This month Blueliv Threat Intelligence Research Labs team has published an exclusive report revealing the most complete picture of Vawtrak v2 malware seen to date.
Vawtrak is a serious threat to the finance sector and is predicted to be the next major banking Trojan.
Chasing cybercrime: Network insights into Vawtrak v2 provides the results from a technical investigation into the distribution and impact of banking Trojan Vawtrak v2 and the behavior of the cybercriminal groups behind it. We’ve applied advanced search and pattern correlation algorithms to perform big data analysis in-house at Blueliv. Our analysis indicates the presence of two clearly differentiated infrastructures; one dedicated exclusively to the spam distribution mechanism, and the other for maintenance, control and the reporting of stolen data. We give a technical insight into the variants between the two separate groups, from the type of URLs to the servers and hosts used. We also illustrate the evolution and chronology of the evidence from our investigation in this report.
The results from Blueliv’s most recent analysis of Vawtrak v2 emphasize the need for the banking industry to adopt the same organizational techniques practiced by these cybercriminal groups in order to understand the evolution of this malware, and share knowledge across the cyber security community to mitigate the threat posed to the banking eco-system to strengthen our existing defenses against it.
Take a moment to study the complex communications network supporting the maintenance and control of this banking Trojan; this snapshot of activity is where CISOs and security professionals can learn the most about the importance of a layered cyber security solution, in which internal knowledge is combined with external and targeted intelligence.
The Blueliv Threat Exchange Network forms part of a wider cyber threat ecosystem centered around a strong, collaborative community, and we want you to be a part of it. Come and join the fight against cybercrime.