Articles about Botnets

DDoS, the cloud and you

Private cloud computing can be a useful way to offload some computing overhead and manage your costs effectively. The switch to operating expenses from capital expenses, the elasticity, the business continuity benefits – they're all real. But so are the dangers of DDoS disaster. There's a problem with moving your servers and …
Danny Bradbury, 21 Jul 2016

25,000 malware-riddled CCTV cameras form network-crashing botnet

A massive network of hacked CCTV cameras is being used to bring down computers around the world, we're told. The unusual 25,000-strong botnet was apparently spotted by US security outfit Sucuri when it investigated an online assault against an ordinary jewelry store. The shop's website was flooded offline after drowning in 35 …
Iain Thomson, 28 Jun 2016
Lady eating a sandwich checking her mobile phone

Biz networks' DNS troubles

More than four in five (83 per cent) of enterprise networks show evidence of malicious DNS activity. Malware such as botnets, the ZeuS banking malware, distributed denial of service (DDoS) traffic and the CryptoLocker ransomware generated malicious lookup queries picked up in a new study by DNS security specialists Infoblox …
John Leyden, 16 Jun 2016

Digital ad biz is fraudulent by design, complain big brands

Global trade body the World Federation of Advertisers (WFA) has produced a useful guide to the digital ad industry's toxic sludge. The WFA represents the biggest spenders on digital advertising, such as Unilever and MasterCard, and they're not happy. Advertisers lose out from ad fraud, and firms need to clean up their own act …
Andrew Orlowski, 07 Jun 2016

Two plead guilty to stealing personal information of millions

Two men have admitted to running a computer hacking and identity theft scheme which hijacked customer email accounts, stole personally identifiable information (PII) from millions of people, and generated more than $2m in illegal profits. In a press release the US Department of Justice named Tomasz Chmielarz, 33, of Rutherford …
Kat Hall, 03 Jun 2016

Password reuse bot steals creds from weak sites, logs in to banks

The perils of password re-use have been laid bare with the discovery of a botnet dedicated to finding account credentials on websites and testing the logins it finds on banks. The work is clever since it avoids tripping botnet detection and brute force rate limiters in place at most security-savvy banks, but absent across the …
Darren Pauli, 24 May 2016
Image by: TijanaM http://www.shutterstock.com/gallery-501730p1.html

Android Lollipop sucks at security, says researcher

Skycure security researcher Yair Amit has revealed a chained Android attack path that will greatly enhance attackers' ability to compromise 1.34 billion devices, or 95 percent of those in use. The Accessibility Clickjacking attack exploits flaws in protections for Android's accessibility and draw-over-apps features to allow …
Darren Pauli, 19 May 2016
Vikings. Credit: History Channel.

Malicious Android apps slip into Google Play, top third party charts

Malicious Android applications have bypassed Google's Play store security checks to enslave infected devices into distributed denial of service attack, advertising fraud, and spam botnets. The apps are legitimate games that in some stores outside of Google Play have made it to highly-contested top free games charts. …
Darren Pauli, 17 May 2016
Internet anonymity

US govt quietly tweaks rules to let cops, Feds hack computers anywhere, anytime

On Thursday, the US Supreme Court approved a change to Rule 41 of the Federal Rules of Criminal Procedure. It sounds innocuous, but the effects will be felt around the world. Under today's rules, US cops and FBI agents need to know where a computer is before they can get a warrant to directly hack the machine – because they …
Iain Thomson, 29 Apr 2016
St Petersburg Russia

SpyEye duo behind bank-account-emptying malware banged up

A two-man team responsible for spreading the SpyEye malware that caused more than a billion dollars in financial hardship is now starting extended sentences in American prisons. The malware's author – Aleksandr Panin, 27, of Tver, Russia – was sent down for nine years and six months by United States District Court Judge Amy …
Iain Thomson, 21 Apr 2016

Swedish military unwittingly helped hose US banks in 2012/2013

Sweden's military has told a newswire that its servers were used in a 2012/2013 attack on American banks. The report from Agence France Presse (AFP) quotes military spokesperson Mikael Abramsson, who told the agency, "The hacking attack was a kind of wake-up call for us and forced us to take very specific security steps to …

DNS root server attack was not aimed at root servers – infosec bods

The internet's root servers were not the target of a distributed denial-of-service (DDoS) attack in December which for a short time took out four of the 13 pillars of the global network. That's according to two security researchers who will present their findings at a conference in Argentina on Friday. Instead, they conclude …
Kieren McCarthy, 29 Mar 2016

US charges Iranians with hacking into an NY dam, blasting banks offline

The US Department of Justice (DoJ) has charged seven Iranian hackers over a string of high-profile distributed denial-of-service (DDoS) attacks against banks. The seven allegedly worked with Islamic Revolutionary Guard Corps-affiliated entities to run a coordinated campaign of cyber attacks against the US financial sector. One …
John Leyden, 24 Mar 2016

Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of crypto-ransomware. CryptoWall topped the list of 2015’s most notorious ransomware families, with a 31 per …
John Leyden, 09 Mar 2016
hacker

OPSEC mistakes spill Russian DDoS scum's payment secrets

OPSEC mistakes by a cybercrook have allowed security researchers to estimate the revenue of a Russian DDoS booter merchant. The research is noteworthy because the only public information available on these miscreants is normally their online advertisements for site takedown services in Russian-language cybercrime forums and …
John Leyden, 03 Mar 2016
Onions

Tor takes aim against malicious nodes on the network

The Tor Project is working with Princeton University boffins to try and identify possibly malicious nodes, and prevent them from harvesting traffic by gaming its node reputation system. Tor's reputation services collect flags from relays, from which they assess and publish (hourly) the reputation of relays, but the researchers …

A RAT and a spammer both avoid the slammer

Two US hackers have escaped prison, receiving probation instead of time in federal coolers. Blackshades remote access trojan (RAT) co-creator Michael Hogue, 25, of Arizona, could have stared down five years prison for his role in developing the BlackShades remote access trojan but instead received the time on probation. His …
Darren Pauli, 01 Feb 2016

Israeli academics claim they can predict botnet attacks

Ben Gurion University researchers have developed a tool capable of predicting future botnet attacks while also distinguishing between human and automated campaigns. Dudu Mimran, chief technology officer of the university's Deutsche Telekom Innovation Labs, says the team is investigating how the tool may benefit law enforcement …
Team Register, 28 Jan 2016

If you can't buy bootleg gear online in New York, this may be why

Usenix Enigma A university sleuth investigating online bootleggers has spoken of his research into counterfeit markets – including revealing the moment he accidentally blocked off a chunk of Manhattan to scammers. Understanding the money trail behind illicit internet businesses has been a passion of Damon McCoy, an assistant professor of …
Iain Thomson, 26 Jan 2016
lottery

Bad luck, Ireland: DDoS attack disrupts isle's National Lottery

A DDoS attack disrupted the Irish National Lottery’s website and ticket machines on Wednesday (January 20). The draw took place as normal despite two hours of disruption beforehand. "Indications are that this morning's technical issues were as a result of a DDoS attack affecting our communications networks," a statement from …
John Leyden, 21 Jan 2016

Ad-clicking bots predicted to rip US$7.2 billion from Mad Men

Botnets will inflict a massive US$7.2 billion in damages against online advertisers this year according to research by ad security company White Ops. Last year the industry was said to have lost US$5 billion, close to the $6.3 billion White Ops predicted in December 2014, thanks to the scourge of botnets that hugely inflate …
Darren Pauli, 20 Jan 2016
botnet

Microsoft: We’ve taken down the botnets. Europol: Would Sir like a kill switch, too?

Last December, Microsoft intercepted traffic on users’ PCs and helped break up a botnet. And nobody complained. So the company very tentatively asked at a session on ethics and policy in Brussels this week whether it should do more. John Frank, Microsoft's VP of European Government Affairs, explained how Microsoft had helped …
Andrew Orlowski, 19 Jan 2016

Brazilian whacks: as economy tanks, cyber-crooks samba

Brazil's economy may be hurtling towards recession but its online criminal underground is booming with wannabe hackers and carders racing to get a cut, research finds. Trend Micro's work is the latest in a series of papers it has published in recent months that examine regional online crime economies including North America, …
Darren Pauli, 13 Jan 2016

Linode: Back at last after ten days of hell

Linode reckons its long outage has come to an end, although its most-current message says there may be “intermittent” issues for users, mostly of its Atlanta facility. At the time of writing, the status of all services was listed as “operational”, except for Atlanta which still shows as “partial outage”. The company has been …
Broken CD with wrench

Security sweep firm links botnet infestation and file sharing

Updated There’s high degree of correlation between organisations with P2P activity and system compromises via malware infections, according to a new study by BitSight Technologies. Correlation is, of course, different from causation. However, the booby-trapping of Torrents to tricks freetards into sucking down on malicious code is a …
John Leyden, 21 Dec 2015

American cyber crims operate popup hack 'n crack sites in plain sight

North American cyber criminals are so blatantly thumbing their noses at law enforcement that their forums have been nicknamed "glass tanks". The selling of malware, stolen credentials, and other crime services are so open they can be found using Google, Trend Micro researchers Kyle Wilhoit and Stephen Hilt say. Moreover, the …
Darren Pauli, 14 Dec 2015

Internet's root servers take hit in DDoS attack

The internet's root servers came under a concerted distributed denial of service (DDoS) attack last week that effectively knocked three of the 13 critical pillars of the internet offline for several hours. The attack came just days before the Janet academic network received a similar DDoS attack. According to a first analysis …
Kieren McCarthy, 08 Dec 2015

Ponmocup is the '15 million' machine botnet you've never heard of

Botconf One of the world's most successful, oldest, and largest botnets is an underestimated and largely-unknown threat that has over time infected 15 million machines and made millions plundering bank accounts. The findings from a team of eight Fox IT researchers say the 'Ponmocup' botnet controlled 2.4 million infections at its peak …
Darren Pauli, 03 Dec 2015
Cat 5 cable

Conficker, back from the undead, dominates malware threat landscape

Conficker was the most common malware used to attack UK and international organisations in October, accounting for 20 per cent of all attacks globally, according to security vendor Check Point. When it first appeared in November 2008, the Windows-affecting Conficker worm caused all manner of problems mainly because of its …
John Leyden, 01 Dec 2015

Twitter DM character limit liberation spells opportunity for botnets

London security researcher Paul Amar has built a tool capable of exploiting Twitter's extended direct messaging function for covert botnet command and control. Amar created Twittor which allows attackers of white or black hats to create a fleet of compromised machines that can communicate, receive instructions, and update over …
Team Register, 13 Nov 2015

DDoS, botnet, and fiber cut fail to stop Twitchers crowd-installing Linux

The Twitch in the Shell project has successfully installed Arch Linux using hundreds of people simultaneously hammering keys in a terminal. One of the organizers has explained to The Reg how it was done. The project, broadcast by video-streaming site Twitch, managed the feat in around five hours. And this despite the best …
Iain Thomson, 05 Nov 2015

Lone wolves could be behind multi-million dollar Cryptowall ransomware racket

A single group could be behind the monstrous Cryptowall 3.0 ransomware, widely considered to be one of the most menacing threats to end users that has fleeced victims of millions of dollars. Intel Security, Palo Alto Networks, Fortinet, and Symantec under the Cyber Threat Alliance have probed the net scourge revealing that the …
Darren Pauli, 30 Oct 2015

Qualcomm proposes brain implants for IP cameras

If you take the vision stuff at face value, the latest company to announce its vision of hell on Earth is Qualcomm, which some of the more breathless of the tech press reckons wants to create the “conscious” camera. Well, it's a little shy of consciousness, thank heavens. What the chip-shipper has announced is an IP camera …

Shopping mall CCTV gear commandeered to blast websites offline

Crooks are hijacking CCTV cameras in shopping malls to launch denial-of-service attacks, datacenter security firm Imperva warns. The abuse is possible because camera operators are taking a lax approach to security and failing to change default passwords on the devices. CCTV equipment are common Internet-of-Things (IoT) device …
John Leyden, 22 Oct 2015
Dianne Feinstein

CISA blowup: 'Web giants sharing private info isn't about security – it's state surveillance'

There were sharp words on the floor of the US Senate on Wednesday as lawmakers debated the controversial Cybersecurity Information Sharing Act (CISA) and its amendments. The bill, proposed by Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA), would allow internet giants and other companies to share people's personal …
Iain Thomson, 22 Oct 2015

German Govt mulls security standards for SOHOpeless routers

The German Government is mulling an assessment of the security chops of consumer routers in a bid to lift current abysmal standards and help inform buyers. Berlin's Ministry of the Interior IT security office says it wants to test routers for support of security features like WPS, encryption, and brute force protection of …
Darren Pauli, 21 Oct 2015

FBI takes down Dridex botnet, seizes servers, arrests suspect

The FBI has teamed up with security vendors to disrupt the operations of Dridex banking Trojan. Multiple command-and-control (C&C) servers used by the Dridex Trojan have been taken down and seized in a co-ordinated action after the FBI obtained court orders. The take-down operation is geared towards crippling the malware’s …
John Leyden, 14 Oct 2015

Linux-powered botnet lets rip on victims with 180Gbps network floods

Cybercrooks have built a network of compromised Linux servers capable of blowing websites and other systems off the internet with at least 150Gbps of junk traffic. The XOR Distributed Denial of Service (DDoS) botnet is launching 20 attacks a day from compromised machines, according to Akamai. 90 per cent of the attacks from …
John Leyden, 29 Sep 2015

FireEye intern VXer pleads guilty for Darkode droid RAT ruse

A former FireEye intern has pleaded guilty to creating and selling the Dendroid malware on the raided Darkode criminal forum. Morgan Culbertson, 20, of Pittsburgh, pleaded guilty before a Pittsburgh federal judge and faces sentencing 2 December. He faces a maximum of 10 years prison and a $250,000 fine, and has no prior …
Darren Pauli, 27 Aug 2015

Google reveals OnHub WiFi router, complete with GLOWING RING

Google will shortly release its first WiFi router and has made automatic updating a frontline feature. The new "OnHub" is designed to offer a rather more pleasant experience for home users, starting with a cute coffee cup form factor and extending to an app-driven user interface. Google's even banished blinking lights [Heresy …
Darren Pauli, 19 Aug 2015

Anti-botnet initiatives USELESS in sea of patch-hating pirates

Three Dutch researchers have crunched data gleaned from efforts to battle the Conficker bot and declared anti-botnet initiatives all but useless for clean up efforts. Conficker was born in 2008 spreading aggressively through a since patched remote code execution Microsoft vulnerability (MS08-067) that affected all operating …
Darren Pauli, 18 Aug 2015

Malvertising set to wreak one BEELLION dollars in damage this year

Records have fallen as malvertising clocked its most prolific month in history, making it one of the biggest threats to endpoint security. If the scourge continues, criminals will have inflicted a billion dollars in damages by the end of the year from a paltry US$12,000 investment, according to researchers at security firm …
Darren Pauli, 13 Aug 2015

Telstra's bush broadband boxes bugged, bashed, botted

Update Telstra has patched a vulnerability that could have seen regional Australians suffer interception of their internet connections through a remotely-exploitable vulnerability in a series of wireless terminals the nation's dominant telco deploys under its universal service obligation. Melbourne security researcher Tim Noise (@ …
Darren Pauli, 03 Aug 2015

Invisible app ads slug smartmobes with 2GB of daily downloads

Invisible rogue mobile apps are wasting petabytes of data a day through an advertising hijacking technique researchers say could inflict US$1 billion in damages this year. Some 5000 malicious Android and iOS apps are hiding the rapidly-reloading ads from users and will continue to operate even if the apps are not in use. That …
Darren Pauli, 27 Jul 2015

Cyber-security's dirty little secret: It's not as bad as you think

New research from the Global Commission on Internet Governance has reached a surprising conclusion: cyberspace is actually getting safer. The report [PDF] starts from a simple enough premise: while we are constantly told that incidents of cyberattacks and online security threats are increasing, are they growing relative to the …
Kieren McCarthy, 18 Jul 2015

FireEye intern nailed in Darkode downfall was VXer, say the Feds

A former intern at security company FireEye has been arrested for creating and selling the slick and sophisticated Dendroid malware program after being caught in a global police sting that obliterated the Darkode cybercrime forum. Prosecutors say that Morgan Culbertson, 20, of Pittsburgh, was most recently working as a …
Darren Pauli, 16 Jul 2015

Dot-com da-bomb Verisign fires off an OpenDNS rival

Operator of the dot-com registry Verisign has launched a rival to popular online security service OpenDNS, called DNS Firewall. Announcing the service in a blog post, Verisign's Michael Kaczmarek said that protecting a company from cyberattacks was "becoming increasingly difficult and expensive," and pointed out that hackers …
Kieren McCarthy, 08 Jul 2015

BOT-GEDDON coming after ZeusVM leak, hacker warns

Former Kaspersky Japan boss now malware researcher Hendrik Adrian is warning of a boom of ZeusVM botnets, after the trojan source code was leaked online. Version two of the builder and panel source code leaked last month, and spotted by the French malware researcher known as Xylitol Adrian, who uses the online handle …
Darren Pauli, 07 Jul 2015

US is the world's botnet mothership, says Level 3

Level 3 Communications says America is home to more botnet command and control servers, edging out the Ukraine, with Russia only managing third place. Command and control servers, used to maintain vast botnet scourges, are active for about 30 days before being taken down by operators located all over the world or by local police …
Darren Pauli, 22 Jun 2015
steam_dota_character_648

Unable to log on to online games? Blame cheap-rate DDoSers

Running botnets-for-hire to mount DDoS attacks has become cheaper and easier than ever, according to a new research. Imperva Incapsula reckons botnet-for-hire services might be acquired for for as little $19.99 per month, via underground forums and payable in Bitcoins. Short, single-vector attacks associated with botnet-for-hire …
John Leyden, 10 Jun 2015