Difference between revisions of "Citadel V1.3.5.1: enter the fort’s dungeons"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " blogs.rsa.com" to "") |
||
| Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Link=http://blogs.rsa.com/rsafarl/citadel-v1-3-5-1-enter-the-forts-dungeons/ | |Link=http://blogs.rsa.com/rsafarl/citadel-v1-3-5-1-enter-the-forts-dungeons/ | ||
|Author=Limor Kessem | |Author=Limor Kessem | ||
|NomRevue=Speaking of Security | |NomRevue=Speaking of Security | ||
Latest revision as of 22:52, 5 August 2015
(Publication) Google search: [1]
| Citadel V1.3.5.1: enter the fort’s dungeons | |
|---|---|
| Botnet | Citadel |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-10-18 |
| Editor/Conference | RSA |
| Link | http://blogs.rsa.com/rsafarl/citadel-v1-3-5-1-enter-the-forts-dungeons/ (Archive copy) |
| Author | Limor Kessem |
| Type | |
Abstract
“ The recent feature was christened under the name “Dynamic Config,” a technology implemented in Citadel v1.3.5.1 (“Rain Edition”) enabling botmasters smoother, quicker interactions with the victim through browser injection technology. Today’s fraud happens in real time, so speed is of the essence. This nifty function allows Trojan operators to create web injections and use them on the fly, pushing them to selected bots without the hassle of pushing/downloading an entire new configuration file.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1182,
editor = {RSA},
author = {Limor Kessem},
title = {Citadel V1.3.5.1: enter the fort’s dungeons},
date = {18},
month = Oct,
year = {2012},
howpublished = {\url{http://blogs.rsa.com/rsafarl/citadel-v1-3-5-1-enter-the-forts-dungeons/}},
}