Alina: following the shadow part 2

From Botnets.fr
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

(Publication) Google search: [1]

Alina: following the shadow part 2
Botnet Alina
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-06-03
Editor/Conference Trustwave
Link https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Following-The-Shadow-Part-2/ (Archive copy)
Author Josh Grunzweig
Type Blogpost

Abstract

For this final part, I'm going to focus on how this malware is installed, what protections the author has placed on the malware to prevent Anti-Virus detection and/or reverse engineering of it, and how Alina aggregates track data. I may also throw in some other random tidbits of information that I've encountered depending on how long this blog post goes. My last one in particular was quite lengthy, so I'm going to do my best to avoid that this time around. We're going to be looking at the same versions as before. I've included the timeline graph below as a reference for readers.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1613,
   editor = {Trustwave},
   author = {Josh Grunzweig},
   title = {Alina: following the shadow part 2},
   date = {03},
   month = Jun,
   year = {2013},
   howpublished = {\url{https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Following-The-Shadow-Part-2/}},
 }