Vawtrak gains momentum and expands targets

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Vawtrak gains momentum and expands targets
Botnet Vawtrak, Gozi, Prinimalka
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-09-03
Editor/Conference PhishLabs
Link http://blog.phishlabs.com/vawtrak-gains-momentum-and-expands-targets (Archive copy)
Author Don Jackson
Type Blogpost

Abstract

Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.

As one arm of the syndicate recently scaled back attacks on targets in Japan, China, Australia, New Zealand, and other Far East countries, the core Russian crew ramped up large scale attacks on U.S. targets beginning approximately three months ago. In July, samples from the Russian crew's new operation were configured to use advanced webinjects attacks against as many as 64 targeted organizations' web sites, including financials, social networks, online retailers (including StubHub), analytics firms, and game portals.

Bibtex

 @misc{Jackson2014BFR322,
   editor = {PhishLabs},
   author = {Don Jackson},
   title = {Vawtrak gains momentum and expands targets},
   date = {03},
   month = Sep,
   year = {2014},
   howpublished = {\url{http://blog.phishlabs.com/vawtrak-gains-momentum-and-expands-targets}},
 }