Multiple Botnets Aim At German Bank Clients
Security researchers at Internet security company Trend Micro have detected one central system supporting the C&C (command-and-control) structure for 3 separate banking botnets which attack German consumers.
The finding emerged whilst the researchers investigated an operation by SpyEye. Evidently, they discovered many open directories, which connected with other control infrastructures. One of them served URLZone/Bebloh, while the other was nameless and also without a version therefore the researchers referred to it as "Spencerlor" derived from a server's name.
Hence, the investigation resulted in the finding of 3 botnets -SpyEye, URLZone and Spencerlor all operating on a single server that apparently a minimum of 2 remote users ran, log results suggested.
Of those 3 botnets, SpyEye generates tailored trojans which steal details entered into online forms, such as banking credentials or credit card information as also capture FTP logins and POP3 e-mails.
Meanwhile, Spencerlor seems to be of Russian origin and it's been specially created for infecting computers to hijack bank accounts and move money out of them. Since the cyber-criminals utilize the browser of the victims itself for moving out money, they manage to effectively evade security systems that banks implement into their systems.
The third botnet, URLZone operates slightly differently. It gathers and saves stolen data from bots inside .TXT files rather than in SQL databases. Thereafter, the PHP codes extract the data out of the .TXT files as well as present it before the bot-controllers.
Both URLZone and SpyEye's software programming are in English whereas for Spencerlor, it's Russian. The purpose of all these 3 is singular -to capture the banking credentials of German users. Additionally, URLZone and Spencerlor are scripted for abusing German banking system with the help of a BLZ, which represents the corresponding component of the routing number of a bank that's an identification of an accountholder's bank as also branch location.
Warn specialists that control infrastructures for botnets are constantly becoming better while Internet crooks are devising fresher methods for automating illegal cash transfers. Presently, Internet crooks know the way for infiltrating security filters therefore, users must remain aware about the latest problems for their own safeguard.
Related article: Multiple Flaws Identified in Linux Kernel 2.6
» SPAMfighter News - 29-09-2010