Connection not established
Wermud and the trojan in the VirusTotal link above (a Chinese DDoS bot known as Azvhan) both draw part of their code from the public Gh0st source code base. I'm not seeing how public code reuse implies cooperation between criminal botmasters and Chinese cyber-espionage units. Is there an actual report with details of this APT <-> criminal botmaster connection published somewhere?
Biting the hand that feeds IT
