Skip to main content

McAfee Releases Free Tool That Removes Pinkslipbot Leftovers That Use Your PC as Proxy


Last week, McAfee released a tool named AmIPinkC2, a Windows command-line application that removes remnant files of Pinkslipbot infections that allow the malware to continue to use previously infected computers as proxy relays, even if the original malware's binary has been cleaned and removed from infected hosts.


The malware in question is Pinkslipbot, a banking trojan that appeared in 2007 and is also tracked under three other names, such as Qakbot, Qbot, and PinkSlip.

http://www.mcafee.com/activate


Pinkslipbot is a well-known and dangerous threat
Pinkslipbot is a well-known threat on the malware landscape, mainly due to its specific targeting. Its authors aren't going after regular users, but have historically targeted North American companies, especially those in lucrative industry sectors, such as corporate banking, financial institutions, treasury services, and others.

This banking trojan isn't always active, and it keeps coming back in waves, as part of very well-planed campaigns. In the past years, numerous cyber-security companies have tracked its attacks and broken down its different versions [1, 2, 3, 4, 5, 6, 7, 8, 9, 10].

The most recent campaign was spotted by IBM security researchers, who noticed Pinkslipbot versions that caused Active Directory lockouts on infected computers.

McAfee finds new wrinkle in Pinkslipbot infections
One of the companies that have historically tracked Pinkslipbot campaigns is McAfee. Its researchers presented an analysis of the trojan's C&C server infrastructure and its method C&C communications at last year's Virus Bulletin security conference.

Last week, while looking over past and present Pinkslipbot campaigns, researchers found a new wrinkle in the trojan's mode of operation.

Researchers say Pinkslipbot authors are much clever than they initially thought. According to McAfee, besides stealing the user's  data, the banking trojan also uses infected hosts as proxy servers to relay information from the central C&C server to other infected hosts, in a mesh-like network.

New McAfee tool removes last remnants of Pinkslipbot infections
According to McAfee, most security tools remove only the malware's main binaries, crippling the trojan's ability to collect passwords from infected hosts.



These Pinkslipbot removal procedures leave intact the code that creates these proxy servers, which run via the Windows UPnP (Universal Plug and Play) service.


McAfee's new tool will remove these remaining files and prevent Pinkslipbot from using users' PCs to relay C&C commands or to hide the exfiltration of stolen data through a mesh of proxies.


Get More Help- Redeem McAfee Retail Card


Comments

Popular posts from this blog

How to Activate McAfee Product?

Before you begin Check for other security applications. If you have other security software installed on your computer, remove them using the instructions provided by their product manufacturer. Removing these security application is necessary to prevent application conflicts and degraded performance. Follow these steps to redeem a McAfee software product card that you purchased in a store. Activate McAfee Live Safe After you redeem the card, you can  download and install  your McAfee software and  activate your subscription . Open a web browser and go to the link shown on your retail card (for example  http://www.mcafeeactivatehome.com/ . Select:   Your  country Your  language The registration page tries to select the correct region, but it might not always get this right. Confirm that the region is correct before you continue.   Type: ...

How to Use McAfee Total Protection?

McAfee Total security installed and "Install Wizard", follow the instructions as you determine your level of protection. Different preventive tools you need to consider before you install Total Protection program. Activate McAfee Retail Card Prevent non-compliant systems from because of problems in your network. McAfee Total Security as your security program used. The invaders to protect your computer will not be required to run additional programs. More Help : McAfee.com/activate

McAfee Finds A New Home in Waves Notebook

Quincy McAfee started his summer surrounded by the nation’s top hitters and has found a second home with one of the top offensive teams in the New England Collegiate Baseball League. The Pepperdine shortstop joined the Waves last week after playing seven games with the Orleans Firebirds of the Cape Cod Baseball League. http://www.mcafee.com/activate In his first four games with the Waves, McAfee is batting .533 with three RBI and two stolen bases, providing a big boost at the top of a lineup that features six players who are batting above .300. “Being in the lineup in the Cape League, the guys are obviously the cream of the crop. Going from that – learning from them and seeing them swing – and then coming here to a team that’s been successful, I just jumped right in,” McAfee said. “I’m trying to pick up where I left off.” McAfee was a second-team all-West Coast Conference selection for Pepperdine this spring, batting .269 and leading the team in stolen bases. On ...