Gamarue dropping Lethic bot

From Botnets.fr
Revision as of 13:36, 18 July 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=Gamarue, Lethic, |Feature=Custom packer, |Vector=Gamarue, |Group=Spamming, |Year=2015 |Date=2015-06-11 |Editor=Zscaler |Link=http://research.zscaler.com/...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Gamarue dropping Lethic bot
Botnet Gamarue, Lethic
Malware
Botnet/malware group Spamming
Exploit kits
Services
Feature Custom packer
Distribution vector Gamarue
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2015 / 2015-06-11
Editor/Conference Zscaler
Link http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html (Archive copy)
Author Amandeep Kumar, Nirmal Singh
Type Blogpost

Abstract

The Gamarue (aka Andromeda) botnet is a highly modular botnet family that allows attackers to take complete control of an infected system and perform a range of malicious activity by downloading additional payloads. In this blog, we will cover a recent Gamarue infection that we looked at, which downloads and installs the Lethic bot on an infected system.

The Lethic botnet has been known to be involved in pharmaceutical and replica spam since it's inception as was detailed by Arbor Networks here. Neither of these botnets are new and have both survived takedown attempts by authorities. The Gamarue infection in our case was leading to the download of Lethic bot from the following URLs:

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR1635,
   editor = {Zscaler},
   author = {Amandeep Kumar, Nirmal Singh},
   title = {Gamarue dropping Lethic bot},
   date = {11},
   month = Jun,
   year = {2015},
   howpublished = {\url{http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html}},
 }