BOMBA Botnet Crimeware

Wednesday, July 14, 2010

Jorge Mieres


In a recent survey, Francisco Ruiz, Crimeware Researcher of MalwareIntelligence, broke through the security barriers of new rogue crimeware designed to automate running zombies for mass scale cyber crimes that are carried out using a vector attack from committed teams as part of the botnet...

BOMBA is accessed via web and the authentication system only requires a single password, an access system adopted by many applications of this kind like Phoenix Exploit's Kit and n0ise Bot.

The server that hosts this crimeware is based in Latvia (although the administrative record is in Moscow, Russia) under the AS6851 (Autonomous System) which is known as the network BKCNET "SIA" Izzie.

This server is listed for criminal activities such as the spread of rogueware, shelter kits and other YES Exploit Systems.

In 2009 it host the strategies of the botnet Waledac (successor to Storm), ZeuS and also had a direct relationship with criminals who are behind the maneuvers of the botnet Koobface.


The package is designed to exploit vulnerabilities through the family of Microsoft operating systems - as shown in the illustration above - Windows XP, Windows Vista and Windows Seven, and through precompiled exploits to use vulnerabilities in Java (Java Deployment Toolkit ), Internet Explorer, Adobe Reader and the classic MDAC.

Cross-posted from MalwareIntelligence

Possibly Related Articles:
Viruses & Malware
virus malware
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.