CSIS, a security firm, in a blog post has revealed how it came across new functionalities implemented in the Trojan through a new plug-in dubbed ‘msg.gsm’, whereby Skype is used as a medium for infection. The new plug-in is capable of sending messages and transferring files; deleting messages and transfers from Skype history; bypassing Skype warning/restriction for connecting to Skype; and sending requests to server.
If the Trojan successfully infects a system, it connects back to its command and control server thus providing the attacker to install a VNC server for remote connection; steal cookies; inject HTTP code; upload files to a server; further spread through USB drives.
The security company believes that the focus of the Trojan is UK and that the operators of the C&C are not going for a mass infection across multiple countries. When reported by CSIS, no antivirus product was able to successfully detect the Trojan as a malicious piece of code. As of now the updated VirusTotal report shows 15 successful detections.
