myLoader C&C Oficla Botnet in BKCNET "SIA" IZZI with the highest infection rate in Brazil
myLoader is a web application that allows offenders to collect statistical information related to different factors and features on each of the infected computers. The crimeware is sold in the underground market at an average cost of $ 700.
The botnet Oficla started their criminal activities at the beginning of 2010 and just the executable binary detected by antivirus engines as Oficla or Sasfis and is generated by a builder who incorporates myLoader.
In early 2010, MalwareIntelligence warned activities of a botnet Oficla with recruited more than 250.000 computers, that after several days exceeded the figure of 300.000 zombies. A white paper that explains how crimeware marketing and operation of the botnet is available in the documents section.
The Latin American region has a significant development of malware, especially, no doubt, Brazil to the generation of malicious code designed to steal financial in nature through trojans usually spread by email or MSN.
However, it's unique in the region and countries such as Mexico, Peru and Argentina, the trend is also accompanied with an important flow of criminals who aspire even to copy the models of fraudulent and criminal business from across the world routinely generate new research points because of the security incidents that cause, primarily the theft of information.
Under all of this scenery, botnets play a key role in a high percentage, where I dare say almost all of the crimes committed via the Internet. That is, the role of botnets within the current scope of cybercrime, represent the key with which cyber-criminals have.
The following image is an example. This is a botnet Oficla myLoader maintained through, with a total of 9065 recruits zombies.
The botnet Oficla started their criminal activities at the beginning of 2010 and just the executable binary detected by antivirus engines as Oficla or Sasfis and is generated by a builder who incorporates myLoader.
In early 2010, MalwareIntelligence warned activities of a botnet Oficla with recruited more than 250.000 computers, that after several days exceeded the figure of 300.000 zombies. A white paper that explains how crimeware marketing and operation of the botnet is available in the documents section.
The Latin American region has a significant development of malware, especially, no doubt, Brazil to the generation of malicious code designed to steal financial in nature through trojans usually spread by email or MSN.
However, it's unique in the region and countries such as Mexico, Peru and Argentina, the trend is also accompanied with an important flow of criminals who aspire even to copy the models of fraudulent and criminal business from across the world routinely generate new research points because of the security incidents that cause, primarily the theft of information.
Under all of this scenery, botnets play a key role in a high percentage, where I dare say almost all of the crimes committed via the Internet. That is, the role of botnets within the current scope of cybercrime, represent the key with which cyber-criminals have.
The following image is an example. This is a botnet Oficla myLoader maintained through, with a total of 9065 recruits zombies.
Statistics myLoader
Basically displays information related to the amount of compromised computers over the past 15 days, how many are online, among others
Basically displays information related to the amount of compromised computers over the past 15 days, how many are online, among others
And showing what I mentioned above, the top ten of the affected countries led by Brazil with a little over 1300 zombies (almost 15%), and as regards Latin America, followed by Mexico and Argentina.
Statistics geolocation zombies
This image only shows the top ten countries concerned where the botnet has zombies
This image only shows the top ten countries concerned where the botnet has zombies
Computers affected only in Brazil
The list is long and mostly displays information on infected computers
The list is long and mostly displays information on infected computers
An interesting is that this botnet is under the roof of AS6851 in IP address 91.188.60.97. Known under the name of BKCNET "SIA" IZZI or SAGADE, widely popular for its relationship with the housing for criminal resources such as ZeuS, Koobface, business affiliates, among many others.
In the documents section you can download a white paper with information about criminal resources associated with a given range of IP addresses that are under the tutelage of BKCNET "SIA" IZZI.
As for the malicious code is spread through this botnets are the following binary executables:
In the documents section you can download a white paper with information about criminal resources associated with a given range of IP addresses that are under the tutelage of BKCNET "SIA" IZZI.
As for the malicious code is spread through this botnets are the following binary executables:
- _xgrab_v2.exe (668e1dd00c17dae315a2b8af4cd35392)
- server1.exe (3315287968320a0dc4d045d3dae935b4)
Related information
Oficla botnet with more than 200,000 zombies recruits
myLoader. Framework for the management of botnets
myLoader. Base C&C to manage Oficla/Sasfis Botnet [Whitepaper English version]
Criminal activities from BKCNET “SIA” IZZI / ATECH-SAGADE - Part one [Whitepaper English version]
Jorge Mieres
Founder & Director of MalwareIntelligence
Crimeware & Intelligence Analyst Researcher
0 comentarios:
Post a Comment