Harnig is back

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Harnig is back
Botnet Harnig, Rustock
Botnet/malware group
Exploit kits
Distribution vector Harnig
Operation/Working group
CCProtocol HTTP
Date 2011 / 2011-08-09
Editor/Conference FireEye
Link https://www.fireeye.com/blog/threat-research/2011/08/harnig-is-back.html (Archive copy)
Author Atif Mushtaq
Type Blogpost


Rustock's old buddy Harnig is back in action. Harnig is considered to be a very wide spread pay-per-install malware whose sole purpose is to infect PCs and then download and install a variety of other malware on the system for a small fee. There has been a long term relationship between the Harnig and Rustock botnets. For the last two years or so, Rustock has almost always been seen being spread through Harnig.

I reported back in March (right after the Rustock botnet shutdown) that Harnig botnet has abandoned all of its CnCs as well causing suspension of all of its malicious activities. Rustock hasn't yet tried to claim back its previous position, but this is not true in the case of Harnig. After months of silence, Harnig is finally back in business, resuming all of its usual malicious activities.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR1554,
   editor = {FireEye},
   author = {Atif Mushtaq},
   title = {Harnig is back},
   date = {09},
   month = Aug,
   year = {2011},
   howpublished = {\url{https://www.fireeye.com/blog/threat-research/2011/08/harnig-is-back.html}},