It’s 2012 and Armageddon has arrived
(Publication) Google search: [1]
| It’s 2012 and Armageddon has arrived | |
|---|---|
| Botnet | |
| Malware | Armageddon, Dirt Jumper, Darkness, BlackEnergy |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / March 6th 2012 |
| Editor/Conference | Arbor SERT |
| Link | http://ddos.arbornetworks.com/uploads/2012/03/Crypto-Armageddon-Blog.pdf arbornetworks.com (pdf) (arbornetworks.com (pdf) Archive copy) |
| Author | Jeff Edwards |
| Type | |
Abstract
“ Jeff Edwards, Research Analyst, Arbor Networks ASERT
Armageddon is one of several notable Russian malware families that are designed exclusively for DDoS attacks; it has been on our radar screens for some time now. Its primary competitors within the market of Russian DDoS vendors are Dirt Jumper (a.k.a. RussKill), Darkness/Optima (a.k.a. Votwup), and ofcourse BlackEnergy. We've noticed that the Armageddon code base has undergone some relatively rapid evolution lately, and the purpose of this blog post is to report on some of the new functionality we have observed. With this latest release, the bot uses some new crypto protection to hide its features from casual observers; breaking this encryption revealed some interesting goodies...Arbor Networks
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR924,
editor = {Arbor SERT},
author = {Jeff Edwards},
title = {It’s 2012 and Armageddon has arrived},
date = {06},
month = Mar,
year = {2012},
howpublished = {\url{http://ddos.arbornetworks.com/uploads/2012/03/Crypto-Armageddon-Blog.pdf arbornetworks.com (pdf)}},
}