Rombertik a dangerous form of malware that deletes the computer's MBR (master boot record) has been traced back to one Kayode Ogundokun, in Lagos.
Researchers delved through the data to uncover that the malware is a version of Carbon Grabber, which the company detects as Infostealer.Retgate. Investigators at ThreatConnect believe that Mr Ogundokun triggered the malware by way of a common 419 scam email.
Those investigating suggest that Ogundokun likely purchased a new version of Carbon Grabber from a much more capable and sophisticated tool author, where the author subsequently sold or licensed it to the less capable operator. This particular sample was keyed to the centozos.org[.]in infrastructure that Ogundokun maintained, where it was later operationalized and was identified by Cisco. It appears as if this particular sample of Carbon Grabber was simply caught up in a headline grabbing story.
What is most interesting is that for someone looking to exploit security holes Ogundokun appears to have made no attempt to safeguard his own details - researchers were able to find his various social media accounts, including youtube instructional videos, in addition to his personal
bank details.
This comment has been removed by a blog administrator.
ReplyDelete