Win32/Gataka: a banking Trojan ready to take off
(Publication) Google search: [1]
Win32/Gataka: a banking Trojan ready to take off | |
---|---|
Botnet | Gataka, SpyEye |
Malware | Tinba (bot) |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / June 28,2012 |
Editor/Conference | ESET |
Link | http://blog.eset.com/2012/06/28/win32gataka-a-banking-trojan-ready-to-take-off blog.eset.com (blog.eset.com Archive copy) |
Author | Jean-Ian Boutin |
Type |
Abstract
“ We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan was first publicly discussed in 2011 by S21Security (http://securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html) but has received surprisingly little attention since then.
Win32/Gataka has a similar architecture to SpyEye in that several plugins can be downloaded to add more functionality. It is developed in C++ and is overly verbose in both the debug strings in its binaries and the amount of logging information that is sent back to the C&C.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1060, editor = {ESET}, author = {Jean-Ian Boutin}, title = {Win32/Gataka: a banking Trojan ready to take off}, date = {28}, month = Jun, year = {2012}, howpublished = {\url{http://blog.eset.com/2012/06/28/win32gataka-a-banking-trojan-ready-to-take-off blog.eset.com}}, }