Pitou
Pitou is a Trojan spambot that uses infected PCs for coordinating e-mail-spamming campaigns. Although its attacks target third parties, its presence is an indicator of compromised security and carries the possibility of harboring other threats. Users should employ appropriate anti-rootkit and other security solutions for removing Pitou from Windows machines.
The Semi-Routine Resurrection of an Old Trojan
Long life isn't always in the cards for Trojans, which require evolution to retrofit themselves into the modern-day software landscape. Pitou proves that even some of the oldest threats can make a living over the long-term, however, with much of its code reaching back to a program from 2008. Its last confirmed resurgence is in 2018, with still newer features for avoiding detection while it commits spam-related crimes.
The basis of Pitou's code is another Trojan spambot, Srzizbi or Srizbi. Pitou's most identifiable commonalities with it are various string artifacts, but the Trojan enjoys improved anti-analysis and anti-security defenses. However, its payload's purpose stays true to that of its predecessor: sending spam messages that promote tactic Web pharmacy sites for products like Viagra. All of Pitou's features are hidden inside of kernel-based activities, and users few to no chances of visually identifying the attacks.
Pitou includes 32-bit and 64-bit variants for different versions of Windows, along with a flexible installation routine that detects the operating system and implements one of multiple installing and persistence strategies. Although malware experts also observe the Trojan's communicating with a Command & Control server, the Trojan does little with this backdoor, other than retrieving target addresses and spam templates.
Planting Pitou Back in Its Grave
Pitou's long-lived nature might be from its author's willingness for selling access to the maintained version of the Trojan to other criminals, although those without money can use the publicly-available code from an outdated build if they prefer it. Although these variables prevent any infection strategies from being static, malware researchers do find some factors that most compromised PCs share. Pitou doesn't distribute itself, ordinarily, and uses a go-between, such as one of the following Trojan downloaders: Gamarue, Onkods, Upatre, and the Wauchos Botnet.
Additional infection models for Pitou involve compromised or dedicated-hoax websites offering free games or other, click-worthy content. Users can disable scripts in their browsers and scan all new files for protecting themselves from the most detectable drive-by-downloads. Users willing of working inside of a sandbox or similar VE can 'bulletproof' their PCs against Pitou by default since the Trojan self-terminates in these analysis-oriented environments.
Without adequate protection, compromised Windows computers will send undetectable spam for promoting hoax sites to random victims and use the victim's network bandwidth and hardware resources for doing so. Professional-grade anti-malware products should delete Pitou before its installer runs, which is less arduous than removing an MBR-based bootkit notably.
Pitou is, in many ways, a throwback to an older design of Trojan that might seem outdated, relative to the UEFI-compatible equivalents. Some threat actors are finding it's worth the trouble of picking up and dusting off now and again, though, which makes its spamming tactics into a problem for everyone, whether their PCs are infected or pristine.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.