Yahoo Mail RAT warning with Gmail mod possibility

A new Trojan named ‘RAT’ was identified back in 2012, which was called Win32.Trojan.IcoScript.A and is a remote administration tool with the ability to control instructions though Yahoo Mail with a with Gmail mod possibility.

This can easily be modified to act together with its authors through Gmail or other well known or should we say ‘Popular’ webmail providers. Virus Bulletin (Link to site below) found the malware, which went unnoticed since 2012.

This new RAT’s noteworthiness stems principally from its capacity to evade the notice of interruption discovery frameworks by working over apparently amiable domains.

According to Paul Rascagnères of G Data, Germany and written by Virus Bulletin ‘RAT’ malware can communicate via Yahoo Mail as well as abuses platforms such as Gmail. Information can be stolen from infected machines over a particular port, as well as connecting to remote server normally.

example of harmless COM usage to get the content of a web page

Yahoo Mail has been having major problems where users cannot even login to gain access to their emails, even though this new RAT warning is out in the open we cannot be sure if there is any connection. But the report does say attackers can use hundreds of diverse email accounts with names similar to those of real users. It is very difficult to distinguish fake accounts from real ones.

RAT makes utilization of Component Object Model tech in MS Windows, making HTTP demands for remote administrations through Internet Explorer. An alternate of its oddities is that it seems to utilize its exceptionally customized scripting dialect to perform different errands. Even more of a worry is the ability of the malware where it can allow attackers to switch to another webmail service, such as Gmail, or even to use services like LinkedIn or Facebook to manage the malware while running a low risk of the communication being blocked.

Please do visit Virus Bulletin as they go into great detail, they talk about the interception of the example decrypt, message in a haystack, and the full conclusion of IcoScript using webmail to control malware.

What are your views on the new remote administration tool RAT?

Yahoo Mail RAT warning with Gmail mod possibility