Madi is back - New Tricks and a new Command&Control server

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Madi is back - New Tricks and a new Command&Control server
Madi is back - New Tricks and a new Command&Control server.png
Botnet Madi
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / July 25,2012
Editor/Conference Kaspersky lab
Link http://www.securelist.com/en/blog/208193696/Madi is back New Tricks and a New Command Control Server (Archive copy)
Author Nicolas Brulez
Type

Abstract

Last night, we received a new version of the #Madi malware, which we previously covered in our blog.

Following the shutdown of the Madi command and control domains last week, we thought the operation is now dead. Looks like we were wrong.

The new version appears to have been compiled on July 25th as it can be seen from its header:


It contains many interesting improvements and new features. It now has the ability to monitor VKontakte, together with Jabber conversations. It is also looking for people who visit pages containing “USA” and “gov” in their titles. In such cases, the malware makes screenshots and uploads them to the C2.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1069,
   editor = {Kaspersky lab},
   author = {Nicolas Brulez},
   title = {Madi is back - New Tricks and a new Command&Control server},
   date = {25},
   month = Jul,
   year = {2012},
   howpublished = {\url{http://www.securelist.com/en/blog/208193696/Madi_is_back_New_Tricks_and_a_New_Command_Control_Server}},
 }