Trojan.Whitewell: what’s your (bot) Facebook status today?
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Trojan.Whitewell: what’s your (bot) Facebook status today? | |
|---|---|
| Botnet | Whitewell |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2009 / 2009-10-31 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today (Archive copy) |
| Author | Andrea Lelli |
| Type | Blogpost |
Abstract
“ Sure we have heard a lot about bots and botnets. One key component of a botnet is the command-and-control (C&C) server, which as we know can come in several flavours (IRC, Web pages, newsgroups, custom servers, etc.). Yet, here comes Trojan.Whitewell, which, being tired of old C&C channels, decides to pick up Facebook as a coordinator for the C&C server. I use the word “coordinator” because the Trojan only receives some configuration data from its Facebook account—the actual command execution and data reporting is done through a third party Web server.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2200,
editor = {Symantec},
author = {Andrea Lelli},
title = {Trojan.Whitewell: what’s your (bot) Facebook status today?},
date = {31},
month = Oct,
year = {2009},
howpublished = {\url{http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today}},
}