Cyber criminals that hundreds of thousands of systems in the Netherlands and Germany could manage through the Pobelka botnet, were not only inlogdata to the collection, but also information about the structure of the internal networks. This information can be used for vervolgaanvallen.
Conclude that SurfRight and Digital Investigation in an inquiry into the Citadel-malwareplatform and the Pobelka botnet, which makes use of Citadel. Reason for the research into the harmful software was a malware attack on the website of the Telegraaf. The researchers soon came out on a command-and-control server that is further investigated. It turned out that the Pobelka-botnet more than 264.000 zombies counted especially in the Netherlands and Germany, were to be found. Not only computers of businesses often go unnoticed, get infected, but also a lot of government systems.
From an analysis of the stolen data showed that the attackers with the captured login data on web pages, among other publishers could sign up to as malicious code for malware referred to. There were other login data found for systems of The Telegraph. Also through the sites of Weeronline.nl and RTV West was in the last months malware spread. Furthermore, on the command-and-control server configuratiedata found to steal money from three Dutch banks: ING, ABN Amro and ASN Bank.
According to Surfright and Digital Investigation had the Pobelka-botnet not only links with the Dorifel malware, a virus that, among other governments for the problems caused, but the criminals would the botnet also used for internal networks and all connected equipment. This information would be resold to third parties, for example rogue, so say the authors of the study. Concrete evidence is not, however, have been proposed.
The Citadel malware, a complete malwareplatform that for a few thousand dollars on the black market to purchase and of professional support can be equipped with, turns out to ingenious to cross. The malware can easily hide for almost all major antivirus software and knows himself in all well-known browsers to nest. That cyber criminals using the Citadel-based Pobelka-botnet so focused, undetected, and on a large scale in the Netherlands, were able to operate, according to the researchers, also due to the sophisticated and professional way in which the Citadel malware is built.