Report an incident
Back
  • About us
  • News
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Citadel plitfi botnet report
15 April 2013 | CERT Polska | #botnet, #DNS, #malware, #trojan

At the end of February 2013 Polish Research and Academic Computer Network and CERT Polska took over 3 domains used by one of the Citadel botnets, known as “plitfi”. All the network traffic from these domains was directed to a sinkhole server controlled by CERT Polska. Today we publish a report outlining the details of the takedown and our findings.

Some of the highlights from the report are presented below.

    • This botnet was used to display fake messages, that were supposedly coming from the victim’s bank, requiring her to make a wire transfer.
    • 11 730 different machines were connecting to the sinkhole server.
    • Over 77% of all connections originated from Poland.
    • Almost all of the connections were coming either from Europe or from Japan.
    • Citadel bots were running on Microsoft Windows operating system starting from Windows XP up to Windows 7.
    • The botnet used multiple proxy servers to hide real C&C servers.

Full text of the report can be found here or under the “Reports” tab.

 

Share: