The Malware Lab, of which Nart Villeneuve is a member, blogged about Russian malware that was found in a packet capture file from an infected computer associated with a political figure.
Key findings:
- From the malware connections recorded in the packet capture file we were able to discover malware that bundled a Black Energy bot with the “Oficla/Sasfis” Trojan downloader as well as known rogue/fake anti-virus software.
- We were able to access an interface to the Black Energy botnet that was not secured and observed the attackers conduct a brief DDoS attack.
- Despite being a Russian botnet, many of the domain names were .cn and many IP addresses were Chinese.
- This network is linked with an operation that spams nearly 4.3 million email addresses with gambling, pornography, pharmaceuticals, rogue AV software and other malware. It is also linked with an iframe injection campaign.
4 Comments
Guys, you are wrong.
Adware is business. We do never connect with data thieves or something like that. We just show popup advertisements. Is it criminal? Go and find big bosses who silently install software updates (like Microsoft sometimes). THEY DO OWN BIGGEST BOTNETS and can make WHATEVER THEY WANT.
Our ADWARE network is NOT DANGEROUS.
All it can make SHOW POPUPS/REWRITE COOKIES. Thats it. We are affiliate cheaters, we are cookie replacers, and we are POPUP makers. WE ARE NOT agressive. Guys, you are just like children. In modern world there are thing much more dangerous than popups. And all these kind of newspapers like Washington Post, NY – do have just stupid newsmakers. POPUPS are not criminal. My company does make popups for users who have AGREED to our EULA.
Best regards, Prohorov Sasha (Alex) – the most known cyber-hacker in the world
Who is still going to discuss, come on contact to icq provided by ‘evil revealers’.
Phone numbers, Company address – we can provide anything you want.
Lawsuit is open fight, not just like mouse who is hiding in the floor.
Best, regards Alex.
The full story is that RUndll32.ru is just a VICTIM of CRIMINAL DDOS MAKERS!
And we can prove our truth, because we are WHITE adware network. Did you ever heard of Zango?
To whom it may concern,
In my honest opinion, I think that you guys are spending all of your time working on busting low level script kiddies and people just trying to making a perfectly legal living by displaying advertisements. Why don’t you make a report on something bigger than a pay-per-install or pay-per-click network, like fireeye does (it recently completely shut down a major spam botnet). If you guys do wish to continue on your childish tirades, you might want to check out pay-per-install.org, where you can get more information on who you believe are the real bad guys.
Also, the Black Energy bot toolkit was publicly release quite a long time ago. It would be facetious to make a big deal about it or even post that it is worth $40 (it is not worth anything). Maybe you all should do some more in-depth research next time.