Our friends over at Secure Science and Michael Ligh have finished a great analysis on a very interesting (and nasty) piece of malware that we alerted and provided them with.
This document contains details of an exploratory case study that was conducted on a malware specimen found in the wild by members of the Mal-Aware Group (Secure Science and Sunbelt Software). The trojan was hosted on web servers located in the Ukraine and Russia, and existed among several gigabytes of data encoded with a proprietary algorithm. There were nearly 10,000 individual files available, each containing between 70 bytes and 56 megabytes worth of stolen data that only criminals could read…until now.
Chalk one up for the good guys!