ACG-CYBER SECURITY BULLETIN NO 124 UNDERSTANDING GOOTKIT MALWARE
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).
The information provided was classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
This kind of Trojan comes in a form of a link in a spammed email message or may be downloaded or be spread silently through the use of web exploits. Once it is executed, it creates an entry into the registry which runs every time a Windows system starts up, the malware recorded user actions when they are interacting with the login page, those recordings are assumed to be sent over email to the fraudster.
GootKit can strike in a couple of different ways, either by infecting the PC or attacking the website. The GootKit connects to web servers using stolen FTP/MYSql credentials and modify the HTML and PHP files with extra codes. The GootKit host searches for thousands of PCs and look for server passwords, mail passwords, unencrypted FP and MySql passwords which it uses to compromise target servers.
GootKit’s overall prevalence in the wild is rather limited compared to other malware of its class. This is due to its operators keeping campaigns focused on a small number of countries.
All PNP personnel as well as the public are advised to follow the tips in order not to preventGootkit malware from infecting their devices and computer systems, to wit:
- Don’t install or even run anything from an untrusted source;
- Turn-off sharing if not necessary;
- Always run updated anti-virus on your computers;
- Disable autoplay to prevent automatic launching of executable files;
- Always update your software with the latest patch available;
- Regularly change the passwords for FTP accounts;
- Say NO to unknown links and avoid downloading attachments from unrecognized sources; and
- Always back up your data on an external device.
For additional information, please refer to the following websites:
POINT OF CONTACT