A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #21033  by kekieres
 Wed Oct 02, 2013 5:36 pm
Hi there!

Has anyone noticed that news:

I haven't been able to locate any info about that malware except only on symantec.

It seems to me that on 04/09/2013 a malware signature was added for "Backdoor.ploutus":
http://www.symantec.com/security_respon ... 2013-09-04

But then removed on on 05/09/2013 according to that link:
ftp://ftp.symantec.com/AVDEFS/symantec_ ... atsnew.txt

:? May be I'm likely not understanding somthing :D

Anyone has some clue whether is it true or not? Any sample?

 #21038  by EP_X0FF
 Thu Oct 03, 2013 3:19 am
As far as I know the only way it installs is manually from the CD, criminals personally. If the sample wasn't uploaded anywhere I don't think you can get it.
 #21827  by jgrunz
 Tue Dec 31, 2013 2:37 pm
That article is in reference (I believe) to a talk that was given at 30c3 recently where they discussed some Brazilian ATM malware that was discovered. The talk has been posted to youtube, and you can check it out here: https://www.youtube.com/watch?v=0c08EYv4N5A

Haven't had any luck tracking down a sample, but if anyone has any information I'd certainly be interested.
 #21838  by Aysun
 Wed Jan 01, 2014 11:20 pm
No, I'm looking for a sample too. We can't contact anyone from conference and ask for hash of their sample maybe?