Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    March 2013
    S M T W T F S
    « Feb   Apr »
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for March 11th, 2013




    The Andromeda botnet – first spotted in late 2011 – has recently resurfaced. This threat arrives via a familiar means: spammed messages with malicious attachments or links to compromised websites hosting Blackhole Exploit Kit (BHEK) code. Here is one spam message we saw recently:

    andromeda_spam

    Figure 1. Sample spammed message

    Andromeda itself is highly modular, and can incorporate various modules, such as:

    • Keyloggers
    • Form grabbers
    • SOCKS4 proxy module
    • Rootkits

    As is typical of backdoors, it can download and execute other files like ZeuS, as well as update and remove itself if needed. Typically, variants of the Andromeda malware can be bought online for 300-500 US dollars. However, each of the plugins mentioned above costs an extra sum of money. The most recent version number we have identified is version 2.60. The top affected countries of this threat are Australia, Turkey, and Germany based on our Smart Protection Network feedback below:

    spn_andromeda

    Figure 2. Andromeda infection count from January- February 25 2013

    Read the rest of this entry »

     
    Posted in Botnets, Malware | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice