martes, 20 de noviembre de 2012

Troyan SPYEYE against users from the Balkans Republics


Has been identified a criminal infrastructure of Troyan SpyEye  Control Panel prepared to steal confidential data from users of the Balkan republics.

This server is hosted on IP 91.220.35.45 belongs to ZAMANHOST-NET provider of Romania. This IP also resolves fraudulent domains prontomentos.com, soledantos.com, patentpendingnotetaker.net y rontomentos.com

The connection string that infected computers communicate with Troyan Control Panel is:

hXXp://91.220.35.45/forum.php


Trojan Control Panel is accessed via URL:

hXXp://91.220.35.45/kurcina123/


The “kurcina” Word means “A really big di*k” in Serbian language.

This control panel incorporates 2 new modules in its functionality.

The plugging "E-Mail Grabber":


This module is active from 11/05/2012 and has collected more 159.288 e-mail addresses, most from computer users of Slovenia, Bosnia and Herzegovina and other Balkan republics

The other New plugging is the "FTP Grabber":



If access the statistical panel module can be seen as criminals are primarily interested in collecting private data from email accounts and social networks of users, which means that this panel has been created mainly for the purpose of espionage and intelligence gathering on the profiles and behavior patterns of users of the Balkan republics.


No hay comentarios:

Publicar un comentario en la entrada

Nota: solo los miembros de este blog pueden publicar comentarios.