Alliance of Bot Masters Called ‘Credible Threat’
A call for bot operators to cooperate to steal money from at least 30 U.S. banks was dismissed by many researchers. Turns out the threat may be real, if overblown.Some researcher thought it was a law-enforcement sting. Others theorized that it was an elaborate joke. But a call for bot operators to collaborate on attacking the customers of 30 U.S. financial institutions appears to be a "credible threat," said security firm McAfee in a report issued Dec. 13. The operation, known as Project Blitzkrieg, was announced in a semi-private underground forum in September, and described by security firm RSA in a blog post in October. The announcement is the "making of the most substantial organized banking-Trojan operation seen to date," the company stated in its Oct. 4 blog post. In its own research, McAfee, a subsidiary of Intel, tracked down the command-and-control server used by the hacker vorVzakone, who made the forum announcement. The posting included screenshots that gave McAfee enough evidence to track down the bot software used by the hacker and what appears to be a test of the infrastructure for the attack. "Although Project Blitzkrieg hasn't yet infected thousands of victims and we cannot directly confirm any cases of fraud, the attackers have managed to run an operation undetected for several months while infecting a few hundred," the McAfee report stated.
The group used a Trojan known as Gozi Prinimalka, a variant of the Gozi Trojan created in 2008, that has always been used to commit financial fraud. The program was not created by vorVzakone, but an early group that appears to no longer be actively developing the malicious software, said Ryan Sherstobitoff, a researcher with McAfee Labs.