Has been
identified a criminal infrastructure of Troyan SpyEye Control Panel prepared to steal confidential
data from users of the Balkan republics.
This server
is hosted on IP 91.220.35.45 belongs to ZAMANHOST-NET provider of Romania. This
IP also resolves fraudulent domains prontomentos.com, soledantos.com, patentpendingnotetaker.net
y rontomentos.com
The
connection string that infected computers communicate with Troyan Control Panel
is:
hXXp://91.220.35.45/forum.php
Trojan
Control Panel is accessed via URL:
hXXp://91.220.35.45/kurcina123/
The “kurcina”
Word means “A really big di*k” in Serbian language.
This
control panel incorporates 2 new modules in its functionality.
The
plugging "E-Mail Grabber":
This module
is active from 11/05/2012 and has collected more 159.288 e-mail addresses, most
from computer users of Slovenia, Bosnia and Herzegovina and other Balkan
republics
The other
New plugging is the "FTP Grabber":
If access
the statistical panel module can be seen as criminals are primarily interested
in collecting private data from email accounts and social networks of users,
which means that this panel has been created mainly for the purpose of
espionage and intelligence gathering on the profiles and behavior patterns of
users of the Balkan republics.
No hay comentarios:
Publicar un comentario
Nota: solo los miembros de este blog pueden publicar comentarios.