Threat Research

Project Blitzkrieg FAQs

By Ruchna Nigam | December 21, 2012

Following the disappointment at the failure of the end of the world, we decided to do a little recap on the Project Blitzkrieg that has been widely talked about in the security community over the past couple of months following a report by RSA. It might be on a smaller scale than the former but it certainly has a bigger chance of coming true.

The operation was named and announced by a Russian hacker called vorVzakone (seen bragging about a car and his house in this video) in a post (translated version, courtesy Krebs on Security) on a Russian semi-private forum. The post was a 'call for applications' from other botmasters that would be required to pass an online interview in order to participate in the operation.

Russian Hacker vorVzakone (photo courtesy

Speculation on the credibility of the attack followed, as is the norm. Despite doubts about the campaign being a hoax or a sting mission by the Russian government, there are many factors that point towards a high probability of the attack taking place.

**Why you should be concerned? **

  • Contrary to what most research on this subject says, it must be made clear that the attack is aimed at clients of US banks and not the banks themselves. To clarify, the Trojan has capabilities to imitate the online banking systems of 30 known US banks in order to fool victims.

What you need to know?

  • **ETA : ** The attack is foreseen for Spring 2013

  • **Technology exists and works : **The Trojan seems to be an improvement on the Gozi family malware that has been around since 2008 and has earned attackers sums of upto 5 million dollars. The new variant is being called Gozi Prinimalka.

  • **Tried and tested : **The attackers launched a 'Pilot' project in March 2012 that successfully amassed 300-500 victims in the US. This proved the presence of the attack and showed that it could go undetected for a couple of months.

What you can do to be prevent attacks?

  • Be wary while performing online banking transactions. As attacks get more sophisticated, even unexpected, yet legitimate looking error screens can be considered 'phishy'

  • Tally your online banking account information with hard copies of account statements received from your bank to make sure you report any aberrations seen.

  • Make use of a Live CD to access your bank accounts, if possible. The process may be cumbersome but it is a 100% bulletproof system to keep your bank accounts safe.

For the technically inclined, the Trojan claims to be richer in functionality than the well known SpyEye and Zeus trojans - with provisions for downloadable credit reports, SMS notifications to the attacker when a banking server is online, updates on the blacklist status of servers etc.

Due to the excessive hype and knowledge amassed on past and probable tactics used by this attack, there may be a chance that the attackers call off the operation. However, it's possible that all this coverage may have just led the attackers getting better at hiding the attack or altering their time frame of deployment.

Either way, Project Blitzkrieg is real and is certainly something to watch out for early next year.

Join the Discussion