The Coreflood report
(Publication) Google search: [1]
| The Coreflood report | |
|---|---|
| Botnet | Coreflood |
| Malware | AFcore, Autoproxy |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2008 / 6 août 2008 |
| Editor/Conference | DELL SecureWorks |
| Link | http://www.secureworks.com/research/threats/coreflood-report/ www.secureworks.com (www.secureworks.com Archive copy) |
| Author | Joe Stewart |
| Type | |
Abstract
“ In 2003, we analyzed a trojan named "Autoproxy", which was designed to create a botnet of proxy machines for purposes of online anonymity for criminals. We later found that this trojan was related to an older trojan known as Coreflood, or AFcore. This was an IRC trojan that had been around since at least 2002. By 2004, Autoproxy had been rolled into the Coreflood codebase, and the trojan ceased using IRC as a control mechanism, and moved to HTTP. Around the same time, the trojan began to be used to steal data from infected users, leading to a high-profile case where over $90,000 was taken from one individual's bank account.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2008BFR852,
editor = {DELL SecureWorks},
author = {Joe Stewart},
title = {The Coreflood report},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2008},
howpublished = {\url{http://www.secureworks.com/research/threats/coreflood-report/ www.secureworks.com}},
}