Feeds

Botnet with 60GB of stolen data cracked wide open

Fast flux no more

Internet Security Threat Report 2014

Researchers have cracked open a botnet that amassed more than 60GB of passwords and other stolen data, even as it cloaked itself using a state-of-the-art technique known as fast flux.

When its command-and-control server was infiltrated, the Mumba botnet had snagged more than 55,000 PCs, according to the researchers from anti-virus provider AVG. The data-stealing operation is the work of the notorious Avalanche Group, a criminal operation that was responsible for two-thirds of all phishing attacks in the second half of 2009, according to a report earlier this year from the Anti-Phishing Working Group.

“These criminals are some of the most sophisticated on the internet, and have perfected a mass-production system for deploying phishing sites and 'crimeware,'” AVG wrote in a report issued Monday. “This means that mitigating the threat by going after the servers hosting the data using the 'Mumba' botnet is now much harder than before.”

Most botnet command-and-control channels run on compromised webservers or web-hosting services designed for criminals, making it possible to dismantle the network by taking down the central server. Mumba, by contrast, makes use of fast-flux technology, in which the operations are carried out on thousands of compromised PCs. That allows the IP address and host machine to change every few minutes, a measure that frequently foils takedown attempts by researchers and law enforcement.

The botnet appears to have been spawned with an initial malware campaign that was launched in April. Its first week saw more than 35,000 infections. Several smaller campaigns were responsible for the remainder of the botnet's 55,000 victims. The malware uses at least four variants of the latest Zeus crimeware kit, which allows well-financed criminals to deploy highly sophisticated botnets in a hurry.

AVG's discovery is only the latest time that researchers have been able to penetrate a rogue network built on the back of Zeus. Earlier this year, researchers with a separate firm got inside a network that had compromised more than 74,000 machines from at least 2,500 companies, many of which were Fortune 500 firms.

Both botnets were adept at stealing highly sensitive personal details from the PCs they compromised. The stolen data includes login credentials for online bank, retail, and email accounts, and social-networking sites.

A PDF of AVG's report is here. ®

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.