Security Researchers has taken down a Botnet called "Sopelka" by end of September. This botnet’s objective was the collection of banking credentials from European entities, mostly banks from Spain and Germany, but also Holland, Italy and Malta.
The botnet started its life in this May dubbed as Sopelka because of the path used in the distribution of binaries and configuration files.The botnet distributes three type of Banking Trojan namely Tatanga, Feodo and Citadel.
In addition , the botnet made use of different mobile components for Android, BlackBerry and Symbian phones.
"During the botnet’s lifetime there were at least five campaigns and it’s likely that more were carried out."researcher said in S21sec blog post.
"Of the five known campaigns, three of them installed variants of Citadel (versions 1.3.4.0 and 1.3.4.5), another Feodo, and Tatanga was the chosen trojan in the other one. All the Citadel campaigns carried the name “sopelka” (a flute type in Russian) in their download paths for binaries and configuration files, but this was not the case with Tatanga and Feodo."
According to the report, 59% percentage of infected users are from German, 38% from Spanish; The researcher also claimed more than 16,000 unique IPs connecting to the sinkhole.
