Dridex is a banking trojan that uses an affiliate system for its botnets. We have documented the Dridex communication and P2P protocols in the past. In this post we want to shed some light about all the known botnets, their respective geographic targets, and how they are organized.
Nivdort, also known as Bayrob is an information stealing trojan that is used to extract personal and financial information from the systems it infects. This malware family has been around for almost 10 years (it was first discovered in March 2007), which is a very long life for a malware family and, although it has appeared in the media a few times during these years, it is still relatively unknown to most people.
AnubisNetworks Threat Intelligence services are specialized in hundreds of malware strains, including the most dangerous Ransomware. By detecting infected systems in realtime, AnubisNetworks can pinpoint the threats and help you avoiding its proliferation.
Bolek is a recent malware from the Kbot/Carberp family. We first heard about this malware from the cert.pl blog post in May 2016, and since then, a few others have published additional information about it (links below).
From time to time we have the opportunity to sinkhole domains that have an high volume of traffic and are part of a mobile device botnet. In the beginning of July we registered a domain that we found to be part of the AndroidBauts family with over 550,000 devices for a 24h period, affecting mostly India and Indonesia from a total of 216 countries. The piece of software that triggers this traffic was present in four (already removed) Google Play Store applications.