Sinowal analysis (Windows 7, 32-bit)

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Sinowal analysis (Windows 7, 32-bit)
Botnet Torpig
Malware Sinowal, Mebroot
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / March 3, 2012
Editor/Conference evild3ad.com
Link http://www.evild3ad.com/?p=1556 www.evild3ad.com (www.evild3ad.com Archive copy)
Author evild3ad
Type

Abstract

Sinowal (also known as Torpig or Anserin) is constant one of the top banking trojan all over the world since 2006. So I asked myself, why is there so little info on the web? Just found old articles, that’s why I decided to take a new look at Sinowal.

Sinowal is a spyware trojan that can be used to perform post-authentication man-in-the-middle (MitM) content-manipulation attacks, a fancy way of saying that it can change basically anything sent or received between your browser and any web server in any HTTP session, even those encrypted by TLS/SSL. It’s also been incorporated with a boot sector rootkit known as Mebroot (MAOS).

Bibtex

 @misc{evild3ad2012BFR908,
   editor = {evild3ad.com},
   author = {evild3ad},
   title = {Sinowal analysis (Windows 7, 32-bit)},
   date = {03},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://www.evild3ad.com/?p=1556 www.evild3ad.com}},
 }