Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    The KOOBFACE FTP grabber component, which is a variant of the LDPINCH Trojan family, usually drops stolen FTP user names and passwords to a remote server controlled by the KOOBFACE gang. This remote server, located in Hong Kong, was taken down last week, thanks largely to the efforts of the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT). However, the KOOBFACE gang was quick to move their server to another hosting company located in China.

    The FTP grabber sends stolen credentials to the remote server using the word “malware” as user-agent and HTTP POST request to the the URL, http://{BLOCKED}

    The admin page is located in the /adm/admin.php directory.

    When a botnet server is taken down, botnet owners tend to avail of bulletproof hosting services or the services of hosting companies that are hard to take down, which not only means business as usual for cybercriminals but also means they are shoring up their “defenses.” In light of these developments, Trend Micro will continuously observe the KOOBFACE family of threats in order to keep our customers protected.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice