By Kelly Jackson Higgins
March 04, 2010
SAN FRANCISCO -- RSA Conference 2010 -- Russian hackers have written a
more sophisticated version of the infamous BlackEnergy Trojan associated
with the 2008 cyberattacks against Georgia that now targets Russian and
Ukrainian online banking customers.
Joe Stewart, a security researcher with SecureWorks, says Russian
hackers are using the Trojan spread via the BlackEnergy botnet to hit
Russian and Ukrainian banks with a two-pronged attack that steals their
customers' online banking credentials and then wages a distributed
denial-of-service (DDoS) attack on the banks as a cover: "They may be
emptying the bank accounts while the banks are busy cleaning up from the
DDoS," Stewart says.
Dubbed by Stewart as "BlackEnergy 2," this new version of the Trojan is
a full rewrite of the code that features a modular architecture that
supports plug-ins that can be written without access to its source code.
It currently comes with three different DDoS plug-ins, as well as one
for spamming and two for online banking fraud, according to Stewart.
And with the ability to target users in Russia and the Ukraine,
BlackEnergy 2 is a departure from the tradition where many Russian
hackers won't target their fellow countrymen or those from other former
Soviet Republic countries. "The rules have changed," Stewart says.
"There was once an unwritten rule that they didn't attack their own
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!