BlackEnergy Trojan Attacks Russian, Ukrainian Banks in New Version
Russian cybercriminals have come up with a more sophisticated version of the notorious BlackEnergy Trojan related to the 2008 cyber assaults against Georgia that now hits online customers of Russian and Ukrainian banks.
In the first week of March 2010 at the RSA Conference in San Francisco, a security researcher, Joe Stewart, revealed the botnet details, which he has named BlackEnergy 2, as per the news published by eWEEK.com on March 4, 2010.
SecureWorks stated that BlackEnergy 2 has been furtively developing for over one year; however, it still carries some of the traits of the first BlackEnergy. It also shows a major rewrite of codebase and has a modular design that makes use of plug-ins for its spam, malware and distributed denial-of-service (DDoS) capabilities.
Till sometime in 2009, BlackEnergy software was used just for distributed denial-of-service attacks with no known element of financial fraud. The victims of the botnet were usually gambling and pornographic websites as well as their network hosts, all of which endure attacks from extortionists or competitors.
Stewart informed that, this time, hackers are using Trojan with a two-way attack. It steals the online banking details of customers and then conducts a distributed denial-of-service (DDoS) attack on banks as a shield, as per the news published by dark READING on March 4, 2010.
He further said that while the banks are engaged in sanitizing their systems from the DDoS, the hackers might be emptying the bank accounts.
Apart from this, the Trojan module design along with plug-in causes damage to the file system of an infected PC on receiving a 'kill' command. The plug-in architecture is that what differentiates this botnet from others like Zeus, where extension is allowed without writing fresh source code into it.
Stewart tracked the botnet's activities to around one dozen targets, all of which were either Ukrainian or Russian banks. This is a deviation from the trend as Eastern European hackers usually prefer targeting banks in Western countries.
Related article: Belgian Defense Ministry Web Site Shuts Down Briefly
» SPAMfighter News - 12-03-2010