Almost one month ago I had the opportunity of giving a talk at Rooted CON for yet another year. Mikel Gastesi and me talked about Sopelka Botnet and the Eurograbber report published by Check Point and Versafe at the beginning of December 2012. You can take a look at the slides here.
After reading the Eurograbber report and taking into account that there were a lot of similarities with Sopelka Botnet, which I had analyzed some months before, I decided to write a blog post about it. At the same moment, the Rooted CON CFP was closing, so I submitted this subject and then I forced myself to research further to demonstrate that Eurograbber was just a hype. Thanks to the investigations by S21sec and Fox-IT there was more than enough information.
Most of the arguments were exposed in my blog post this past December, but something that really helped to prove that there was no so much fraud related to that Botnet was the information from the banks. We were talking about almost 6 million EUR in Spain and the banks had no clue about it (at least in this dimension) and they haven't reported anything to security companies. Furthermore, we were able to find a Spanish user of a known bank who had suffered a 10,000€ fraudulent transaction, according to the Check Point and Versafe theory. Thanks to the investigations of this bank we were able to know that this specific user had no fraud, proving that really these high amounts were nothing but the accounts balances.
I hope that the attendees of our talk understood the message, we must be critical and analytical with all the information we receive. Unfortunately, Eurograbber is not an isolated case, every day a new report/article is published with the only objective of being the talk of the town and try to sell more. Because of that we have to think, analyze each piece of information we receive and then conclude if it could be real or just a hype. Sometimes it's not easy, so my recommendation is taking a look at specialized sources and check the experts opinion about that.
I want to thank the Rooted CON staff for the good treatment (as usual) and also say hello to all the new and old friends with whom I shared some moments those days in Madrid. Without a doubt, the good atmosphere is what makes a conference big.