Damballa responds to Kraken exaggeration claims

By

A day after Damballa, an internet security company that focuses on targeted threats, announced the discovery of a new BotArmy named Kraken, the company released a follow-up statement to defend its findings after a number of security professionals questioned the validity of the claims.


The accusations claim that Damballa misrepresented the high number of attacks from Kraken. A blog on F-Secure's website stated, “There are many detection names for ‘Kraken': Oderoor, Bobax, Agent, and many more. We believe that there is a single group of people behind Karken, updating their malware as time goes by. It's not new; it's just a new generation of something older.”

Damballa refuted these comments: “Damballa's initial disclosure says only that ‘Kraken was first observed in winter 2007, but investigation into its origins suggests the existence of early variants as far back as late 2006.' So is Kraken new? Damballa believes it is,” a statement released by the company on April 9 stated.

Paul Royal, principal researcher at Damballa, said the heart of the issue deals with the way information security professionals identify and categorize different entities based on their available sources and their organization's focus.

“I think a lot of people have looked at this issue from a purely malware analysis point of view,” Royal told SCMagazineUS.com on Thursday. “But people are calling it all the same thing if it has similar components or has a common author.”

The reason Damballa is calling Kraken new is because, although there are similarities between Kraken and Bobax and other threats, they use different C&C domains and communicate with the C&C in a fundamentally different way, he said.

“We're not just looking at the binaries,” said Royal, “but also at network activity. There are two distinct entities. If the server controls for Bobax were taken down, Kraken would continue and likewise.”

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
claimskrakenrespondssecurityto

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?