< Polluting Storm | Call for Paper: EC2ND'08 >

New Bot-Family Detected: Light-Bots

Today, we observed a new family of bots while doing some research at our lab. While investigating several Kinder Surprises, we detected two samples of a bot family named Light-Bots (see the picture at the right hand side for more detail about the bots). A closer analysis revealed that the bot exists in at least two version, we empirically found version S104 and S105. The propagation scheme is a variant of classical social engineering: victim's are tricked into buying a Kinder Surprise and the bot is contained in the egg, similar to a Trojan Horse. At this point, we do not have any CWSandbox report of the bot behavior nor any signatures. However, the bot also contains a README that indicates a close relationship with the domain www.magic-kinder.com:
This entry was posted by Thorsten Holz on Thursday, May 8. 2008 at 20:53. and is filed under malware. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.