LTS Secure Warning: Gootkit Trojan Spreading Periodically By Different Variations To Improve Its Cause

The Gootkit Trojan was created with the intent to steal confidential information from its victim and creates a backdoor & downloads additional malicious files on the victim device. Gootkit was initially discovered in the year 2010, after which many new iteration of the Trojan have been released to further improve its cause.

 

Technical Details

The Trojan makes it way to users via malspam campaign, injected on the user device when visiting malicious websites & exploit kits such as RIG, Angler & Neutrino.

The Trojan consists of three main modules:-

  • The Loader – Used to setup the persistent environment.
  • The Main Module – Creates a Proxy Server.
  • The Web Injection Module – Used to inject the trojan into the user device.

 

Impact

  • It affects your System Performance as well as functionality.
  • It will steal your credentials / confidential data and sends to the remote attacker.
  • Send a list of drives, processes, open windows, and files of victim device.
  • Create, modify and delete registry keys and files.
  • It makes connection to malicious domains to download & execute malicious files on the infected machines.

 

Recommended Actions

  • Always update your anti-virus software with the latest releases.
  • Try to avoid downloading and using any Freeware application.
  • Always pick Custom or Advanced installation method during freeware and shareware installation.
  • Never download any suspicious attachments or click on any shady-looking link. Take an effort to educate your users on how to identify a mail-spam.
  • Configure email server to block containing file attachments such as .vbs, .bat, .exe, .pif and .scr files.

 

LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013

Leave us a messages Leave us a messages

← Prev Step

Thanks for contacting us. We'll get back to you as soon as we can.

Please provide a valid name, email, and question.

Powered by LivelyChat
Powered by LivelyChat Delete History