Lavasoft Security Bulletin - March 2014: Bot Review

Bot Review

Table: Bots under analysis (March 2014, Lavasoft MAS).


Bot's name Feb 2014 March 2014 Changes
Zbot 197 65 -52.6%
Cycbot 41 29 -4.8%
Kelihos 146 66 -31.9%
NrgBot/Dorkbot 233 74 -63.3%
Blazebot/Rbot 15 13 -0.8%
Shiz 3 4 0.4%
Total 620 635



Bot distribution in March:

Kelihos

You can find the latest description on Kelihos here.

Cycbot. You can find the latest description on Cycbot here.

Shiz. The latest example is here.

Zbot. We counted 65 backdoors this month; 27 of them install Tor client to communicate with C&C.
According to the latest analysis on Zbot we revealed two new features: download files encryption and the installation of notifiers in kernel to control system events, such as: loading executable images into a memory and modification of registry keys and values on both 32-bit and 64-bit operating systems. You can read more in the detailed report on Zeus.

NrgBot/Dorkbot. You can find the latest description on NrgBot here.

Blazebot/Rbot. The latest description is available in Malware Encyclopedia.

Read also:
Lavasoft Security Bulletin - March 2014: Top Threats.

Zeus Backdoor Adopts Extra Rootkit Abilities.

  • Back to articles


  • Share this post:    Twitter Facebook