Difference between revisions of "Probing the Gozi-Prinimalka campaign"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " blog.trendmicro.com" to "") |
||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Link=http://blog.trendmicro.com/trendlabs-security-intelligence/probing-the-gozi-prinimalka-malware/ | |Link=http://blog.trendmicro.com/trendlabs-security-intelligence/probing-the-gozi-prinimalka-malware/ | ||
|Author=Ivan Macalintal | |Author=Ivan Macalintal | ||
|NomRevue=TrendLabs Security Intelligence Blog | |NomRevue=TrendLabs Security Intelligence Blog |
Latest revision as of 22:13, 5 August 2015
(Publication) Google search: [1]
Probing the Gozi-Prinimalka campaign | |
---|---|
Botnet | Gozi, Prinimalka |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-11-13 |
Editor/Conference | Trend Micro |
Link | http://blog.trendmicro.com/trendlabs-security-intelligence/probing-the-gozi-prinimalka-malware/ (Archive copy) |
Author | Ivan Macalintal |
Type |
Abstract
“ To find out more about this Gozi-Prinimalka malware, we acquired samples and analyzed them to check the malware’s routines and notable behaviors. The first sample, detected as BKDR_URSNIF.B, monitors users’ browsing activities. It gathers information if it contains specific strings related to banking and financial institutions such as PayPal, Wells Fargo, and Wachovia among others.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1202, editor = {Trend Micro}, author = {Ivan Macalintal}, title = {Probing the Gozi-Prinimalka campaign}, date = {13}, month = Nov, year = {2012}, howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/probing-the-gozi-prinimalka-malware/}}, }