Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to the news list

Cross-platform Trojan controls Windows and Mac machines

July 25, 2012

Russian anti-virus company Doctor Web is warning users about a dangerous cross-platform Trojan horse that provides criminals with full control over infected machines and can render a system non-operational. The malicious application, dubbed BackDoor.DaVinci.1, runs both in Windows and Mac OS X. Notably, the version for Mac OS X for the first time features rootkit technologies to hide the Trojan's processes and files.

BackDoor.DaVinci.1 is developed and sold by HackingTeam which has been in business since 2003. This malicious program is a multi-component backdoor that includes a large number of functional modules, such as drivers that use rootkit technologies, to hide the application in an operating system.

BackDoor.DaVinci.1 is spread as the AdobeFlashPlayer.jar file, signed using an invalid digital certificate. On July 23 a user sent this signed applet to Doctor Web for analysis.

screen

The file determines the OS type and saves and launches an infected application in the compromised system—currently, Doctor Web's virus analysts have Trojan samples intended for Windows and Mac OS X. It is known that a version targeting mobile platforms also exists.

screen

The malware features a modular architecture: the main backdoor component is supplemented with an encrypted configuration file and rootkit drivers. These drivers enable the malicious application to hide its presence. All Trojan versions use the same configuration file containing the modules' settings.

screen

BackDoor.DaVinci.1 allows criminals to gain full control over an infected computer. In addition, the Trojan saves and transmits information about the infected machine to criminals, acts as a key logger, can take screenshots, and intercept e-mail, ICQ, Skype messages and data captured by a microphone or video camera connected to a computer. In addition, the backdoor has a large set of tools to bypass anti-virus software and firewalls, so it may run unnoticed in a system for a long time. Interestingly, BackDoor.DaVinci.1 for Mac OS X is the first instance of malware for the platform that uses rootkit technologies to hide its files and processes.

HackingTeam criminals call their brainchild a 21st-century weapon and sell BackDoor.DaVinci.1 as a remote control and espionage solution. The Trojan poses a serious threat to users, because it not only intercepts any information on the infected computer but also gives criminals full control over a compromised system, so that they can render it non-operational, for example, by damaging or removing its components.

Despite BackDoor.DaVinci.1 developers' claims that this malicious application can withstand any modern anti-virus program, Dr.Web for Windows and Dr.Web for Mac OS X detect and successfully remove BackDoor.DaVinci.1; therefore, Dr.Web users are well protected against this threat.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments