pyth0n3 Posted March 5, 2010 Report Share Posted March 5, 2010 Mar 04, 2010SAN FRANCISCO -- RSA Conference 2010 -- Russian hackers have written a more sophisticated version of the infamous BlackEnergy Trojan associated with the 2008 cyberattacks against Georgia that now targets Russian and Ukrainian online banking customers.Joe Stewart, a security researcher with SecureWorks, says Russian hackers are using the Trojan spread via the BlackEnergy botnet to hit Russian and Ukrainian banks with a two-pronged attack that steals their customers' online banking credentials and then wages a distributed denial-of-service (DDoS) attack on the banks as a cover: "They may be emptying the bank accounts while the banks are busy cleaning up from the DDoS," Stewart says.Dubbed by Stewart as "BlackEnergy 2," this new version of the Trojan is a full rewrite of the code that features a modular architecture that supports plug-ins that can be written without access to its source code. It currently comes with three different DDoS plug-ins, as well as one for spamming and two for online banking fraud, according to Stewart.And with the ability to target users in Russia and the Ukraine, BlackEnergy 2 is a departure from the tradition where many Russian hackers won't target their fellow countrymen or those from other former Soviet Republic countries. "The rules have changed," Stewart says. "There was once an unwritten rule that they didn't attack their own banks."But like most cybercrime operations, money is money, and the BlackEnergy botnet gang appears to be expanding its operations for more profit.Stewart says he has seen no public release of the development kit for BlackEnergy 2, but he was able to match "fingerprints" in the code of this new version with other source code written by the author.So far the attackers using the Trojan and its new plug-ins against banks in Russian and the Ukraine appear to be infecting banking customers via pay-per-install malware scams -- likely via email, according to Stewart, who has notified Russian and Ukrainian law enforcement authorities about the botnet's new activities.And in an especially nasty twist, one plug-in destroys the victim's hard drive. "Then they can't log into their bank," Stewart says. "But we've not seen that" being used in attacks yet, he says.While the Zeus Trojan remains the most popular Trojan, Stewart says BlackEnergy 2 can do things Zeus cannot, such as stealing online credentials plus DDoS'ing. BlackEnergy 2 also steals the user's private encryption key. Stewart has written an analysis of the Trojan, available here BlackEnergy Version 2 Analysis - Research - SecureWorks.So far the BlackEnergy 2 Trojan is targeting only Russian and Ukrainian online banking customers, but Stewart also has spotted two other banking Trojans that also target only Russian and former Soviet Union banking customers. darkreading.com Quote Link to comment Share on other sites More sharing options...
Flubber Posted March 5, 2010 Report Share Posted March 5, 2010 Nu stiu de ce, dar mi se pare umflat articolul, in special sa-l umfle pe Mr. Stewart si sa ii dea o imagine de 'expert in security zomgzor o.O' (nu spun ca nu este asa)[...] and the BlackEnergy botnet gang appears to be expanding its operations for more profit.huh??Suna cu un reportaj de la ProTV -- zomg nea gigica care opera din beci a spart N4S4, acest infractor super mega periculos alearga de 10 ani de politie se ascunde prin tufisuri, toata lumea este speriata, N4S4 a spus ca a facut, dres, blah Quote Link to comment Share on other sites More sharing options...
