Kaspersky Lab announces publication of The Cash Factory

Kaspersky Lab announces publication of The Cash Factory

Kaspersky Lab, a leading producer of secure content management systems, announces the publication of its latest article, The Cash Factory. The article looks at the methods used by cyber criminals to create and run botnets in order to generate large profits.

The article is authored by Sergei Golovanov, Senior Malware Analyst, Igor Sumenkov, Head of Kaspersky Lab's Content Filtering Infrastructure Development Group, and Maria Garnayeva, Malware Analyst.

The Cash Factory unveils the cyclical process used to create botnets from computers infected by the bot Backdoor.Win32.Bredolab. First, cyber criminals hack a site's content management system and modify its pages with tags that redirect to websites containing malicious exploits. These exploits pave the way for infection and penetration by other bots, which then join to form a botnet and obey commands issued from a remote command and control center.

The bots download malicious programs from the Internet, including a Trojan designed to steal passwords to FTP clients used to manage website content. These passwords can then be used by cyber criminals to modify websites and place malicious tags on their pages.

The process is essentially a vicious circle that can be repeated and extended, and is used by cyber criminals to ensure the smooth running of their "cash factory."

The full version of The Cash Factory is available on viruslist.com. The executive summary is available here.

The material can be reproduced provided the author; company name and original source are cited. Reproduction of this material in re-written form requires the express consent of the Kaspersky Lab PR department.

09 Oct 2009