Trojan.Whitewell: what’s your (bot) Facebook status today?
Jump to navigation
Jump to search
(Publication) Google search: [1]
Trojan.Whitewell: what’s your (bot) Facebook status today? | |
---|---|
Botnet | Whitewell |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2009 / 2009-10-31 |
Editor/Conference | Symantec |
Link | http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today (Archive copy) |
Author | Andrea Lelli |
Type | Blogpost |
Abstract
“ Sure we have heard a lot about bots and botnets. One key component of a botnet is the command-and-control (C&C) server, which as we know can come in several flavours (IRC, Web pages, newsgroups, custom servers, etc.). Yet, here comes Trojan.Whitewell, which, being tired of old C&C channels, decides to pick up Facebook as a coordinator for the C&C server. I use the word “coordinator” because the Trojan only receives some configuration data from its Facebook account—the actual command execution and data reporting is done through a third party Web server.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2200, editor = {Symantec}, author = {Andrea Lelli}, title = {Trojan.Whitewell: what’s your (bot) Facebook status today?}, date = {31}, month = Oct, year = {2009}, howpublished = {\url{http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today}}, }