Citadel V1.3.5.1: enter the fort’s dungeons

From Botnets.fr
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

(Publication) Google search: [1]

Citadel V1.3.5.1: enter the fort’s dungeons
Botnet Citadel
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-10-18
Editor/Conference RSA
Link http://blogs.rsa.com/rsafarl/citadel-v1-3-5-1-enter-the-forts-dungeons/ (Archive copy)
Author Limor Kessem
Type

Abstract

The recent feature was christened under the name “Dynamic Config,” a technology implemented in Citadel v1.3.5.1 (“Rain Edition”) enabling botmasters smoother, quicker interactions with the victim through browser injection technology. Today’s fraud happens in real time, so speed is of the essence. This nifty function allows Trojan operators to create web injections and use them on the fly, pushing them to selected bots without the hassle of pushing/downloading an entire new configuration file.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1182,
   editor = {RSA},
   author = {Limor Kessem},
   title = {Citadel V1.3.5.1: enter the fort’s dungeons},
   date = {18},
   month = Oct,
   year = {2012},
   howpublished = {\url{http://blogs.rsa.com/rsafarl/citadel-v1-3-5-1-enter-the-forts-dungeons/}},
 }