Hodprot: hot to bot

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Hodprot: hot to bot
Hodprot hot to bot.png
Botnet Hodprot, Carberp, Sheldor, RDPdoor, Shiz
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2011 / 2011-10-05
Editor/Conference ESET
Link http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf go.eset.com (PDF) (go.eset.com (PDF) Archive copy)
Author Eugene Rodionov, Aleksandr Matrosov, Dmitry Volkov
Type

Abstract

As discussed in our presentation at CARO2011 on "Cybercrime in Russia: Trends and issues", the number of Russian cybercrimes related to financial fraud and stealing money from bank accounts increased

significantly in the last year. Moreover we can see accelerated growth in the number of cybercrimes related to banking fraud in the second half of 2011. The most common malware families involved in incidents of banking fraud in Russia are:

  • Win32/Carberp
  • Win32/Shiz
  • Win32/Hodprot
  • Win32/Sheldor
  • Win32/RDPdoor

Here are the major regions of distribution of these banking Trojans:

  1. Russia
  2. Ukraine
  3. Kazakhstan

Attackers have focused on these countries because similar banking software and mechanisms for financial transactions are in use there. In the late spring and early summer of 2011, according to statistics of incidents provided by Group-IB, one of the most-used families of malware is Win32/Hodprot. This is an interesting family of Trojans which merits further discussion: it implements many sophisticated algorithms and anti-forensic mechanisms.

Bibtex

 @misc{Rodionov2011BFR1023,
   editor = {ESET},
   author = {Eugene Rodionov, Aleksandr Matrosov, Dmitry Volkov},
   title = {Hodprot: hot to bot},
   date = {05},
   month = Oct,
   year = {2011},
   howpublished = {\url{http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf go.eset.com (PDF)}},
 }