Thursday, December 10, 2009

Fusion. A concept adopted by the current crimeware II

It's increasingly common for research processes we find that on the same server are housed, "operating" actively, several crimeware Exploit Pack type from which control and manage the zombies that are part of his fraudulent business .

A while ago we commented on ElFiesta and
ZeuS coexisting in the same environment, and meet the same objectives.

This time, the merger is between Fragus (an increasingly popular crimeware) and ElFiesta. Both packages are hosted on the same server. However, although the potential doesn't mean they are being operated by the same botmaster.

The domain in which they are staying is as follows:

Where is in Fragus http://hotgirldream.net/far/ and ElFiesta for, is hosted on another folder, the path is http://hotgirldream.net/content/. As we can see, share the server with IP address 210.51.166.233, located in Yizhuang Idc Of China Netcom, Beijing.

This demonstrates that opportunities for "business" don't go only by the sale of crimeware, malware, exploit pack and other fraudulent activities, but another alternative is to provide the infrastructure for, in terms of its computing capacity, streamline processes criminal.

Related information

Fusión. Un concepto adoptado por el crimeware actual
Fragus. New botnet framework In-the-Wild
ZeuS and power Botnet zombie recruitment
ElFiesta. Recruitment zombie across multiple threa...

Jorge Mieres
Pistus Malware Intelligence

No comments: