Vawtrak gains momentum and expands targets
(Publication) Google search: [1]
| Vawtrak gains momentum and expands targets | |
|---|---|
| Botnet | Vawtrak, Gozi, Prinimalka |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2014 / 2014-09-03 |
| Editor/Conference | PhishLabs |
| Link | http://blog.phishlabs.com/vawtrak-gains-momentum-and-expands-targets (Archive copy) |
| Author | Don Jackson |
| Type | Blogpost |
Abstract
“ Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.
As one arm of the syndicate recently scaled back attacks on targets in Japan, China, Australia, New Zealand, and other Far East countries, the core Russian crew ramped up large scale attacks on U.S. targets beginning approximately three months ago. In July, samples from the Russian crew's new operation were configured to use advanced webinjects attacks against as many as 64 targeted organizations' web sites, including financials, social networks, online retailers (including StubHub), analytics firms, and game portals.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR322,
editor = {PhishLabs},
author = {Don Jackson},
title = {Vawtrak gains momentum and expands targets},
date = {03},
month = Sep,
year = {2014},
howpublished = {\url{http://blog.phishlabs.com/vawtrak-gains-momentum-and-expands-targets}},
}