Hodprot: hot to bot
(Publication) Google search: [1]
Hodprot: hot to bot | |
---|---|
Botnet | Hodprot, Carberp, Sheldor, RDPdoor, Shiz |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / 2011-10-05 |
Editor/Conference | ESET |
Link | http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf go.eset.com (PDF) (go.eset.com (PDF) Archive copy) |
Author | Eugene Rodionov, Aleksandr Matrosov, Dmitry Volkov |
Type |
Abstract
“ As discussed in our presentation at CARO2011 on "Cybercrime in Russia: Trends and issues", the number of Russian cybercrimes related to financial fraud and stealing money from bank accounts increased
significantly in the last year. Moreover we can see accelerated growth in the number of cybercrimes related to banking fraud in the second half of 2011. The most common malware families involved in incidents of banking fraud in Russia are:
- Win32/Carberp
- Win32/Shiz
- Win32/Hodprot
- Win32/Sheldor
- Win32/RDPdoor
Here are the major regions of distribution of these banking Trojans:
- Russia
- Ukraine
- Kazakhstan
Attackers have focused on these countries because similar banking software and mechanisms for financial transactions are in use there. In the late spring and early summer of 2011, according to statistics of incidents provided by Group-IB, one of the most-used families of malware is Win32/Hodprot. This is an interesting family of Trojans which merits further discussion: it implements many sophisticated algorithms and anti-forensic mechanisms.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR1023, editor = {ESET}, author = {Eugene Rodionov, Aleksandr Matrosov, Dmitry Volkov}, title = {Hodprot: hot to bot}, date = {05}, month = Oct, year = {2011}, howpublished = {\url{http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf go.eset.com (PDF)}}, }