Slashdot Mirror
New Cridex Malware Copies Tactics From GameOver Zeus
Trailrunner7 writes The GameOver Zeus malware had a nice run for itself, making untold millions of dollars for its creators. But it was a run that ended with a multi-continent operation from law enforcement and security researchers to disassemble the infrastructure. Now researchers have identified a new variant of the Cridex malware that has adopted some of the techniques that made GOZ so successful in its day.
Researchers at IBM's X-Force research team have seen a new version of Cridex, which is also known as Bugat and Feodo, using some of the same techniques that GOZ used to such good effect. Specifically, the new strain of malware has adopted GOZ's penchant for using HTML injections, and the researchers say the technique is nearly identical to the way that GOZ handled it.
"There are two possible explanations for this. First, someone from the GOZ group could have moved to the Bugat team. This would not be the first time something like this has happened, which we've witnessed in other cases involving Zeus and Citadel; however, it is not very likely in this case since Bugat and GOZ are essentially competitors, while Zeus and Citadel are closely related. The second and more likely explanation is that the Bugat team could have analyzed and perhaps reversed the GOZ malware before copying the HTML injections that made GOZ so highly profitable for its operators," Etay Maor, a senior fraud prevention strategist at IBM, wrote in an analysis of the new malware.
Researchers at IBM's X-Force research team have seen a new version of Cridex, which is also known as Bugat and Feodo, using some of the same techniques that GOZ used to such good effect. Specifically, the new strain of malware has adopted GOZ's penchant for using HTML injections, and the researchers say the technique is nearly identical to the way that GOZ handled it.
"There are two possible explanations for this. First, someone from the GOZ group could have moved to the Bugat team. This would not be the first time something like this has happened, which we've witnessed in other cases involving Zeus and Citadel; however, it is not very likely in this case since Bugat and GOZ are essentially competitors, while Zeus and Citadel are closely related. The second and more likely explanation is that the Bugat team could have analyzed and perhaps reversed the GOZ malware before copying the HTML injections that made GOZ so highly profitable for its operators," Etay Maor, a senior fraud prevention strategist at IBM, wrote in an analysis of the new malware.
>China where all this shite comes from
Are you kidding ? Botnets and other malware are Made In Russia. Go check the chinese forums, there's nothing. On the other hand you'll find more """hacking""" forums in Russian than English.
The world renowned "chinese hackers" are just due to the chinese government being as subtle as a brick to the face in their online operations.
... plus a third, in that no lessons were learned from those two.
It little behooves the best of us to comment on the rest of us.
United States 58.4% spam king. China 5.6%. The United States is the leading malware-hosting nation. U.S. hosted 44 percent of all malware. Even the U.S. government is doing it: "After failing to infect targets with malware in spam emails, the U.S. National Security Agency has reportedly turned to Facebook. According to a report by The Intercept, the NSA “disguises itself as a fake Facebook server” to perform “man-in-the-middle” and “man-on-the-side” attacks and spreads malware. The Intercept is the first in a series of publications created by Pierre Omidyar‘s First Look Media." The U.S. has overtaken India and Russia to become the biggest producer of viruses, according to Network Box. The U.S. is now responsible for 12.05 per cent of the world’s viruses, up from 4.03 per cent from August. GCHQ prefers to put child porn on people's computers according to the Guardian newspaper.