ESET® analysis of sophisticated BlackEnergy trojan found out that a large number of victims in Ukraine and Poland have been targeted in recent malware campaigns, including state organizations and businesses. Malware Researcher Robert Lipovský will present the latest findings of the discovery at the 24th Virus Bulletin International Conference taking place from 24th to 26th September in Seattle, USA.
“We will go through the evolution of the BlackEnergy trojan and take a close look at various BlackEnergy plugins used to carry out the dirty work and other features of the malware,” said Lipovský adding that “the latest BlackEnergy campaigns are also interesting because of possible relations to the current geopolitical situation in Eastern Ukraine.”
BlackEnergy was first publicly analyzed by Arbor Networks in 2007 as a relatively simple DDoS trojan. From that time it evolved into a modern type of malware with a modular architecture suitable for sending spam and committing online banking frauds. The second version of this dangerous malware was first documented by Secure Works in 2010.
The recently observed campaigns to spread this malware have used either technical infection methods through exploiting of software vulnerabilities, social engineering through spear-phishing emails and decoy documents, or a combination of both.
“BlackEnergy’s latest variants (from September 2014) show that the malware is still active and dangerous,” added Lipovsky.
For more information about BlackEnergy trojan read an article on WeLiveSecurity.com entitled Back in BlackEnergy: 2014 Targeted Attacks in Ukraine and Poland or follow #BlackEnergy on Twitter.