back to article Why no one smells a RAT: Trojan uses YAHOO WEBMAIL to pick up instructions

Cybercrooks commonly run botnet command-and-control networks using servers or (less frequently) a peer-to-peer network, but one gang of scammers has broken the mould by managing a Trojan using Yahoo webmail. The recently discovered IcoScript Trojan is a classic remote administration tool (RAT), but what makes it highly unusual …

  1. Ivor
    Big Brother

    and in the real world

    "All of these communication techniques are unlikely to be blocked in corporate environments."

    really? it's not unusual at all in most large corporates to block webmail, social networking, linked-in etc

    1. Pascal Monett Silver badge

      True, but don't forget BYOD and managerial access exceptions.

    2. frank ly

      Re: and in the real world

      They could use images in Flickr, or personal blog posts on any of hundreds of sites.

      1. mark 63 Silver badge

        Re: flikr

        yeah if they really wanted to avoid corporate machines

    3. Trygve Henriksen

      Re: and in the real world

      And how do you block webmail?

      (Besides YaHell and Gmail, of course)

      I have two webmail services I use regularly, and one or two that are 'not so regularly' checked.

      1. NogginTheNog

        Re: and in the real world

        If your company uses a third-party Internet proxy service then they'll usually categorise and block all the major webmail providers for you, as well as dozens of other different classes of allowed or not-allowed traffic.

    4. Hans 1

      Re: and in the real world

      linked-in? If you block that, you are silly - do you not want a corporate presence on that platform?

      The rest: fessbook, twatter even webmail, obviously ...

  2. Anonymous Coward
    Anonymous Coward

    At least this solves the mystery

    of exactly who still uses Yahoo! email accounts

  3. JimmyPage Silver badge
    Linux

    Another reason

    Not to use IE.

    Or Windows, in fact.

    IcoScript uses the Component Object Model technology in Microsoft Windows to control Internet Explorer to make HTTP requests to remote services. It also uses its own kind of scripting language to perform tasks.

    1. Refugee from Windows

      Re: Another reason

      The browser choice option should have meant when selecting to use a browser that's not IE, that all the working components of IE are permanently removed from the system.

      1. dajames
        Facepalm

        Re: Another reason

        The browser choice option should have meant when selecting to use a browser that's not IE, that all the working components of IE are permanently removed from the system.

        Yes, absolutely. I'm sure what the EU really wanted to demand was that it should be possible to remove IE completely from Windows and that all Windows's internal web communications (for things like Windows Update) should be made to work using third-party browsers; not simply that Microsoft should make it easy for users to install a third-party browser in addition to IE on a freshly-installed Windows system.

        I'm equally sure that the reason they stopped short of that was that Microsoft (once again) argued that their own browser's code was so intimately embedded in the core of Windows itself that it could not be extracted without surgery from which the patient might not recover. (MS may also have felt that third-party browsers might be insufficiently bug-compatible with their own browser's HTML and JS implementations or their own websites' reliance on ActiveX.)

        I can't help feeling that the answer to that should have been that if Windows was so poorly coded that the internal browser logic couldn't be removed without breaking it then perhaps it didn't deserve to live.

        Or as Arthur Ransome put it:

        BETTER DROWNED THAN DUFFERS IF NOT DUFFERS WONT DROWN.

      2. Anonymous Coward
        Anonymous Coward

        Re: Another reason

        "The browser choice option should have meant when selecting to use a browser that's not IE, that all the working components of IE are permanently removed from the system."

        What browser choice option is that?

        Oh, you meen the one that accidentally on purpose went missing in Windows 7?

        Note: It was missing from my copy of Windows 7 Ultimate bought in 2010.

        1. Anonymous Coward
          Anonymous Coward

          Re: Another reason

          On the Windows 7 desktops I installed it appeared along with the first batch of Windows Updates.

    2. Yatsura

      Re: Another reason

      Err, you can do this with Firefox, Chrome, etc see Selenium.

    3. Anonymous Coward
      Big Brother

      Yahoo webmail malware trojan

      @JimmyPage: "Another reason Not to use IE Or Windows, in fact."

      I'm confused, if this RAT malware only runs on Internet Explorer under Windows, and could function under any webmail service, then why the mention of Yahoo Mail in the second paragraph?

  4. mark 63 Silver badge

    well i think I'll be safe, i cant get to yahoo from home using script/com model , and neither can my NAS, much to my annoyance.

    1. Hans 1

      Sounds like you did not read the article ... how about grepping it for hotmail or gmail.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like