Thursday, May 21, 2015

Beware of Trojanized version of Putty SSH client distributed in the Wild

Summary
Reports of a trojanized version of Opensource SSH PUTTY client is found to the distributed in the wild.

Attacks
 According to the report, if appear to occur in the following manner
  1. The victim performs a search for PuTTY on a search engine.
  2. The search engine provides multiple results for PuTTY. Instead of selecting the official home page for PuTTY, the victim unknowingly selects a compromised website.
  3. The compromised website redirects the user several times, ultimately connecting them to an IP address in the United Arab Emirates. This site provides the user with the fake version of PuTTY to download.

Mitigation
  1. Always ensure that you only download the software from the authors/publisher official homepage.
  2. Check the Software’s “About Information”. According to the report, the malicious version will show this. 
 References:


  1. http://www.net-security.org/malware_news.php?id=3041 
  2. http://www.symantec.com/connect/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information

No comments: