ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Putty Malware stealing credentials.

    News
    malware putty
    1
    1
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      The primary mode of infection relies on users to search for PuTTY and follow a link to a fake mirror rather than the legitimate PuTTY page. To increase the chances users reach the malicious mirrors, the attackers have used search engine optimization techniques. Some HTML pages hosted on the compromised servers reference PuTTY for Mac, PuTTY for Android platforms, or even more obscure things like PuTTY and shampoo, for example. The malicious PUTTY.exe (MD5 b5c88d5af37afd13f89957150f9311ca) comes in the PE format, just like the original. This trojanized version of PuTTY maintains a user interface and function seemingly similar to the original. One difference is the binary was compiled with a different version of Microsoft Visual C++ than PuTTY traditionally has been, and results in a slightly altered user interface. Also, the “About” button reveals altered information, being listed as “Unidentified build, Nov 29 2013 21:41:02.” Given that presumable compile time, that is only a couple of months after the release of PuTTY v0.63, which labels itself as “Release 0.63” under “About.”

      http://blogs.cisco.com/security/trojanized-putty-software

      1 Reply Last reply Reply Quote 2
      • 1 / 1
      • First post
        Last post