Sinowal analysis (Windows 7, 32-bit)
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
| Sinowal analysis (Windows 7, 32-bit) | |
|---|---|
| Botnet | Torpig |
| Malware | Sinowal, Mebroot |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / March 3, 2012 |
| Editor/Conference | evild3ad.com |
| Link | http://www.evild3ad.com/?p=1556 www.evild3ad.com (www.evild3ad.com Archive copy) |
| Author | evild3ad |
| Type | |
Abstract
“ Sinowal (also known as Torpig or Anserin) is constant one of the top banking trojan all over the world since 2006. So I asked myself, why is there so little info on the web? Just found old articles, that’s why I decided to take a new look at Sinowal.
Sinowal is a spyware trojan that can be used to perform post-authentication man-in-the-middle (MitM) content-manipulation attacks, a fancy way of saying that it can change basically anything sent or received between your browser and any web server in any HTTP session, even those encrypted by TLS/SSL. It’s also been incorporated with a boot sector rootkit known as Mebroot (MAOS).
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR908,
editor = {evild3ad.com},
author = {evild3ad},
title = {Sinowal analysis (Windows 7, 32-bit)},
date = {03},
month = Mar,
year = {2012},
howpublished = {\url{http://www.evild3ad.com/?p=1556 www.evild3ad.com}},
}