Difference between revisions of "The Coreflood report"

From Botnets.fr
Jump to navigation Jump to search
m (1 revision imported)
Line 1: Line 1:
{{Publication
{{Publication
|Image=
|Botnet=Coreflood,
|Legend=
|Malware=AFcore, Autoproxy,
|CCProtocol=,
|Operation=,
|Year=2008
|Date=6 août 2008
|Editor=DELL SecureWorks
|Link=http://www.secureworks.com/research/threats/coreflood-report/
|Author=Joe Stewart,
|Abstract=In 2003, we analyzed a trojan named "Autoproxy", which was designed to create a botnet of proxy machines for purposes of online anonymity for criminals. We later found that this trojan was related to an older trojan known as Coreflood, or AFcore. This was an IRC trojan that had been around since at least 2002. By 2004, Autoproxy had been rolled into the Coreflood codebase, and the trojan ceased using IRC as a control mechanism, and moved to HTTP. Around the same time, the trojan began to be used to steal data from infected users, leading to a high-profile case where over $90,000 was taken from one individual's bank account.
|Document=
|Document=
|Licence=
|Licence=
|Video=
|Video=
|Link=http://www.secureworks.com/research/threats/coreflood-report/ www.secureworks.com
|NomRevue=SecureWorks threat analyses
|Author=Joe Stewart,
|NomRevue=SecureWorks threat analyses  
|Date=6 août 2008
|Editor=DELL SecureWorks
|Year=2008
|Page=
|Page=
|Abstract=In 2003, we analyzed a trojan named "Autoproxy", which was designed to create a botnet of proxy machines for purposes of online anonymity for criminals. We later found that this trojan was related to an older trojan known as Coreflood, or AFcore. This was an IRC trojan that had been around since at least 2002. By 2004, Autoproxy had been rolled into the Coreflood codebase, and the trojan ceased using IRC as a control mechanism, and moved to HTTP. Around the same time, the trojan began to be used to steal data from infected users, leading to a high-profile case where over $90,000 was taken from one individual's bank account.
|Botnet=Coreflood,
|Malware=AFcore, Autoproxy,
|CCProtocol=,
|Operation=,
}}
}}

Revision as of 12:38, 31 July 2015

(Publication) Google search: [1]

The Coreflood report
Botnet Coreflood
Malware AFcore, Autoproxy
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2008 / 6 août 2008
Editor/Conference DELL SecureWorks
Link http://www.secureworks.com/research/threats/coreflood-report/ (Archive copy)
Author Joe Stewart
Type

Abstract

In 2003, we analyzed a trojan named "Autoproxy", which was designed to create a botnet of proxy machines for purposes of online anonymity for criminals. We later found that this trojan was related to an older trojan known as Coreflood, or AFcore. This was an IRC trojan that had been around since at least 2002. By 2004, Autoproxy had been rolled into the Coreflood codebase, and the trojan ceased using IRC as a control mechanism, and moved to HTTP. Around the same time, the trojan began to be used to steal data from infected users, leading to a high-profile case where over $90,000 was taken from one individual's bank account.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2008BFR852,
   editor = {DELL SecureWorks},
   author = {Joe Stewart},
   title = {The Coreflood report},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2008},
   howpublished = {\url{http://www.secureworks.com/research/threats/coreflood-report/}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=The_Coreflood_report&oldid=4623"