Lavasoft Security Bulletin - July 2014: Bot Review
Bot Review
Table: Bots under analysis (July 2014, Lavasoft MAS).
| Bot Family | June 2014 | July 2014 | Changes |
| Zbot | 336 | 80 | -226.5% |
| Cycbot | 34 | 3 | -27.4% |
| Kelihos | 41 | 7 | -30.1% |
| NrgBot/Dorkbot | 55 | 20 | -31.0% |
| Blazebot/Rbot | 1 | 1 | 0.0% |
| Shiz | 4 | 2 | -1.8% |
| Total | 471 | 113 |
Bot distribution in July:
This month we see a decrease in total number of bots which may be explained by summer holidays.
Kelihos. You can find the latest description of Kelihos here.
Cycbot. You can find the latest description of Cycbot here.
Shiz. The latest example is here.
Zbot. This month the number of Zeus infections has declined. This may be explained by Operation Tovar, jointly run by FBI, NCA, Europol and participating security companies, which yielded positive results after disconnecting the Zeus botnet from its C&С server. 25% of alive Zeus backdoors use Tor network to connect C&C. See the report in Malware Encyclopedia. 25% of all detected Zeus samples use Tor client.
NrgBot/Dorkbot. The number of Dorkbots has declined this month. You can find the latest description here. New samples keep the same malicious payload as the last month.
Blazebot/Rbot. The latest description is available in Malware Encyclopedia.
Read also:
Lavasoft Security Bulletin - July 2014: Top Threats.
Bundled Software: Good or Evil?.
Share this post:
Twitter
Facebook