110 ◾ Malicious Bots
institutions targeted by the code. Attackers likely used victimized bank accounts
in Spain to sniff traffic and analyze scripts and Web content. After performing a
targeted analysis, they then created an HTML injection routine to insert an addi-
tional password field following the predictable name and password field presented
by the targeted bank upon normal log-on.
An
efficient and highly scalable Web-based C&C server is used by an attacker
to manage a MetaFisher botnet. is is perhaps one of the more important
e
lements of MetaFisher, because a single C&C Web-based server can passively
support hundreds of thousands of bots easily. is is highly scalable compared to
f
ormer IRC-based C&C strategies. MetaFisher runs off of a ...