The process could be automated, which makes it very easy to register massive amounts of extra domains. This assumption is supported by the strict name-patterns of found domains. This by all means is most likely just the tip of the iceberg. In our research we have found 700+ domains that are part of their network. The size of the “Kyle and Stan” network is hard to judge. Observed connections to the “Kyle and Stan” Network on a log scale. The biggest activities were registered in mid June and early July, but attacks are still ongoing. The graphic is using the logarithmic scale, due to the huge changes in activity of the network. The first hits on our sensors were detected on May 5th. The graphic below illustrates the activity observed since Talos began tracking “Kyle and Stan” network. Timeline and Size of the “Kyle and Stan” Group Please visit the Reversing chapters below for a detailed breakdown of the Windows and Mac malware. The impressive thing is that we are seeing this technique not only work for Windows, but for Mac operating systems alike. No drive-by exploits are being used thus far. The attackers are purely relying on social engineering techniques, in order to get the user to install the software package. The file is a bundle of legitimate software, like a media-player, and compiles malware and a unique-to-every-user configuration into the downloaded file. Once the victim gets redirected to the final URL, the website automatically starts the download of a unique piece of malware for every user.
0 Comments
Leave a Reply. |