andromeda


GamaPoS has received a fair amount of attention since its discovery, in part because the use of .NET is (currently) unique among PoS malware and in part because it leverages the versatile Andromeda botnet. At its core, though, GamaPoS is a scraper designed to steal payment data from the RAM of PoS systems.  GamaPoS is the first documented PoS malware to be written in .NET. Malware written in .NET comes with its advantages and its disadvantages, both for authors and researchers. The most obvious benefit for its authors is that it... [Read More]
by RSS Hong Kei Chan  |  Jul 20, 2015  |  Filed in: Industry Trends
Andromeda is a botnet that has had a long history. The latest version is now 2.09, which most active bots would have already received. Recently, however, our FortiGuard Labs Threat Intelligence system was able to capture the activities of a previous variant of Andromeda that is apparently still alive. During our analysis, we found that it is a cracked version of an old variant, and the author used it for spreading a Bitcoin miner. Andromeda 2.06 The network traffic of most Andromeda variants are very similar - the sent data is Base64-encoded,... [Read More]
by RSS He Xu  |  Jan 07, 2015  |  Filed in: Security Research
NgrBot is a modified IrcBot. It has the capability to join different Internet Relay Chat (IRC) channels to perform various attacks according to the IRC-based commands from the command-and-control (C&C) server. Recently, our botnet monitoring system captured an NgrBot variant with hardcoded version 1.1.0.0. Figure 1. Hardcoded version 1.1.0.0. This new version of the bot carries new features that are much more harmful than before, including the ability to destroy data in the user's hard drive. Wiping The Hard Drive This new version of... [Read More]
by RSS He Xu  |  Jul 10, 2014  |  Filed in: Security Research