(Editor) Link to the old Wiki page : [1]
Introduction
Publications
| Author | Botnet | Campaign | Year |
---|
Análisis del comportamiento de VOlk y sus funcionalidades | Fernando Catoira | VOlk | | 2012 |
Blackhole, CVE-2012-0507 and Carberp | David Harley Aleksandr Matrosov | Carberp | | 2012 |
Boxer SMS trojan: malware as a global service | Pablo Ramos | Boxer | | 2012 |
Carberp + BlackHole = growing fraud incidents | David Harley Aleksandr Matrosov Eugene Rodionov Dmitry Volkov | Carberp | | 2011 |
Carberp gang evolution: CARO 2012 presentation | Aleksandr Matrosov | Carberp | | 2012 |
Dorifel/Quervar: the support scammer’s secret weapon | David Harley | Dorifel | | 2012 |
Dorkbot: conquistando Latinoamérica | Pablo Ramos | Dorkbot | | 2012 |
ESET analyzes first Android file-encrypting, TOR-enabled ransomware | Robert Lipovsky | Simplocker | | 2014 |
Evolution of Win32Carberp: going deeper | David Harley Aleksandr Matrosov Eugene Rodionov Dmitry Volkov | Carberp | | 2011 |
Festi botnet analysis & investigation | Aleksandr Matrosov Eugene Rodionov | Festi | | 2012 |
Flame, Duqu and Stuxnet: in-depth code analysis of mssecmgr.ocx | Aleksandr Matrosov Eugene Rodionov | Duqu Flame Stuxnet | | 2012 |
Flamer analysis: framework reconstruction | Aleksandr Matrosov Eugene Rodionov | Flame | | 2012 |
From Georgia, with love Win32/Georbot | | | | 2012 |
Hesperbot – A new, advanced banking trojan in the wild | Robert Lipovsky Anton Cherepanov | Hesperbot | | 2013 |
Hodprot: hot to bot | Aleksandr Matrosov Eugene Rodionov Dmitry Volkov | Carberp Hodprot Sheldor RDPdoor Gamker | | 2011 |
Interconnection of Gauss with Stuxnet, Duqu & Flame | Eugene Rodionov | Duqu Flame Gauss Stuxnet | | 2012 |
Kelihos: not alien resurrection, more attack of the clones | David Harley | Kelihos Storm Waledac | | 2012 |
King of spam:Festi botnet analysis | Aleksandr Matrosov Eugene Rodionov | Festi | | 2012 |
Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole | Pierre-Marc Bureau | | | 2013 |
Malicious Apache module used for content injection: Linux/Chapro.A | Pierre-Marc Bureau | | | 2012 |
Malware evolving to defeat anti-DDoS services like CloudFlare? | Alexis Dorais-Joncas | OutFlare | | 2013 |
Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication | Aleksandr Matrosov | Avatar | | 2013 |
Nymaim - obfuscation chronicles | Jean-Ian Boutin | Nymaim | | 2013 |
OSX/Flashback - The first malware to infect hundreds of thousands of Apple Mac | Pierre-Marc Bureau | Flashback | | 2012 |
PokerAgent botnet stealing over 16,000 Facebook credentials | Robert Lipovsky | PokerAgent | | 2013 |
Rovnix Reloaded: new step of evolution | David Harley Aleksandr Matrosov Eugene Rodionov | Carberp | | 2012 |
Rovnix bootkit framework updated | Aleksandr Matrosov | Rovnix | | 2012 |
Rovnix.D: the code injection story | Aleksandr Matrosov | Rovnix | | 2012 |
Smartcard vulnerabilities in modern banking malware | Aleksandr Matrosov | Carberp Ranbyus | | 2012 |
TDL3 : The rootkit of all evil | Aleksandr Matrosov Eugene Rodionov | TDSS | | 2010 |
TDL4 reloaded: Purple Haze all in my brain | David Harley Aleksandr Matrosov Eugene Rodionov | TDL-4 | | 2012 |
Targeted information stealing attacks in South Asia use email, signed binaries | Jean-Ian Boutin | HangOver | | 2013 |
The evolution of TDL: conquering x64 | Aleksandr Matrosov Eugene Rodionov | | | 2011 |
The rise of TOR-based botnets | Aleksandr Matrosov | Atrax PTA | | 2013 |
Versatile and infectious: Win64/Expiro is a cross-platform file infector | Artem I. Baranov | Expiro | | 2013 |
Walking through Win32/Jabberbot.A instant messaging C&C | Alexis Dorais-Joncas | Jabberbot | | 2013 |
Win32/Gataka - or should we say Zutick? | Jean-Ian Boutin | Tatanga Tinba | | 2012 |
Win32/Gataka banking Trojan - Detailed analysis | Jean-Ian Boutin | Tatanga | | 2012 |
Win32/Gataka: a banking Trojan ready to take off | Jean-Ian Boutin | SpyEye Tatanga | | 2012 |
Win32/Sality newest component: a router’s primary DNS changer named Win32/RBrute | Benjamin Vanheuverzwijn | Sality | | 2014 |
Win32/Spy.Ranbyus modifying Java code in RBS Ukraine systems | Aleksandr Matrosov | Ranbyus | | 2012 |
ZeroAccess: code injection chronicles | Aleksandr Matrosov | ZeroAccess | | 2012 |