The Cridex trojan targets 137 financial organizations in one go

(Publication) Google search: [1]

The Cridex trojan targets 137 financial organizations in one go
Botnet	Cridex, ZeuS, SpyEye, Carberp
Malware	Cridex (bot), Carberp (bot), Dapato
Botnet/malware group
Exploit kits	Phoenix
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date	2012 / March 1st, 2012
Editor/Conference	M86 Security Labs
Link	http://labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/ (Archive copy)
Author	Daniel Chechik
Type

Abstract

“ A few weeks ago M86 Security Labs alerted that cybercriminals managed to compromise hundreds of WordPress-based sites. These attacks started with several large spam campaigns as reported in our most recent blog post on Cutwail. These emails included embedded URL links or HTML attachments that tricked the user to browse to the compromised Web sites. All these links eventually lead to Web pages infected with the Phoenix exploit kit. These cybercriminals operate Fast flux networks, which are a DNS technique used by botnets to hide the main C&C servers.

After the target machine is successfully exploited, the Phoenix exploit kit downloads a Trojan to the victim’s machine. The downloaded Trojan is recognized by antivirus vendors under several names such as Cridex, Carberp and Dapato. Antivirus detection is quite low and only ten out of 43 antivirus scanners in VirusTotal can detect it.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR906,
   editor = {M86 Security Labs},
   author = {Daniel Chechik},
   title = {The Cridex trojan targets 137 financial organizations in one go},
   date = {01},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/}},
 }