Kelihos botnet trying to expand by harnessing Russian national sentiments
Revision as of 21:30, 31 July 2015 by Eric.freyssinet (talk | contribs) (Text replacement - "Campaign1=" to "Campaign=")
(Publication) Google search: [1]
Kelihos botnet trying to expand by harnessing Russian national sentiments | |
---|---|
Botnet | Kelihos |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-08-22 |
Editor/Conference | Websense |
Link | http://community.websense.com/blogs/securitylabs/archive/2014/08/22/kelihos-botnet-trying-to-expand-by-harnessing-russian-national-sentiments.aspx community.websense.com (community.websense.com Archive copy) |
Author | Ran Mosessco, Nick Griffin, Brandon Laux |
Type | Blogpost |
Abstract
“ What's different about this case is that instead of appealing to the victims' sense of curiosity, the cyber criminals appeal to patriotic sentiments (see details in analysis below), blatantly saying that they will run malware on the intended targets' computers, but without disclosing the true nature of the malware.
The variants we have analyzed so far in this campaign seem to have the spambot and sniffing functionality; no DDoS behavior has been observed during preliminary analysis. Even so, the damage for a business allowing their infrastructure to run such malware could be significant (blacklisting for example).
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1399, editor = {Websense}, author = {Ran Mosessco, Nick Griffin, Brandon Laux}, title = {Kelihos botnet trying to expand by harnessing Russian national sentiments}, date = {22}, month = Aug, year = {2014}, howpublished = {\url{http://community.websense.com/blogs/securitylabs/archive/2014/08/22/kelihos-botnet-trying-to-expand-by-harnessing-russian-national-sentiments.aspx community.websense.com}}, }