Harnig is back
(Publication) Google search: [1]
Harnig is back | |
---|---|
Botnet | Harnig, Rustock |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | Harnig |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | HTTP |
Date | 2011 / 2011-08-09 |
Editor/Conference | FireEye |
Link | https://www.fireeye.com/blog/threat-research/2011/08/harnig-is-back.html (Archive copy) |
Author | Atif Mushtaq |
Type | Blogpost |
Abstract
“ Rustock's old buddy Harnig is back in action. Harnig is considered to be a very wide spread pay-per-install malware whose sole purpose is to infect PCs and then download and install a variety of other malware on the system for a small fee. There has been a long term relationship between the Harnig and Rustock botnets. For the last two years or so, Rustock has almost always been seen being spread through Harnig.
I reported back in March (right after the Rustock botnet shutdown) that Harnig botnet has abandoned all of its CnCs as well causing suspension of all of its malicious activities. Rustock hasn't yet tried to claim back its previous position, but this is not true in the case of Harnig. After months of silence, Harnig is finally back in business, resuming all of its usual malicious activities.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR1554, editor = {FireEye}, author = {Atif Mushtaq}, title = {Harnig is back}, date = {09}, month = Aug, year = {2011}, howpublished = {\url{https://www.fireeye.com/blog/threat-research/2011/08/harnig-is-back.html}}, }