In the last three months we have seen some activity regarding a bot C&C Server named Apophis. Here you can see a few screenshots:
- Login:
- Statistics: - Configuration:
- Settings: - Templates:
- And a few more:
Today we have gained access to a new Apophis C&C Server. Looking at the files stored in the Server, we have found an encrypted file that seemed to have valuable information. We have decrypted it, it is an excel file that has information about 1,435 people. It includes:
- Full name
- Address (Street, City, State, Zip, Country)
- Phone
- E-mail
- CC number
- cvv
- CC exp. date
- Bank info
This is the number of affected users per country:
Users | Country |
994 | USA |
64 | Italy |
53 | Netherlands |
48 | Israel |
47 | Belgium |
43 | Sweden |
38 | Norway |
32 | United Kingdom |
21 | Canada |
15 | Spain |
14 | Grecia |
14 | Switzerland |
13 | France |
12 | Germany |
7 | Austria |
5 | China |
3 | Bulgaria |
3 | Croacia |
3 | Polland |
1 | Estonia |
1 | Iceland |
1 | Latvia |
1 | Lithuania |
1 | Russia |
1 | Ukraine |
It has all the information in all fields but the phone and e-mail addresses, these ones are stored for 994 users. All of them are from 3 countries: USA, UK and Canada. Scary. We are contacting the different banks in order to avoid major problems for the users.
Thanks to Vicente for all the research.
Posted under Malware Alerts
This post was written by Luis Corrons on August 20, 2007
