Alina: following the shadow part 2

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Alina: following the shadow part 2
Botnet Alina
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-06-03
Editor/Conference Trustwave
Link https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Following-The-Shadow-Part-2/ (Archive copy)
Author Josh Grunzweig
Type Blogpost

Abstract

For this final part, I'm going to focus on how this malware is installed, what protections the author has placed on the malware to prevent Anti-Virus detection and/or reverse engineering of it, and how Alina aggregates track data. I may also throw in some other random tidbits of information that I've encountered depending on how long this blog post goes. My last one in particular was quite lengthy, so I'm going to do my best to avoid that this time around. We're going to be looking at the same versions as before. I've included the timeline graph below as a reference for readers.

Bibtex

 @misc{Grunzweig2013BFR1613,
   editor = {Trustwave},
   author = {Josh Grunzweig},
   title = {Alina: following the shadow part 2},
   date = {03},
   month = Jun,
   year = {2013},
   howpublished = {\url{https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Following-The-Shadow-Part-2/}},
 }