all InfoSec news
Exposing the "PDF Botnet" – An OSINT Analysis
Security Boulevard securityboulevard.com
Dear blog readers,
I've recently stumbled upon a pretty interesting and worth mentioning malicious software and botnet spam and malicious software serving campaign that can be best described as a "PDF botnet" where the ultimate idea for both propagation and infection is the active utilization of PDF files which are exclusively hosted on compromised or on purposely malicious and fraudulent rogue and bogus infrastructure.
Sample screenshots include:
Sample URLs known to have been involved in the campaign include:
hxxp:[/][/]ragaz[.]co[.]za[/]XSRYdR1H?utm_term=picsart+background+image++hd
hxxp:[/][/]www[.]lbtfilm[.]com[/]uploads[/]files[/]koxuwegemagobuwidewas[.]pdf …
analysis blog bogus botnet campaign compromised exposing files fraudulent infection infrastructure malicious malicious software osint pdf rogue screenshots software spam urls