Win32/Gataka banking Trojan - Detailed analysis
(Publication) Google search: [1]
| Win32/Gataka banking Trojan - Detailed analysis | |
|---|---|
| Botnet | Gataka |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 14 aug2012 |
| Editor/Conference | ESET |
| Link | http://blog.eset.com/2012/08/13/win32gataka-banking-trojan-detailed-analysis blog.eset.com (blog.eset.com Archive copy) |
| Author | Jean-Ian Boutin |
| Type | |
Abstract
“ Win32/Gataka is an information-stealing banking Trojan that can read all of your web traffic and alter the balance displayed on your online banking page to hide fraudulent transfers. It exhibits a modular architecture similar to that of SpyEye, where plugins are required to achieve most of the malware functionality. In our previous blog post, we gave an overview of the botnet’s capabilities and some of its recent campaigns. In this second blog post, we will look in more detail at two of the main components of Win32/Gataka: the Webinject and Interceptor plugins. As also shown in the previous blog post, here is the general architecture that characterizes Win32/Gataka. Please refer to the first blog post for a description of each plugin’s functionalities.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1089,
editor = {ESET},
author = {Jean-Ian Boutin},
title = {Win32/Gataka banking Trojan - Detailed analysis},
date = {14},
month = Aug,
year = {2012},
howpublished = {\url{http://blog.eset.com/2012/08/13/win32gataka-banking-trojan-detailed-analysis blog.eset.com}},
}