S21sec’s Story of a Botnet Dismantling
According to researchers from 'S21sec' the security company, in September 2012 last, they deactivated a botnet known as Sopelka. The particular botnet was designed for garnering banking credentials belonging to customers of banks in Germany, Spain, Italy, Holland as well as Malta, the company reported.
Incidentally, it was in May 2012 that the botnet (Sopelka) emerged as it was characterized with the special way it distributed configuration files and binaries. The 3 different banker Trojans - Citadel, Feodo and Tatanga got disseminated when the botnet carried out its operations.
Additionally, the botnet utilized various mobile components related to Symbian, BlackBerry and Android cell-phones.
The researchers comment that when the botnet was in form, a minimum of 5 malware attacks were launched as also possibility more.
And amongst those 5, three unleashed Citadel of the 126.96.36.199 ad 188.8.131.52 versions, while Tatanga and Feodo were unleashed via the remaining two, respectively. Indeed, the Citadel attacks were more specifically referred to as Sopelka since they adopted the botnet's that very special path of distributing configuration files and binaries. Comparatively, the same observation was not made for Feodo and Tatanga.
Also when the researchers at S21sec conducted an analysis of the botnet's infection it was revealed that 59% of the people whose computers were infected belonged to Germany, 38% to Spain, besides those of a far fewer count such as 2%, 1% and less than 1% that belonged to Switzerland, Portugal as well as Italy respectively. Further there were some negligible numbers that belonged to U.K., USA, The Netherlands, Hong Kong, as well as others.
Additionally, it was as well discovered that the bot-masters contaminated more than 16,000 distinct IP addresses.
In the meantime, it's worth noting that Sopelka most familiarly belonged to that botnet type, which actually doesn't ever hit the headlines. The type is descriptive of small, tough botnets that overcome takedown attempts, bypassing all security solutions till security researchers and Internet regulators actually notice their attack payloads.
Emphatically and most unfortunately, this type of botnet in a significant way, strategically and surreptitiously participates within the currently spreading cyber-warfare, particularly relating to the arms race.
Related article: SA Banks Alert Customers about Phishing Scams
» SPAMfighter News - 07-11-2012