Demystifying Pobelka

From Botnets.fr
Revision as of 21:29, 20 August 2015 by Eric.freyssinet (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Demystifying Pobelka
Botnet Pobelka, SpyEye, Citadel
Malware
Botnet/malware group
Exploit kits Blackhole
Services Iframeshop, Prepaidex, SollHost
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-01-11
Editor/Conference Fox-IT
Link http://foxitsecurity.files.wordpress.com/2013/01/demystifying-pobelka1.pdf (Archive copy)
Author Michael Sandee
Type White paper

Abstract

This technical report describes the Pobelka botnet and puts it in the context of global malware operations. Fox-IT’s InTELL unit provides reports like this on a continuous basis to customers in the financial sector so they know who’s targeting their online banking systems and can prepare countermeasures. This report is classified as public.

Key takeaways of the report are:

  • The initial Dutch report on Pobelka by Surfright and Digital Investigation presents a good view on the Pobelka botnet. The report you are reading contains additional technical details on the botnet and answers some of the questions left by the original report.
  • This report provides a broader context in the ecosystem of botnets, Trojans, exploit kits, and the markets where infected computers are traded.
  • This report details the identity of the people running the Pobelka botnet as well as a description of the origin of the botnet and the common methods of communication used.
  • The Pobelka botnet is one of many botnets active in the Netherlands. Unfortunately it’s not an exceptionally large or influential botnet but rather an average sized one.
  • The Pobelka botnet is just one of the many examples of how a single individual was able to attack Internet users for over a year without much resistance. This is a global issue.
  • The ease at which cybercrime services are available to criminals, makes it trivial for anyone to start in this business. The potential gains for the criminals are large, with little to no chance of successful prosecution.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1291,
   editor = {Fox-IT},
   author = {Michael Sandee},
   title = {Demystifying Pobelka},
   date = {11},
   month = Jan,
   year = {2013},
   howpublished = {\url{http://foxitsecurity.files.wordpress.com/2013/01/demystifying-pobelka1.pdf}},
 }