Cyber gang seeks botmasters to wage massive wave of trojan attacks against U.S. banks
(Publication) Google search: [1]
Cyber gang seeks botmasters to wage massive wave of trojan attacks against U.S. banks | |
---|---|
Botnet | Prinimalka |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-10-04 |
Editor/Conference | RSA |
Link | http://blogs.rsa.com/rsafarl/cyber-gang-seeks-botmasters-to-wage-massive-wave-of-trojan-attacks-against-u-s-banks/ (Archive copy) |
Author | Mor Ahuvia |
Type |
Abstract
“ n one of the most interesting cases of organized cybercrime this year, a cyber gang has recently communicated its plans to launch a Trojan attack spree on 30 American banks as part of a large-scale orchestrated crimeware campaign. Planned for this fall, the blitzkrieg-like series of Trojan attacks is set to be carried out by approximately 100 botmasters. RSA believes this is the making of the most substantial organized banking-Trojan operation seen to date
By investigating the group’s forum-post announcement and analyzing the Trojan, RSA has managed to link the cybergang’s weapon of choice to a little-known, proprietary Gozi-like Trojan, which RSA has dubbed “Gozi Prinimalka.” Derived from the Russian word meaning ”to receive” and alluding to a Trojan drop point, the word “Prinimalka” appears as a folder name in every URL path given by the gang over the years to its crimeware servers. According to underground chatter, the gang plans to deploy the Trojan in an effort to complete fraudulent wire transfers via Man-In-The-Middle (MiTM) manual session-hijacking scenarios.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1198, editor = {RSA}, author = {Mor Ahuvia}, title = {Cyber gang seeks botmasters to wage massive wave of trojan attacks against U.S. banks}, date = {04}, month = Oct, year = {2012}, howpublished = {\url{http://blogs.rsa.com/rsafarl/cyber-gang-seeks-botmasters-to-wage-massive-wave-of-trojan-attacks-against-u-s-banks/}}, }