Home > Cyber News > Rovnix Trojan Campaign Targets Users in the UK

Rovnix Trojan Campaign Targets Users in the UK

Rovnix Trojan Campaign Targets Users in the UKSecurity experts with Bitdefender warn about a new wave of Rovnix Trojan infections targeting confidential information. Over 130 000 computers have been compromised in the UK so far.

Analysts label this campaign as one of the most successful ones in the past few months. The crooks have been also quite precise as about 87% of the targeted machines are located in the UK. Between 0.05% and 4% of the attacks have hit countries like Germany, the US, Italy and Iran.

According to Bitdefender experts, the ongoing campaign is a proof that the Rovnix botnet is still growing bigger and stronger. The fact that the cyber criminals have chosen encrypted communications in this campaign is considered a sign that this particular threat is still being developed. More attacks are expected in the coming months.

By analyzing the DGA of the botnet, the experts found out that five to ten domains are generated per quarter or twenty to forty per year. In the process are used word lists that were extracted from publicly available text files like RFC (Request for Comments) pages and GNU Lesser General Public License. Although the campaign is targeting computers mainly in the UK, the US Declaration of Independence is used as a reference when C&C domain names are being generated.

The researchers discovered that unlike in the first attacks, where the data exfiltration from the compromised machine to the C&C server was carried in an unencrypted format, the new campaign is using encryption in order to avoid detection by security products.

Bitdefender specialist’s recommendations:

  • Keep your operating system updated.
  • Make sure that your antivirus program is up-to-date too.
  • Beware of scams that require the execution of unknown code or applications.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share