W32.Xpaj.B: making easy money from complex code

From Botnets.fr
Revision as of 21:51, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " www.symantec.com" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

W32.Xpaj.B: making easy money from complex code
Making easy money from complex code.png
Botnet Xpaj
Malware Xpaj (bot), Sality (bot), Virut (bot)
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2011 /
Editor/Conference Symantec
Link http://www.symantec.com/content/en/us/enterprise/media/security response/whitepapers/w32 xpaj b.pdf (PDF) ((PDF) Archive copy)
Author Sean Kiernan, Piotr Krysiuk, Andrea Lelli, Gavin O’Gorman
Type

Abstract

W32.Xpaj.B is one of the most complex and sophisticated file infectors

Symantec has encountered. Given this level of complexity, it was decided to conduct a deep analysis of this threat. The analysis revealed IP addresses for the command and control (C&C) servers. These servers are used to deliver encrypted binary large objects or ’blobs’ to the infected client. Without obtaining one of these blobs it was not possible to determine the purpose of the threat. An investigation of the server revealed not only copies of these blobs, but details of a clickfraud operation spread over multiple computers hosted in several countries. The server contained logs and databases of the criminal’s activities, including a record of earnings from late September of 2010 up to June 28th of this year. The maximum earnings in a single day were US$450, with an average of US$170 a day. Overall, the scheme grossed approximately US$46,000. This paper gives a detailed analysis of the infrastructure of the threat, the malware involved, a breakdown of earnings, and information about the criminals behind the scam.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR1051,
   editor = {Symantec},
   author = {Sean Kiernan, Piotr Krysiuk, Andrea Lelli, Gavin O’Gorman},
   title = {W32.Xpaj.B: making easy money from complex code},
   date = {30},
   month = Apr,
   year = {2011},
   howpublished = {\url{http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_xpaj_b.pdf (PDF)}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=W32.Xpaj.B:_making_easy_money_from_complex_code&oldid=5758"