Funny story came out with attempts to unravel the mysteries of "fundamental" malware Flame and Gauss - malicious programs that steal user data for payment systems and banking services: the two companies in charge of network security, literally "knocked heads together."
Some time ago, "Kaspersky Lab" has announced the availability of the similarities in the code Flame and Gauss, suggesting that both malware are essentially birds of a feather.
The company FireEye, known for her collaboration with Microsoft operations to destroy the botnet Grum (sorry, did not complete and final) published the results of his research, which indicated that the owners of Gauss is now used as a command center that server with the same IP-address on which the CnC (command server) Flame.
- Previously, "Kaspersky Lab" has found a curious similarity in the code between Gauss and Flame, but recent events prove conclusively that for Gauss, and for the Flame are the same people, - said in a statement FireEye.
"We, of course, very sorry, but in fact it is our sinkhole-server" - that was the general sense of the counter statement "Kaspersky Lab".
- After finding Guass we began to work with several organizations in order to study its control servers using the method Sinkhole, - said a leading expert "laboratories" Alexander Gostev edition Ars Technica.
With this method, "Laboratory" twice "hijacked" the owners of the family botnets Kelihos. In a simplified form, it is a question of the introduction of counterfeit botnet control infrastructure servers that 'bots' is treated as the basic. Thus, the control of the botnet, it is possible to intercept completely.
- Given the link between Flame and Gauss, we used the sinkhole-tools for monitoring infrastructures, both botnets. It should be noted that the structure of the control servers Gauss radically different from that of Flame. Gauss control centers have been disabled by its operators in July and has since held the "sleep" state. We, however, wanted to see what it is happening in both botnets. During the preparation process, we informed the creation of our sinkhole-routers and IP-address of the trusted members of the community involved in the security that they are aware of all the steps taken. Post FireEye, telling about bots Gauss, bind to the same server as the Flame, describes, in fact, our sinkhole-router.
A little search on Google and Whois would allow it to check everything - said Gostev.
I'm using Kaspersky Antivirus for a couple of years, and I would recommend this Anti virus to you all.
ОтветитьУдалить