Sopelka botnet drops Citadel, Feodo, and Tatanga crimeware variants

Summary:Security researchers from S21sec have published an analysis of the Sopelka botnet.

 

stats2

Security researchers from S21sec have published an analysis of the Sopelka botnet. Operating since May 2012, it is known to have launched five unique campaigns, three of which dropped crimeware variants from multiple families.

Based on the researchers' data, the group behind the botnet managed to infect over 16,000 hosts, the majority of which were geolocated to Germany and Spain, the two countries topping the infection per countries chart.

Just how easy is it to develop and manage such a botnet for the sake of monetizing the infected hosts, and cashing out in complete anonymity? In 2012, the process of developing and managing such a botnet is entirely automated, efficient, and most importantly - available as a service through a malicious underground Cybercrime-as-a-Service provider.

Sopelka is a typical representative of the "botnets that never make the news" category. Small, resilent, these botnets usually go beneath the radar until their payload starts attracting the attention of vendors and researchers.

What's also worth emphasizing on regarding this type of "aggregate-and-forget" botnets, is the fact that they plan a crucial role in the ongoing cyber warfare arms race, allowing their operators to launch a multitude of cyber operations, and achieve a complete plausible deniability thanks to the way these botnets were used.

What do you think? Will the future of cyber warfare be dominated by small and targeted botnets, or will it be dominated by good old fashioned massive botnets? Would botnets even count in comparison to targeting a single individual through sophisticated social engineering and technical means?

TalkBack!

Find out more about Dancho Danchev at his LinkedIn profile.

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.