Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Alliance of Bot Masters Called ‘Credible Threat’

    By
    Robert Lemos
    -
    December 16, 2012
    Share
    Facebook
    Twitter
    Linkedin

      Some researcher thought it was a law-enforcement sting. Others theorized that it was an elaborate joke. But a call for bot operators to collaborate on attacking the customers of 30 U.S. financial institutions appears to be a “credible threat,” said security firm McAfee in a report issued Dec. 13.

      The operation, known as Project Blitzkrieg, was announced in a semi-private underground forum in September, and described by security firm RSA in a blog post in October. The announcement is the “making of the most substantial organized banking-Trojan operation seen to date,” the company stated in its Oct. 4 blog post.

      In its own research, McAfee, a subsidiary of Intel, tracked down the command-and-control server used by the hacker vorVzakone, who made the forum announcement. The posting included screenshots that gave McAfee enough evidence to track down the bot software used by the hacker and what appears to be a test of the infrastructure for the attack.

      “Although Project Blitzkrieg hasn’t yet infected thousands of victims and we cannot directly confirm any cases of fraud, the attackers have managed to run an operation undetected for several months while infecting a few hundred,” the McAfee report stated.

      The group used a Trojan known as Gozi Prinimalka, a variant of the Gozi Trojan created in 2008, that has always been used to commit financial fraud. The program was not created by vorVzakone, but an early group that appears to no longer be actively developing the malicious software, said Ryan Sherstobitoff, a researcher with McAfee Labs.

      While the Trojan is not new, the calls for collaboration and the improvement to the command-and-control (C&C) server are new, he said.

      “Really, what is new is the collaboration and the innovative back-end (C&C server), where he supplies all the information as to the drop accounts, how to transfer money properly, and many other details,” Sherstobitoff said. “What people thought was a joke has ended up being credible.”

      McAfee used two identifiers leaked by the images posted online to match the campaign pictured in the images to a specific binary caught by the company’s automated analysis systems. The existence of the malware, which was caught by McAfee in April, suggests that at least some of the claims are real.

      The Gozi Prinimalka variant discovered in April by McAfee was first seen in the wild on March 29 and may have infected hundreds of banking customers, according to the report. The latest variant, released in October, is controlled using a C&C server in Romania and has targeted financial institutions exclusively in the United States.

      “On Sept. 9, in the post, he said that he would release the trojan to individuals a couple weeks after they passed an interview,” said Sherstobitoff. “Well, we saw a new Gozi Primimalka campaign spring up in October and end on Nov. 30 with over 80 victims.”

      McAfee expects future attacks to also hit only a modest number of victims to stay under law enforcement’s radar and make it harder to defend against.

      “A limited number of infections reduces the malware’s footprint and makes it hard for network defenses to detect its activities,” the report stated.

      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×