Andromeda Gamarue Botnet Gets An Update

Recently I saw some spam emails exploiting an adobe PDF vulnerability ( thanks to Conrad Longmore ( https://twitter.com/ConradLongmore) )

upload.jpg

This PDF file seems to be exploiting CVE-2013-2729 vulnerability. The shellcode is small and simple . It just downloads the file from a server and executes it .

upload.jpg

After unpacking the file , analysis reveal that this is a new update for Andromeda - Gamarue botnet . The version is upgraded to 2.9 . Although there is no significant change in the Botnet , the version number from the request string has been removed

upload.jpg

upload.jpg

Raashid Bhat

http://twitter.com/raashidbhatt

 
32
Kudos
 
32
Kudos

Now read this

How to bypass Zeus Trojan’s self protection mechanism

Hacking spammers for Dummies or How to bypass Zeus Trojan’s self protection mechanism Spammers are good when it comes to intimidating users to open the attachment . One of the recent pathetic and cruel one was Hi A Person from your... Continue →