Difference between revisions of "Hodprot: hot to bot"
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Image=Hodprot_hot_to_bot.png | |Image=Hodprot_hot_to_bot.png | ||
| | |Botnet=Hodprot, Carberp, Sheldor, RDPdoor, Shiz, | ||
| | |Malware=, | ||
| | |CCProtocol=, | ||
| | |Operation=, | ||
|Year=2011 | |||
|Date=2011-10-05 | |||
|Editor=ESET | |||
|Link=http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf go.eset.com (PDF) | |Link=http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf go.eset.com (PDF) | ||
|Author=Eugene Rodionov, Aleksandr Matrosov, Dmitry Volkov, | |Author=Eugene Rodionov, Aleksandr Matrosov, Dmitry Volkov, | ||
|Abstract=As discussed in our presentation at CARO2011 on "Cybercrime in Russia: Trends and issues", the number of Russian cybercrimes related to financial fraud and stealing money from bank accounts increased | |Abstract=As discussed in our presentation at CARO2011 on "Cybercrime in Russia: Trends and issues", the number of Russian cybercrimes related to financial fraud and stealing money from bank accounts increased | ||
significantly in the last year. Moreover we can see accelerated growth in the number of cybercrimes related to banking fraud in the second half of 2011. The most common malware families involved in | significantly in the last year. Moreover we can see accelerated growth in the number of cybercrimes related to banking fraud in the second half of 2011. The most common malware families involved in | ||
| Line 28: | Line 25: | ||
statistics of incidents provided by Group-IB, one of the most-used families of malware is Win32/Hodprot. This is an interesting family of Trojans which merits further discussion: it implements | statistics of incidents provided by Group-IB, one of the most-used families of malware is Win32/Hodprot. This is an interesting family of Trojans which merits further discussion: it implements | ||
many sophisticated algorithms and anti-forensic mechanisms. | many sophisticated algorithms and anti-forensic mechanisms. | ||
| | |Document= | ||
| | |Licence= | ||
| | |Video= | ||
| | |NomRevue=ESET white paper | ||
|Keyword=, | |ISBN= | ||
|Page= | |||
|Keyword=, | |||
}} | }} | ||
Latest revision as of 04:16, 20 August 2015
(Publication) Google search: [1]
| Hodprot: hot to bot | |
|---|---|
| |
| Botnet | Hodprot, Carberp, Sheldor, RDPdoor, Shiz |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2011 / 2011-10-05 |
| Editor/Conference | ESET |
| Link | http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf go.eset.com (PDF) (go.eset.com (PDF) Archive copy) |
| Author | Eugene Rodionov, Aleksandr Matrosov, Dmitry Volkov |
| Type | |
Abstract
“ As discussed in our presentation at CARO2011 on "Cybercrime in Russia: Trends and issues", the number of Russian cybercrimes related to financial fraud and stealing money from bank accounts increased
significantly in the last year. Moreover we can see accelerated growth in the number of cybercrimes related to banking fraud in the second half of 2011. The most common malware families involved in incidents of banking fraud in Russia are:
- Win32/Carberp
- Win32/Shiz
- Win32/Hodprot
- Win32/Sheldor
- Win32/RDPdoor
Here are the major regions of distribution of these banking Trojans:
- Russia
- Ukraine
- Kazakhstan
Attackers have focused on these countries because similar banking software and mechanisms for financial transactions are in use there. In the late spring and early summer of 2011, according to statistics of incidents provided by Group-IB, one of the most-used families of malware is Win32/Hodprot. This is an interesting family of Trojans which merits further discussion: it implements many sophisticated algorithms and anti-forensic mechanisms.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR1023,
editor = {ESET},
author = {Eugene Rodionov, Aleksandr Matrosov, Dmitry Volkov},
title = {Hodprot: hot to bot},
date = {05},
month = Oct,
year = {2011},
howpublished = {\url{http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf go.eset.com (PDF)}},
}