Andromeda 2.7 features

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Andromeda 2.7 features
Botnet Andromeda
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-04-23
Editor/Conference Fortinet
Link http://blog.fortinet.com/Andromeda-2-7-Features/ blog.fortinet.com (blog.fortinet.com Archive copy)
Author Suweera De Souza
Type Blogpost

Abstract

Recently, we found a new version of the Andromeda bot in the wild. This version has strengthened its self-defense mechanisms by utilizing more anti-debug/anti-VM tricks than its predecessors. It also employs some novel methods for trying to keep its process hidden and running persistently. Moreover, its communication data structure and encryption scheme have changed, rendering the old Andromeda IPS/IDS signatures useless.

Bibtex

 @misc{Souza2014BFR1383,
   editor = {Fortinet},
   author = {Suweera De Souza},
   title = {Andromeda 2.7 features},
   date = {23},
   month = Apr,
   year = {2014},
   howpublished = {\url{http://blog.fortinet.com/Andromeda-2-7-Features/ blog.fortinet.com}},
 }