Gigantic digital parasites, fast flux and blacklisting by the Sinowal botnet

In earlier blog posts we discussed sinkholing operation and how the criminals could prevent sinkholing. As discussed, they can easily deploy blacklists of known IPs (or NS) that belong to security companies. In fact malware is already using such blacklists for different purposes. Thanks to AV Tracker malware also can hide from analysis systems (act […]

Info on the Pushdo DGA

Our colleagues from Dell SecureWorks who never reply to our emails published a research paper about Pushdo and it’s domain generation algorithm (DGA). DGAs are implemented malware to evade takedowns. Other malware that features DGAs are Conficker A/B/C, ZeuS Gameover, MultiBanker, Shiz, Bamital, Sinowal, ZeroAccess, TDSS and others. This is the Pushdo DGA: Be aware […]

News on MultiBanker, features now a jabber p2p functionality

In March we have blogged about the MultiBanker gang and their operation. It turns out that earlier this year they were updating their software – hence we saw no active command & control server on the old infrastructure for some time. New MultiBanker (2013) version This is a very quick comparison between the old and […]