Demystifying Pobelka

A technical intelligence report on the Pobelka botnet operation. January 11, 2013

This technical report describes the Pobelka botnet and puts it in the context of global malware operations. Fox-IT’s InTELL unit provides reports like this on a continuous basis to customers in the financial sector so they know who’s targeting their online banking systems and can prepare countermeasures. This report is classified as public.

Key takeaways of the report are:

  • The initial Dutch report on Pobelka by Surfright and Digital Investigation presents a good view on the Pobelka botnet. The report you are reading contains additional technical details on the botnet and answers some of the questions left by the original report.
  • This report provides a broader context in the ecosystem of botnets, Trojans, exploit kits, and the markets where infected computers are traded.
  • This report details the identity of the people running the Pobelka botnet as well as a description of the origin of the botnet and the common methods of communication used.
  • The Pobelka botnet is one of many botnets active in the Netherlands. Unfortunately it’s not an exceptionally large or influential botnet but rather an average sized one.
  • The Pobelka botnet is just one of the many examples of how a single individual was able to attack Internet users for over a year without much resistance. This is a global issue.
  • The ease at which cybercrime services are available to criminals, makes it trivial for anyone to start in this business. The potential gains for the criminals are large, with little to no chance of successful prosecution.

The author of the report is Michael Sandee, Principal Security Analyst at Fox-IT and the Fox-IT InTELL team.

The intended audience for this report is technically savvy and familiar with botnet analysis and online banking security.

You can download a copy of the report here.

4 thoughts on “Demystifying Pobelka

Leave a Reply