Botnet | WeLiveSecurity

Botnet

Win32/Gataka: a banking Trojan ready to take off?

We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan

King of Spam: Festi botnet analysis

We have just completed fresh analysis of the malicious software known as Win32/Festi. While the "Festi" botnet created with this malware has been in business since the autumn of 2009 we can see that the software is frequently updated, as described in our analysis, and these updates mean Festi continues to be a potent threat

Anonymous and the Megaupload Aftermath: Hacktivism or Just Plain Ugly?

Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but

2012 Malware and Cybercrime Predictions: The video version

Exactly how people will abuse digital technology for their own ends is difficult to predict, but organizations must plan ahead to protect data and systems. That's why we have been posting our "best guess" cybersecurity predictions on the Threat Blog this month. Today we present 9 of the most important predictions in the form of

Spam campaign uses Blackhole exploit kit to install SpyEye

This article was written in collaboration with my colleague Jean-Ian Boutin. The Wigon botnet (also known as Cutwail) is being used in a massive spam campaign. A multitude of ruses are used to get the user to click on a link: fake LinkedIn or Facebook notifications, free Windows licenses, fake deliveries etc. The links are

AVAR Hong Kong security conference 2011 – in 30 seconds

Well, okay, if you happen to be an extremely fast reader. The Association of Anti Virus Asia Researcher’s (AVAR) 14th AVAR Conference just wrapped up in Hong Kong on Friday. This year, the focus was on security issues in and around the emerging Asian security market, and how to rise to the challenge. As one

Back to School Qbot, now Digitally Signed

The authors of Win32/Qbot (a.k.a. Qakbot) are back with new variants of this infamous malware, and this time the binaries are digitally signed. Qbot is a multifunctional trojan that has had some significant impact in the past. It has also been around a while, with the first variants dating as far back as spring 2007,

Stop spam/botnets? Follow the money

It’s no secret that spam/botnets are big business. There are a multitude of variations on a familiar theme, but after they trick unwitting users, what happens to the money? University of California wondered the same thing. In their recent report, “Click Trajectories: End-to-End Analysis of the Spam Value Chain” they analyze where the money goes,

TDSS: botnets, Kademilia and collective consciousness

The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we've spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on