Damballa refuted these comments: “Damballa's initial disclosure says only that ‘Kraken was first observed in winter 2007, but investigation into its origins suggests the existence of early variants as far back as late 2006.' So is Kraken new? Damballa believes it is,” a statement released by the company on April 9 stated.
Paul Royal, principal researcher at Damballa, said the heart of the issue deals with the way information security professionals identify and categorize different entities based on their available sources and their organization's focus.
“I think a lot of people have looked at this issue from a purely malware analysis point of view,” Royal told SCMagazineUS.com on Thursday. “But people are calling it all the same thing if it has similar components or has a common author.”
The reason Damballa is calling Kraken new is because, although there are similarities between Kraken and Bobax and other threats, they use different C&C domains and communicate with the C&C in a fundamentally different way, he said.
“We're not just looking at the binaries,” said Royal, “but also at network activity. There are two distinct entities. If the server controls for Bobax were taken down, Kraken would continue and likewise.”
See original article on scmagazineus.com