[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..

To: Securityfocus <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
From: Reversemode <advisories@xxxxxxxxxxxxxxx>
Date: Tue, 13 Mar 2007 18:15:57 +0100

Hi,

The BHO you are talking about is part of a banking malware toolkit which
is  being sold probably.

Among other things (password stealer), this BHO has backdoor and
"botnet" capabilities, implementing several remote commands:
+ upload
+ run
+ update
...

This toolkit also comprises various "infection management system" php
scripts :
+ statistics  about infections, countries...
+ users/victims tracking
+ logs parsing
...
The BHO communicates directly with those scripts for sending and/or
receiving captured information and remote commands respectively.

Watch out for unexpected http traffic containing
commandack.php,mailwab.php..

Cheers,
-Rubén.

Follow-Ups:
- Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
  - From: Nicolas RUFF

References:
- Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
  - From: Thierry Zoller

Prev by Date: Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
Next by Date: Re: Firekeeper - IDS for Firefox available
Previous by thread: Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
Next by thread: Re: Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
Index(es):
- Date
- Thread