Difference between revisions of "Trojan.Whitewell: what’s your (bot) Facebook status today?"
Jump to navigation
Jump to search
(Created page with "{{Publication |Editor=Symantec |Link=http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today |Author=Andrea Lelli, |Type=Blogpost }}") |
|||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Botnet=Whitewell, | |||
|Year=2009 | |||
|Date=2009-10-31 | |||
|Editor=Symantec | |Editor=Symantec | ||
|Link=http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today | |Link=http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today | ||
|Author=Andrea Lelli, | |Author=Andrea Lelli, | ||
|Type=Blogpost | |Type=Blogpost | ||
|Abstract=Sure we have heard a lot about bots and botnets. One key component of a botnet is the command-and-control (C&C) server, which as we know can come in several flavours (IRC, Web pages, newsgroups, custom servers, etc.). Yet, here comes Trojan.Whitewell, which, being tired of old C&C channels, decides to pick up Facebook as a coordinator for the C&C server. I use the word “coordinator” because the Trojan only receives some configuration data from its Facebook account—the actual command execution and data reporting is done through a third party Web server. | |||
}} | }} |
Revision as of 11:12, 3 August 2015
(Publication) Google search: [1]
Trojan.Whitewell: what’s your (bot) Facebook status today? | |
---|---|
Botnet | Whitewell |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2009 / 2009-10-31 |
Editor/Conference | Symantec |
Link | http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today (Archive copy) |
Author | Andrea Lelli |
Type | Blogpost |
Abstract
“ Sure we have heard a lot about bots and botnets. One key component of a botnet is the command-and-control (C&C) server, which as we know can come in several flavours (IRC, Web pages, newsgroups, custom servers, etc.). Yet, here comes Trojan.Whitewell, which, being tired of old C&C channels, decides to pick up Facebook as a coordinator for the C&C server. I use the word “coordinator” because the Trojan only receives some configuration data from its Facebook account—the actual command execution and data reporting is done through a third party Web server.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2200, editor = {Symantec}, author = {Andrea Lelli}, title = {Trojan.Whitewell: what’s your (bot) Facebook status today?}, date = {31}, month = Oct, year = {2009}, howpublished = {\url{http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today}}, }