Warp Trojan from China said to fool routers into spreading Windows malware



A security firm says it has spotted malware from China dubbed the Warp Trojan that takes a totally new approach: After infecting a vulnerable Windows computer, it pretends to be a router and tells the real local subnet router to send traffic for other networked computers to the infected machine, so the malware can then try to compromise the other computers through a man-in-the-middle attack.

“It has a direct impact on all the computers on the subnet because it will intercept traffic and make changes to the traffic,” says John Morris, principal security researcher at Kindsight Security Labs. The firm believes Warp Trojan hails from China and may be used as some kind of adware to drive traffic to websites there.

In some respects, Warp Trojan is pretty run-of-the-mill malware in that it infects vulnerable Windows-based computers through known Adobe and Java exploits. But it’s the way the Trojan attempts to spread that sets it apart. It uses a novel man-in-the-middle attack that involves sending an unsolicited ARP request to the local subnet router in order to fool it into directing traffic to the original infected machine.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s