Mon, Mar 2, 2015, 11:56 PM EST - U.S. Markets closed

Recent

% | $
Quotes you view appear here for quick access.

FireEye, Inc. Message Board

  • vermaatul1 vermaatul1 Jul 8, 2014 9:52 PM Flag

    FEYE-Operation Tovar

    July 8, 2014 | By Meaghan Molloy | Threat Intelligence, Threat Research |
    Comments
    Coordinated botnet disruptions have increased in pace and popularity over the last few years as more private companies work with international law enforcement agencies to combat malware infections on a grand scale. Operation Tovar, announced on June 2 2014, is the latest to make headlines. The target of the investigation, Evgeniy Mikhailovich Bogachev, was indicted by the Department of Justice and is wanted by the FBI for his role as alleged leader of the Gameover ZeuS and CryptoLocker botnets. Four other defendants were indicted using their pseudonyms. Though Bogachev’s current activities aren’t known, the Operation Tovar task force has maintained control of the botnet infrastructure and remediation efforts are ongoing.

    While new malware strains are released with increasing frequency, it’s easy to forget why Gameover and CryptoLocker are worthwhile targets for takedown operations. Both offered more advanced features than their peers and typified the increasingly sophisticated cybercriminal enterprises behind botnets.

    Gameover ZeuS

    Since the ZeuS source code was released in 2011, several new variants have appeared in the wild. Citadel, KINS, ICE IX, and Gameover have all improved upon the basic ZeuS model by introducing new features, using better encryption, and modifying command and control (C2) communication methods.

    Gameover uses a peer-to-peer (P2P) system for C2 communication. Though other P2P botnets such as Kelihos exist, Gameover is notable for its use of proxy nodes to introduce complexity into the standard P2P infrastructure. These proxy nodes are specific machines designated as relay points through which the botnet operators send commands and receive stolen information. This minimizes the number of systems that actually communicate with C2 servers. C2 commands are signed using RSA-2048 and encrypted with RC4 making it very difficult to tamper with the

    Sentiment: Strong Buy

 
FEYE
44.82+0.55(+1.24%)Mar 2 4:00 PMEST

Trending Tickers

i
Trending Tickers features significant U.S. stocks showing the most dramatic increase in user interest in Yahoo Finance in the previous hour over historic norms. The list is limited to those equities which trade at least 100,000 shares on an average day and have a market cap of more than $300 million.