Sinowal analysis (Windows 7, 32-bit)
Jump to navigation
Jump to search
(Publication) Google search: [1]
Sinowal analysis (Windows 7, 32-bit) | |
---|---|
Botnet | Torpig |
Malware | Sinowal, Mebroot |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / March 3, 2012 |
Editor/Conference | evild3ad.com |
Link | http://www.evild3ad.com/?p=1556 www.evild3ad.com (www.evild3ad.com Archive copy) |
Author | evild3ad |
Type |
Abstract
“ Sinowal (also known as Torpig or Anserin) is constant one of the top banking trojan all over the world since 2006. So I asked myself, why is there so little info on the web? Just found old articles, that’s why I decided to take a new look at Sinowal.
Sinowal is a spyware trojan that can be used to perform post-authentication man-in-the-middle (MitM) content-manipulation attacks, a fancy way of saying that it can change basically anything sent or received between your browser and any web server in any HTTP session, even those encrypted by TLS/SSL. It’s also been incorporated with a boot sector rootkit known as Mebroot (MAOS).
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR908, editor = {evild3ad.com}, author = {evild3ad}, title = {Sinowal analysis (Windows 7, 32-bit)}, date = {03}, month = Mar, year = {2012}, howpublished = {\url{http://www.evild3ad.com/?p=1556 www.evild3ad.com}}, }