The following information was obtained from the different cyber security sources and provided as a notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).
The information provided is classified as Restricted pursuant to the PNP Regulation 200-012 on document security with impact rating of significant and threat rating of high, based on PNP Information Communication p. 22 and p.129.
Trojan.GootKit is a Trojan horse that steals confidential information. It also opens a back door and downloads additional files on the compromised computer.
This kind of Trojan comes in a form of a link in a spammed email message or may be downloaded or be spread silently through the use of web exploits. Once it is executed, it creates an entry into the registry which runs every time a Windows system starts up.
GootKit can strike in a couple of different ways, either by infecting the PC or attacking the website. The GootKit connects to web servers using stolen FTP/MYSql credentials and modify the HTML and PHP files with extra codes. The GootKit host searches for thousands of PCs and look for server passwords, mail passwords, unencrypted FP and MySql passwords which it uses to compromise target servers.
The community are advised to follow the best practices in securing and protecting devices from Trojan.GootKit:
• Use a firewall to block all incoming connections from Internet to services that is not for public;
• Use strong passwords;
• Allow only legitimate programs with minimal privileges as necessary;
• Disable autoplay to prevent automatic launching of executable files;
• Turn-off sharing if not necessary;
• Turn-off and remove unnecessary services;
• Always use updated anti-virus; and
• Regularly change the passwords for FTP accounts.
For additional information, please refer to the following security websites:
POINT OF CONTACT