Tillman Werner

Federal Trojan’s Got A “Big Brother”

By Tillmann WernerAbout two weeks ago, the German Chaos Computer Club (CCC) has published an analysis report of a backdoor trojan that they claim had been used by German police during investigations in order to capture VoIP and IM communication on a suspect’s PC. Our friends over at F-Secure published a blog post last week where they wrote about another file that, according to them, seemed to be the dropper component of the trojan. They were kind enough to share the MD5 hash of the file, so we could pull it from our collection. Stefan and I took a closer look.

The Inside Story of the Kelihos Botnet Takedown

By Tillmann WernerEarlier this week, Microsoft released an announcement about the disruption of a dangerous botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams and distributed denial-of-service attacks.

A Miner Botnet: Bitcoin Mining Goes Peer-to-Peer

By Tillmann WernerIdentifying a botnet is not an easy task sometimes, especially when
one gets lost in different components like droppers, infectors and other
bad stuff. Some two weeks ago, Jose Nazario from Arbor Networks
pointed me to a new varmint that appears to be another peer-to-peer