Symantec’s Security Response Weblog claims to have identified a hacker who is masqueraded as a representative of a hosting or collocation company and is making an attempt to take in PC users into deploying a remote administration tool on their servers. Depicted in terms of “a security guard script” presented as part of the maintenance package, the script is claimed to be an encoded version of the NSTView admin program.
The “a security guard script’ also gives away a notification email to the attacker having the IP address of the system (in encoded form) it is sprinting on. Integrating slur to injury, the script finds out the sender as “L4M3r” (”lamer”).
In all probability as a safety measure against the destination email address being closed down, the “a security guard script’ also opens an HTML page, which is claimed to be consisted with a secreted reference to a definite server. By inspecting the logs of that system, the hacker are enabled to make out sites that have asked for pages from that server and that must thus be sprinting the script.
