14 DAY TRIAL // Security researchers from Trend Micro have uncovered a new backdoor malware family which they’ve dubbed “BLYPT.” The main targets of this threat are regular Internet users from the United States.
According to experts, the Java exploits used to distribute BLYPT are delivered via drive-by downloads or hijacked websites. The exploit leverages CVE-2013-1493, a vulnerability that was patched by Oracle in March.
First, the exploit downloads an installer which retrieves and installs BLYPT’s main component –named logo32.png or logo64.png depending on the victim’s operating system.
Once it infects a computer, the malware allows its master to send various commands to the infected system. These commands include receiving an updated DLL binary, an updated configuration and HTTP request commands.
As far as the command and control (C&C) servers are concerned, most of them are located in Romania (65%), and Turkey (18.4%). Some servers have also been spotted in Belize, China and the United States.
Additional technical details on BLYPT are available on Trend Micro’s blog.