‘Magic’ Espionage Malware hits Thousands of UK Computers
Thousands of U.K. business computers have been infected by espionage malware using a custom protocol to communicate with its command and control servers. Researchers at Israeli security company Seculert added that the malware is still percolating with a number of capabilities yet to be deployed.
The custom protocol has another unique element to it, in that it always initiates communication with a command that includes the string “some_magic_code1” as an authenticator. After an initial connection over HTTP, the interaction changes to the custom protocol and additional instructions are fed to infected machines.