and spyware problems, Tuto4PC company has been in the French regulatory bodies paying close attention. However, looks like it did not from the French authorities to the remarks in the Wake, further trying to make it Trojan horse program that can Dodge security software detection. Tuto4PC and Wizz together as an intermediate medium, without the user's consent, and wanton spread of adware, spyware, expandable software, infection of millions of PC.” Talos researchers say, they can by tapping the control terminal and client software for communication between, In order to obtain for Tuto4PC and Wizz component of the relationship between the unique insights. Because of that, Tuto4PC use the one from the Microsoft site, MSDN on the copy of the encryption variable to achieve it the SSL encryption. Talos wrote: “Interestingly, while in the sand box fight, the analysis of the technology against other spending so much time, but the developers did not in encryption technology to invest the same amount of time and effort, but simply from a MSDN blog, copy and paste.” The researchers found Tuto4PC adware/spyware using the 5 to 5 domain names, each of which is Tuto4PC or its affiliates all. Talos said: “These domain names being used to distribute the Wizz. exe binary file. Every domain name has a’PC Clean’, ‘Free Game’as well as ‘Offer’, etc. different forms of the name, in order to confirm its legality, and as to lure users to the bait, to induce the user to complete the download task.”