GootKit Banking Trojan Receives Massive Update

Discussion in 'malware problems & news' started by itman, Jul 14, 2016.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    http://news.softpedia.com/news/gootkit-banking-trojan-receives-massive-update-506181.shtml

    Thankfully, presently only targeting France and the UK.

    -EDIT- DLL stored to here depending on user status per IBM full analysis article:

    • Malware is written in the form of a DLL file to:

    LUA Rights: %APPDATA%\Microsoft\Internet Explorer\

    ADMIN Rights: %WINDIR%\System32
    Ref.: https://securityintelligence.com/gootkit-bobbing-and-weaving-to-avoid-prying-eyes/
     
    Last edited: Jul 14, 2016
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    It's the same old story, if you block code injection into system processes and the browser, you have already won the battle. It would be interesting to know which type of code injection method is used.
     
Loading...