Security researchers from Damballa have found a new variant of the Pushdo malware that's better at hiding its malicious network traffic and is more resilient to coordinated takedown efforts.
Computerworld News
Tag Archives: Botnet
Pushdo botnet is evolving, becomes more resilient to takedown attempts
Posted by Gsurface
on May 16, 2013
No comments
WordPress sites targeted by mass brute-force botnet attacks
Posted by Gsurface
on April 14, 2013
No comments
Many wordpress sites are under attack by a botnet using brute-force methods to obtain their passwords. The attacks seem limited to only users who kept the default “Admin” username for their websites, however, these attacks are only the beginning. Analysts and companies fear that the attackers are attempting to build a massive botnet that is
Click fraud botnet defrauds advertisers up to $6 million
Posted by Gsurface
on March 20, 2013
No comments
An advertising analytics company said it has discovered a botnet that generates upwards of US$ 6 million per month by generating bogus clicks on display advertisements.
Computerworld News
Microsoft, Symantec take down Bamital click-fraud botnet
Posted by Gsurface
on February 7, 2013
No comments
Microsoft and Symantec have dismantled a botnet that took over millions of computers for criminal activities such as identity theft and click fraud.
Computerworld News
Security researchers cripple Virut botnet
Posted by Gsurface
on January 21, 2013
No comments
Many of the domain names used by a cybercriminal gang to control computers infected with the Virut malware were disabled last week in a coordinated takedown effort, Spamhaus, an organization dedicated to fighting spam, announced Saturday.
Computerworld News
Tor network used to command Skynet botnet
Posted by Gsurface
on December 8, 2012
No comments
Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7.
Computerworld News
Ever Wondered What a Live Botnet Looks Like?
Posted by Gsurface
on October 15, 2012
No comments
A visualization of the ZeroAccess botnet reveals a vast empire of fraud.
The idea of a network of malware-infected zombie computers rigged to do the bidding of criminals conjures up a frightening image on its own. A new visualization of the so-called ZeroAcess botnet shows how alarmingly widespread such schemes can become.
Microsoft applies ‘surgical sinkhole’ to strangle botnet installed on new PCs
Posted by Gsurface
on September 15, 2012
No comments
Microsoft has uncovered a vulnerability in the PC supply chain that allows hackers to pre-install malware-infected copies of Windows onto new machines.
Computerworld News
A Month After Grum Botnet Takedown, Spam Back To Previous Levels
Posted by Gsurface
on August 28, 2012
No comments
wiredmikey writes “It’s been over a month since spam-spewing Grum botnet has been shut down, but spam experts say there hasn’t been a noticeable impact on global spam volume. Symantec researchers at the time estimated that Grum was responsible for one-third of all spam being sent worldwide, and its takedown led to an immediate drop in global spam email volumes by as much as 15 to 20 percent. However, the drop was only temporary. While Grum had an estimated hundred thousand zombies sending spam, the machines were likely blocked for sending emails too frequently, or wound up on IP blacklists, said Andrew Conway, Cloudmark researcher. IP filtering is fast and cheap, and is a good first line of defense against spam, Conway said. Grum spam was easy to blacklist, and despite its size, most spam messages from the botnet probably never reached user inboxes.”
Read more of this story at Slashdot.
Inside the Grum Botnet
Posted by Gsurface
on August 22, 2012
No comments
tsu doh nimh writes “An examination of a control server seized in the recent takedown of the Grum spam botnet shows the crime machine was far bigger than most experts had assumed. A PHP panel used to control the botnet shows it had just shy of 200,000 systems sending spam when it was dismantled in mid-July. Researchers also found dozens of huge email lists, totaling more than 2.3 billion addresses, as well evidence it was used for phishing and malware attacks in addition to mailing pharmacy spam. Just prior to its takedown, Grum was responsible for sending about one in six spams worldwide.”
Read more of this story at Slashdot.
JavaScript Botnet Sheds Light On Criminal Activity
Posted by Gsurface
on July 30, 2012
No comments
CowboyRobot writes “Informatica64, a security research group, demonstrated the use of cached JavaScript to control computers connecting to a malicious proxy. ‘The researchers found a variety of low-level criminals using their proxy server: fraudsters posing as British immigration officials offering work permits in hopes of stealing money and sensitive documents from their victims; a man pretending to be a pretty woman on a number of dating sites to con victims into sending money for a plane ticket; and another fraudster selling nonexistent Yorkshire Terriers.’”
Read more of this story at Slashdot.
Experts take down Grum spam botnet, world’s third largest
Posted by Gsurface
on July 19, 2012
No comments
Botnet was responsible for 18 billion spam messages a day, about 18 percent of the world’s spam, experts tell the New York Times.
[Read more]
CNET News
Microsoft Engineer Discovers Android Spam Botnet, Google Denies Claim
Posted by Gsurface
on July 5, 2012
No comments
An anonymous reader writes “Microsoft engineer Terry Zink has discovered Android devices are being used to send spam. He has identified an international Android botnet and outlined the details on his MSDN blog. A closer look at the e-mails’ header information shows all the messages come from compromised Yahoo accounts. Furthermore, they are also stamped with the ‘Sent from Yahoo! Mail on Android’ signature. Google has denied the allegations. ‘The evidence does not support the Android botnet claim,’ a Google spokesperson said in a statement. ‘Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using.’”
Read more of this story at Slashdot.
Microsoft identifies two Zeus botnet crime ring suspects
Posted by Gsurface
on July 3, 2012
No comments
The pair, who are linked to a malware network that stole more than $ 100 million, are already in custody in the U.K.
[Read more]
CNET News
Four Years’ Jail For Bredolab Botnet Author
Posted by Gsurface
on May 24, 2012
No comments
angry tapir writes “The creator of the Bredolab malware has received a four-year prison sentence in Armenia for using his botnet to launch DDoS attacks that damaged multiple computer systems owned by private individuals and organizations. G. Avanesov was sentenced by the Court of First Instance of Armenia’s Arabkir and Kanaker-Zeytun administrative districts for offenses under Part 3 of the Article 253 of the country’s Criminal Code — intentionally causing damage to a computer system with severe consequences.”
Read more of this story at Slashdot.
Flashback botnet not shrinking, huge numbers of Macs still infected
Posted by Gsurface
on April 21, 2012
No comments
Contrary to reports by several security companies, the Flashback botnet is not shrinking, the Russian antivirus firm that first reported the massive infection three weeks ago claimed today.
Computerworld News
Flashback Mac botnet shrinks, says Symantec
Posted by Gsurface
on April 12, 2012
No comments
The number of Macs infected with the Flashback malware has plummeted in the last few days, antivirus vendor Symantec said today.
Computerworld News
Security experts: 600,000+ estimate of Mac botnet likely on target
Posted by Gsurface
on April 7, 2012
No comments
Security experts could not confirm claims by a little-known Russian antivirus company that more than 600,000 Macs have been infected with a zero-day-exploiting Trojan, but they said the number was within reason.
Computerworld News
Researchers Say Kelihos Gang Is Building New Botnet
Posted by Gsurface
on April 2, 2012
No comments
alphadogg writes “The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert. Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday using a method called sinkholing. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan.”
Read more of this story at Slashdot.
Kelihos gang building new botnet, researchers say
Posted by Gsurface
on March 30, 2012
No comments
The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert.
Computerworld News
New ZeuS Botnet No Longer Needs Central Command Servers
Posted by Gsurface
on February 25, 2012
No comments
c0mpliant writes “Researchers at Symantec have identified a new variant of the ZeuS botnet which no longer requires a Command and Control server. The new variant uses a P2P system, which means that each bot acts like a C&C server, but none of them really are. The effect of which is that takedowns of such a network will be extremely difficult because there is no one central source to attack.”
Read more of this story at Slashdot.
The Gang Behind the World’s Largest Spam Botnet
Posted by Gsurface
on February 2, 2012
No comments
tsu doh nimh writes “A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. Brian Krebs uncovers fascinating information about a hacker named ‘GeRa’ who is supposedly behind the Grum botnet, which is currently sending about one out of every three spam emails worldwide. The story also points to several possible real-identities behind the Internet’s largest spam machine.”
Read more of this story at Slashdot.
Microsoft’s Kelihos botnet suspect says he’s innocent
Posted by Gsurface
on January 28, 2012
No comments
St. Petersburg, Russia-based Andrey N. Sabelnikov says he is “absolutely not guilty” of participating in the creation of the huge spam network that Microsoft shut down last September.
CNET News
Microsoft Names Reputed Head of Kelihos Botnet
Posted by Gsurface
on January 24, 2012
No comments
wiredmikey writes with an update on Microsoft’s takedown of the Kelihos botnet. From the article: “Microsoft is not just taking down botnets; it is taking them down and naming names. In an amended complaint [PDF] filed Monday in U.S. District Court for the Eastern District of Virginia, Microsoft named a man from St. Petersburg, Russia, as the alleged head of the notorious Kelihos botnet. Naming names can be a risky business. Previously, Microsoft alleged Dominique Alexander Piatti, dotFREE Group SRO and several unnamed ‘John Does’ owned a domain cz.cc and used cz.cc to register other subdomains used to operate and control the Kelihos botnet. However, the company later absolved Piatti of responsibility when investigators found neither he nor his business was controlling the subdomains used to host Kelihos. Whether naming Sabelnikov – who, according to Krebs on Security, once worked as a senior system developer and project manager for Russian antivirus vendor Agnitum, will have the same effect as naming the Koobface gang remains to be seen. Though Kelihos has remained defunct since the takedown last year, the malware is still on thousands of computers.”
Read more of this story at Slashdot.
Feds lead biggest botnet takedown ever, end massive clickjack fraud
Posted by Gsurface
on November 10, 2011
No comments
The botnet takedown announced Wednesday by the U.S. Department of Justice was the biggest in history, according to a security company.
Computerworld News
Microsoft Drops Suit Against Firm In Botnet Case
Posted by Gsurface
on October 31, 2011
No comments
wiredmikey writes “Microsoft has dismissed a lawsuit against a company it contended a month ago was at the heart of the now-defunct Kelihos bonnet. In September, Microsoft named Dominique Piatti and his company dotFree Group SRO as controllers of the botnet. The move marked the first time Microsoft had named a defendant in one of its botnet-related civil suits. ‘Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFree Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet,’ blogged Richard Domingues Boscovich, Senior Attorney for Microsoft’s Digital Crimes Unit. ‘Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti’s cz.cc domain.’ In regards to Kelihos, Boscovich said Microsoft is continuing its legal fight against the 22 ‘John Does’ listed as co-defendants in the lawsuit.”
Read more of this story at Slashdot.
Recent Comments