MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


Oficla botnet with more than 200,000 zombies recruits

In a recent investigation, we discovered a Oficla botnet, also known as Sasfis in nomenclature of some antivirus companies, with a significant amount of zombies recruited in 48 countries, demonstrating the connotation scale represents the same on stage crimeware.

The base command and control (C&C) of this botnet Oficla is maintained through crimeware myLoader (costing in the underground market is USD 700) and is in Russia, a country in which the largest number of computers infected with a total of 116.119, followed by Ukraine with 53.746.

The total number of zombies that are part of this botnet amounts to an alarming number of 210.619. This information can be verified through the following screen.

While the figure is alarming, the problem is much deeper and disturbing. That is, for a system to an active part of a botnet, means that previously was infected by malicious code (in this case, Oficla/Sasfis), which shows clearly the failure of the security mechanisms implemented to counter this threats.

Not only in terms of prevention of infection but also to detect, depending on the type of traffic TCP/IP and HTTP, the system is part of a botnet.

On the other hand, it's important to note that the recruitment of this botnet continues to rise with approximately 120 computers infected per hour.

A report with more details on the management framework and the power of the botnet recruitment Oficla/Sasfis can be downloaded from the papers section of Malware Intelligence.

Related information
myLoader. Framework for the management of botnets
SpyEye Bot. Analysis of a new alternative scenario crimeware
State of the art in Eleonore Exploit Pack
RussKill. Application to perform denial of service attacks
DDoS Botnet. New crimeware particular purpose
ZeuS Botnet y su poder de reclutamiento zombi

Jorge Mieres

1 comentarios:

Anonymous said...


Post a Comment