Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Look At the CoreFlood Botnet

Posted by Soulskill on from the from-russia-with-love dept.

CNet is running a story about research from security expert Joe Stewart into the CoreFlood botnet, which has harvested at least "50 gigabytes of compressed data, searchable in a MySQL database," from a group of over 370,000 bot IDs. Stewart explains how the botnet operates and some of the things he's learned about the group that operates it. "Within the 50GB file, Stewart was able to discern how the thieves culled the data. He said they run a test script against that data that will log via a proxy into the bank using the credentials captured, say by a keylogging application. The CoreFlood script will then capture the HTML data on the post long-in page. In most cases, that page also contains the account's bank balance. They do that, he said, so that after running the test they have a picture of what are the highest dollar amounts. 'I don't know whether they steal from all of them. We don't have access to the accounts; the bank is not going to tell us how much was stolen out of any given account. We're not going to get that information, but we know they're actively logging and checking accounts to collect the balance data. The only reason (the script) can see that data is to target the biggest accounts first,' he said."

9 of 120 comments (clear)

  1. Useful information... by Anonymous Coward · · Score: 5, Funny

    Botnets need to start logging something useful.

    Like slashdot accounts with moderator points.

  2. Security Expert Joe Stewart by Anonymous Coward · · Score: 2, Funny

    First I thought "so that's what he's going to do without George Bush in the Whitehouse" but then I realized it's Joe the Security Expert, not Jon the Daily Show host.

  3. Re:Online banking? Sign me up!!!! by nicklott · · Score: 3, Funny

    Good god man! Presumably you get around by horse and cart? I mean, that petrol engine is very convenient and all, but think of the risk of explosion...

  4. Re:Baby steps to the solution by sam0737 · · Score: 2, Funny

    Sounds like much harder to build right than a electronic voting machine...

  5. Re:Key Generator by Missing_dc · · Score: 2, Funny

    wow, I hope that wasn't for paying a bill, you might find your house foreclosed when you get back.

    --
    How amazed would you be to suddenly find that you just forgot what I wrote and you needed to reread my post.... again.
  6. Re:Key Generator by Anonymous Coward · · Score: 2, Funny

    Hmmm...lowish /. ID, mother's maiden name strange, ALIEN! Run!!!!!

  7. Re:Key Generator by sharperguy · · Score: 2, Funny

    My mother is called FE31BB076800267D0BA you insensitive clod!

    --
    "sudo rm -rf your-face"
  8. Re:Key Generator by Ihmhi · · Score: 2, Funny

    Ah, memories. Mrs. FE31BB076800267D0BA always did make the best brownies back in the day.

    --
    Random Thoughts From A Diseased Mind (Not For Dummies)
  9. Xor Re:Key Generator by Anonymous Coward · · Score: 1, Funny

    Now Xor that with something descriptive of your mom like LARGEBOVINE.