[ISN] New BlackEnergy Trojan Targeting Russian, Ukrainian Banks

From: InfoSec News <alerts_at_private>
Date: Fri, 5 Mar 2010 02:45:21 -0600 (CST)

By Kelly Jackson Higgins
March 04, 2010 

SAN FRANCISCO -- RSA Conference 2010 -- Russian hackers have written a 
more sophisticated version of the infamous BlackEnergy Trojan associated 
with the 2008 cyberattacks against Georgia that now targets Russian and 
Ukrainian online banking customers.

Joe Stewart, a security researcher with SecureWorks, says Russian 
hackers are using the Trojan spread via the BlackEnergy botnet to hit 
Russian and Ukrainian banks with a two-pronged attack that steals their 
customers' online banking credentials and then wages a distributed 
denial-of-service (DDoS) attack on the banks as a cover: "They may be 
emptying the bank accounts while the banks are busy cleaning up from the 
DDoS," Stewart says.

Dubbed by Stewart as "BlackEnergy 2," this new version of the Trojan is 
a full rewrite of the code that features a modular architecture that 
supports plug-ins that can be written without access to its source code. 
It currently comes with three different DDoS plug-ins, as well as one 
for spamming and two for online banking fraud, according to Stewart.

And with the ability to target users in Russia and the Ukraine, 
BlackEnergy 2 is a departure from the tradition where many Russian 
hackers won't target their fellow countrymen or those from other former 
Soviet Republic countries. "The rules have changed," Stewart says. 
"There was once an unwritten rule that they didn't attack their own 


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Fri Mar 05 2010 - 00:45:21 PST

This archive was generated by hypermail 2.2.0 : Fri Mar 05 2010 - 01:03:30 PST