Property:Description

From Botnets.fr
Jump to navigation Jump to search

This is a property of type Text.

Showing 58 pages using this property.
A
Adavanced form of banking trojans' toolbox: * Remain invisible to the user * Modify account balance / hide illegitimate transactions * Check balance / Conduct wire transfers  +
B
Backconnect is based on the concept of reverse proxying, in which the reverse proxy agent takes requests from the servers and forwards them to the machines present in the internal network. When the infected system is situated behind a Network Address Translation (NAT) bridge, malware authors implement the backconnect module.  +
DDoS feature  +
Banking malware collect online banking credentials or help criminals take control of existing connections.  +
Proposes a Bitcoin payment as a method to collect a ransom (or fake fine).  +
C
The 2019/2020 COVID-19 coronavirus pandemic resulted in a number of related or co-occurring attacks and malware operations  +
Monitor camera activity  +
"Microsoft Windows provides an interface for inter process communication. It allows developers to control the objects of other applications. This technology, called COM, can be used to control Internet Explorer. It’s very useful for malware developers because it allows them to manipulate the browser that is being used by a legitimate user."'"`UNIQ--ref-00000000-QINU`"'  +
Contact theft on mobile devices or from online accounts/storage.  +
The malware is able to infect executables for different platforms: 64 and 32 bit, MacOS, Windows, Linux, Android...  +
D
Bug reporting mechanism, used to improve the malware ...  +
Detecting debugging features (debug, winpcap, ...)  +
A record + NS record hosted on a FastFlux botnet  +
These botnets are also called "loaders" and are used for pay-per-install operations.  +
Using dynamic DNS providers such as dyndns(dot)com  +
E
Encrypt the master file table (Microsoft Windows NTFS)  +
F
Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.  +
File download and install / execute  +
G
DDoS by GET flood  +
Generic routing encapsulation  +
H
Using the same principle as DGA, but this time it is the ID of the resource to access that is automatically generated, such as a twitter handle  +
Part of the Pharming process  +
I
Internet of Things assets (cameras, home appliances, ...)  +
L
DDoS feature  +
Block access to regular functions on the computer, filling up the screen and not allowing the user to access to anything else.  +
Logging information is sent to the C&C  +
M
Popular IRC software, sometimes used as basis for IRC malware construction.  +
Distribution du botnet/malware par MSN  +
Mailslots are an IPC mechanism allowing multiple clients to send messages to a server.  +
Memory scrapping (for passwords, credit card data,...)  +
Monitor microphone (sound) activity  +
P
Theft of POP3 logins and passwords  +
Documented feature where the malware contacts the command and control mechanism to ping it and expect commands (all botnets have that feature, thus it is interesting to mention it if it is documented in one of the attached publications)  +
Point-of-sale botnets: target credit card and other personal data on POS terminals.  +
Uses a polymorphic engine to mutate while keeping the original algorithm intact  +
Show a pop-up message on the victims' computers  +
Other premium rate services (such as pay per view videos, games...).  +
Create an infrastructure to proxy attacks, command a botnet through a first level of proxies.  +
R
Remote administration trojans  +
By calling the AddPrintProcessor API  +
Distribution via removable drives  +
Exécution de commandes  +
S
SOCKS proxy  +
Grabbing of SPDY session content.  +
Automatic scan and attack of servers, mostly webservers, using SQL injections, known vulnerabilities, brute force, etc.  +
The code that operates the mutation is on a dedicated server.  +
Propagates through shared drive / network share  +
Distribution par les réseaux sociaux  +
Involves RATs and Rootkits  +
Modification of the browser's start page  +
Store data in NTFS Alternate data streams  +
U
Distribution du botnet/malware par périphérique (clé) USB  +
Désinstallation de malwares non affiliés ou plus exploités  +
Mise à jour du malware grâce au botnet  +
V
Detection of virtual environments or methods to circumvent automated analyses in sandboxes.  +
W
Détournement de la machine victime comme serveur Web  +
World of Warcraft password theft  +
X
XOR encoding of data for storage and/or exfiltration  +