Peaches Posted September 16, 2010 Report Share Posted September 16, 2010 One Server, Multiple Botnetsby Kevin Stevens During a recent investigation into a server hosting SpyEye, we noticed that there were several open directories that led to other control panels. SpyEye was also the same malware family that recently targeted Polish users. One of the control panels is for URLZone/Bebloh. The other control panel, on the other hand, did not have any name or version so we named it after the server, “Spencerlor.” The investigation led to the discovery of what seems to be three botnets running on one server, which appears to be operated by at least two remote users, as the logs revealed. Three Botnets in One Server SpyEye and URLZone’s modules are both written in English while Spencerlor’s is written in Russian. All three of the botnets on this server are designed and/or configured to only steal German banking credentials. Both Spencerlor and URLZone are actually coded to work with the German banking system using the so-called BLZ. A BLZ is an equivalent of a bank routing number that identifies a user’s bank and branch location More plus screenshots - http://blog.trendmicro.com/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.