MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


Fusion. A concept adopted by the current crimeware II

It's increasingly common for research processes we find that on the same server are housed, "operating" actively, several crimeware Exploit Pack type from which control and manage the zombies that are part of his fraudulent business .

A while ago we commented on ElFiesta and
ZeuS coexisting in the same environment, and meet the same objectives.

This time, the merger is between Fragus (an increasingly popular crimeware) and ElFiesta. Both packages are hosted on the same server. However, although the potential doesn't mean they are being operated by the same botmaster.

The domain in which they are staying is as follows:

Where is in Fragus and ElFiesta for, is hosted on another folder, the path is As we can see, share the server with IP address, located in Yizhuang Idc Of China Netcom, Beijing.

This demonstrates that opportunities for "business" don't go only by the sale of crimeware, malware, exploit pack and other fraudulent activities, but another alternative is to provide the infrastructure for, in terms of its computing capacity, streamline processes criminal.

Related information

Fusión. Un concepto adoptado por el crimeware actual
Fragus. New botnet framework In-the-Wild
ZeuS and power Botnet zombie recruitment
ElFiesta. Recruitment zombie across multiple threa...

Jorge Mieres

0 comentarios:

Post a Comment