Difference between revisions of "Madi is back - New Tricks and a new Command&Control server"
Jump to navigation
Jump to search
m (Remplacement de texte — « |Editor=Kaspersky » par « |Editor=Kaspersky lab ») |
m (1 revision imported) |
(No difference)
|
Revision as of 16:27, 7 February 2015
(Publication) Google search: [1]
Madi is back - New Tricks and a new Command&Control server | |
---|---|
Botnet | Madi |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / July 25,2012 |
Editor/Conference | Kaspersky lab |
Link | http://www.securelist.com/en/blog/208193696/Madi is back New Tricks and a New Command Control Server www.securelist.com (www.securelist.com Archive copy) |
Author | Nicolas Brulez |
Type |
Abstract
“ Last night, we received a new version of the #Madi malware, which we previously covered in our blog.
Following the shutdown of the Madi command and control domains last week, we thought the operation is now dead. Looks like we were wrong.
The new version appears to have been compiled on July 25th as it can be seen from its header:
It contains many interesting improvements and new features. It now has the ability to monitor VKontakte, together with Jabber conversations. It is also looking for people who visit pages containing “USA” and “gov” in their titles. In such cases, the malware makes screenshots and uploads them to the C2.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1069, editor = {Kaspersky lab}, author = {Nicolas Brulez}, title = {Madi is back - New Tricks and a new Command&Control server}, date = {25}, month = Jul, year = {2012}, howpublished = {\url{http://www.securelist.com/en/blog/208193696/Madi_is_back_New_Tricks_and_a_New_Command_Control_Server www.securelist.com}}, }