Project Blitzkrieg, a current attack on US financial institutions, got a lot of media attention following a blog posting by RSA researchers who wrote they had discovered an operation run by an individual known as vorVzakone. RSA identified the malware as belonging to the Gozi family and labeled it Prinimalka. VorVzakone’s claim was met with skepticism from Russian Underweb forums as well as from others in the research community.
The McAfee Labs paper Analyzing Project Blitzkrieg provides an insight into the credibility of this threat to the financial industry and analyzes the claims made by vorVzakone in his forum posting.
If the aims of Project Blitzkrieg, as vorVzakone has claimed, become fully realized by spring 2013, the financial industry needs to be fully prepared. In this research we take a deeper look into the overall credibility of this threat to the US financial industry.
Some key findings:
- An active Gozi Prinimalka campaign discovered several weeks after VorVzakone’s initial forum posting on September 9. It has infected more than 80 victims across the United States–lending to the credibility that some cybercriminals put faith into VorVzakone’s claims and decided to join his action.
- Discovery of an early pilot campaign conducted by VorVzakone and 01NSD operated from March to late April 2012.