Feeds

Articles about Botnets

Fighting Fantasy: Warlock of Firetop Mountain, Citadel of Chaos

Microsoft and FBI storm ramparts of Citadel botnets

The ZeuS-derived Citadel botnet, which rose to public prominence last year, is being progressively disabled by Microsoft and the FBI is on the hunt for its masters. Microsoft says Citadel was used to raid bank accounts around the world and netted more than $US500m. Redmond's Digital Crimes Unit says 1,000 of the estimated 1,400 …

McAfee dumps signatures and proclaims an (almost) end to botnets

Signature-based malware identification has been around since the dawn of the computer security industry, but McAfee has said it's dumping the system – or rather, adapting it – in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets. McAfee's malware signature database has grown to over …
Iain Thomson, 26 Feb 2013
The Register breaking news

Microsoft takes down ZeuS botnets

A Microsoft-led operation resulted in the takedown of key servers associated with the infamous ZeuS and SpyEye banking Trojan botnets on Friday. Months of investigation culminated in the coordinated seizure of command-and-control servers associated with the botnets and hosted in Scranton, Pennsylvania, and Lombard, Illinois. …
John Leyden, 26 Mar 2012
The Register breaking news

Ghost of HTML5 future: Web browser botnets

HTML5 will allow web designers to pull off tricks that were previously only possible with Adobe Flash or convoluted JavaScript. But the technology, already widely supported by web browsers, creates plenty of opportunities for causing mischief. During a presentation at the B-Sides Conference in London on Wednesday, Robert McArdle …
John Leyden, 27 Apr 2012

When ZOMBIES attack: DDoS traffic triples as 20Gbps becomes the new normal

DDoS traffic has more than trebled since the start of 2013, according to a new study released on Thursday that fingers zombie networks as the primary source of junk traffic that can be used to flood websites. More than a quarter of all botnets are located in either India, China and Iran. The study, by DDoS mitigation firm …
John Leyden, 27 Mar 2014
bug on keyboard

Botnet PC armies gulp down 16 MILLION logins from around the web: Find out if you're a victim

Officials in Germany have warned that large networks of hijacked, hacker-controlled PCs – aka botnets – have harvested 16 million email address and password combinations for websites and other online services. The (German Office of Information Security) BSI said cops and security researchers have been closely following armies of …
Shaun Nichols, 22 Jan 2014
The Register breaking news

Peer-to-peer update makes ZeuS botnets harder to take down

A new strain of the ZeuS crimeware toolkit comes with a peer-to-peer design that lets infected machines bypass centralized servers when receiving updates and marching orders from operators, a researcher said. The update to a custom-built ZeuS variant known as Murofet could make it harder for white-hat hackers and law- …
Dan Goodin, 13 Oct 2011
The Register breaking news

IRC botnets dying off

Web-controlled botnets now outnumber those controlled by the traditional method of IRC channel by a factor of five, according to the latest research from Team Cymru. IRC channels used to be the only way to control networks of compromised PCs back in the day but the approach has fallen out of favour over the years as more script- …
John Leyden, 16 Nov 2010
The Register breaking news

Botnets claim 7-fold increase in victims

Botnets used in banking credential theft and other criminal enterprises made huge gains in 2010, claiming more than seven times as many victims as the previous year, according to a report issued by a security firm that follows the large networks of infected machines. The dramatic increase was fueled by improvements in DIY …
Dan Goodin, 16 Feb 2011
Bitcoin bloodbath

Got a botnet? Thinking of using it to mine Bitcoin? Don't bother

Despite an increase in popularity over recent months amongst botnet operators, malware-powered Bitcoin mining brings little to no financial return, say experts. Security giant McAfee contends in its quarterly threat report (PDF) that commercial botnet controllers and malware packages have been adding cryptocurrency mining …
Shaun Nichols, 24 Jun 2014
Spam image

Boffins pen 'Guide to better spamming'

Ignoring the manual and keeping your 'bot nimble are some of the tips a quartet of security researchers have recommended to help spam reach inboxes more effectively. The recommendations were some of the findings in studies by a research group into the relationships between email harvesters, botmasters and spammers and the …
Darren Pauli, 02 May 2014
The Register breaking news

Botnets fuel internet DDoS insurgency

Distributed denial of service attacks topped 100Gbps for the first time last year, during which attempts to flood websites with junk traffic went mainstream. Major incidents in 2010 included DDoS attacks associated with pro- and anti-WikiLeaks hackers and militias as well as hacking attacks linked to political turmoil in Burma …
John Leyden, 02 Feb 2011
bitcoin honeypot

Deploy a fake Bitcoin wallet to save your own

Bitcoin con artists have a new enemy with the launch of a managed fake wallet system that baits malware lurking on machines into striking too early. BitcoinVigil was a free pre-fab or custom honeypot that users could deploy onto a machine before using it for Bitcoin transactions. It functioned as a would-be Bitcoin wallet in a …
Darren Pauli, 05 Jun 2014

Yet another WordPress vuln: Image furtler plugin lets BADNESS in

Self-hosted installations of WordPress are at risk of attack following the disclosure of a vulnerability in a widely used plugin for the blogging software-cum-website CMS. The vulnerable TimThumb plugin is used by many blogs to easily resize images. However a zero-day vulnerability in the Webshot function of TimThumb (2.8.13 - …
John Leyden, 27 Jun 2014
IIA Logo

Australia's Internet Industry Association winds self up

Australia's Internet Industry Association is handing its members and regulatory functions to the Communications Alliance and will be wound up. The IIA has suffered erosion of its membership base over recent years, amid a flurry of mergers among Australia's tier-two telcos, and chairman Patric Fair has written to members to say …
Screen shot from SpyEye

Russian SpyEye author pleads guilty to starting malware onslaught

Russian national Aleksandr Andreevich Panin has pleaded guilty to charges of banking and wire fraud for his role in developing the SpyEye Trojan, which used botnets of enslaved computers to harvest financial credentials from internet users around the world. "The apprehension of Mr. Panin means that one of the world's top …
Iain Thomson, 29 Jan 2014
The Register breaking news

Undead botnets blamed for big rise in email malware

Malicious spam volumes increased dramatically in the back half of 2009, reaching three billion messages per day, compared to 600 million messages per day in the first half of 2009. But this is still a tiny fraction of the estimated global spam volume, thought to be about 200 billion messages per day. A new report by net security …
John Leyden, 17 Feb 2010
Dead Rising 2

Must try HARDER, infosec lads: We're RUBBISH at killing ZOMBIES

Botnet takedowns need to be improved if the industry is to avoid the risk of creating more problems than it solves every time its decapitates a zombie network, according to a former Scotland Yard detective turned security researcher. Adrian Culley, a technical consultant at infosec firm Damballa* who served with the Met Police …
John Leyden, 04 Dec 2013
Blackmail image

Cyber scum pump ransomware at victims from spambot-stuffed websites

Miscreants have brewed up a strain of ransomware which functions like the recently dead CryptoLocker - and this one communicates using the Tor browsing anonymization network. Critroni appears geared towards exploiting a gap in the market created by a takedown operation against the CryptoLocker and Gameover ZeuS botnets back in …
John Leyden, 22 Jul 2014
The Register breaking news

Wiseguy ticket scalpers used botnets to outwit Captchas

A gang of ticket touts have admitted that they hired networks of compromised PCs to defeat CAPTCHAs that would normally have thwarted their plan to automatically purchase tickets for high interest events. The trio - who operated a firm called Wiseguy Tickets (now there's a name you can trust - Ed) snapped up tickets for gigs …
John Leyden, 19 Nov 2010
PCS with a red X in front of them

ATTACK of the Windows ZOMBIES on point-of-sale terminals

Security watchers have spotted a fresh Windows-based botnet that attempts to hack into point-of-sale systems. Cyber threat intelligence firm IntelCrawler reports that the “@-Brt” project surfaced in May through underground cybercrime forums. The malware can be used to brute-force point-of-sale systems and associated networks, …
John Leyden, 09 Jul 2014
bug on keyboard

Manic malware Mayhem spreads through Linux, FreeBSD web servers

Malware dubbed Mayhem is spreading through Linux and FreeBSD web servers, researchers say. The software nasty uses a grab bag of plugins to cause mischief, and infects systems that are not up to date with security patches. Andrej Kovalev, Konstantin Ostrashkevich and Evgeny Sidorov, who work at Russian internet portal Yandex, …
Iain Thomson, 18 Jul 2014

Iraq civil war: You can fight with an AK-47 ... or a HOME-COOKED Trojan

Iraq's bloody civil war has spilled over onto the internet, notes a researcher that has spotted a large increase in cyber-espionage tools and other forms of malware. Members of the Islamic State of Iraq and al-Sham (ISIS) group have made extensive use of social media to spread slickly produced propaganda as an accompaniment to …
John Leyden, 01 Jul 2014
The Register breaking news

Microsoft loads botnet-crushing data into Azure

Microsoft is plugging its security intelligence systems into Azure so that service providers and local authorities can get near-realtime information on botnets and malware detected by Redmond. The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) was unveiled on Tuesday by Microsoft as an extension of its crime- …
Jack Clark, 28 May 2013
The Register breaking news

Zeus botnets suffer mighty blow after ISP taken offline

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world's most nefarious cyber operations. The massive drop is the result of actions taken by two Eastern European network providers. On Tuesday, they pulled the …
Dan Goodin, 10 Mar 2010
Lecpetex

Facebook scuttles 250k-strong crypto-currency botnet

Facebook has taken down a Greek botnet that at its peak compromised 50,000 accounts and infected 250,000 computers to mine crypto-currencies, steal email and banking details and pump out spam. The scuttled Lecpetex botnet spread malware including the DarkComet remote access trojan by social engineering techniques and was adept …
Darren Pauli, 09 Jul 2014
The Register breaking news

Zeus botnets' Achilles' Heel makes infiltration easy

A security researcher has discovered a potentially crippling vulnerability in one of the most widely used botnet toolkits, a finding that makes it easy for blackhats and whitehats alike to take control of huge networks of infected PCs. The flaw in the Zeus crimeware kit makes it trivial to hijack the C&C, or command and control …
Dan Goodin, 27 Sep 2010
Network Cables Index Image

Websites stagger to feet, Network Solutions wears off DDoS hangover

Web-hosting biz and domain-name registrar Network Solutions was pummelled offline by attackers last night - and took its customers' websites down with it. The distributed denial-of-service assault (DDoS) lasted for about two or three hours before the US company was able to mitigate the effects and get its systems back online. …
John Leyden, 18 Jul 2013
Internet map

Crap hospital databases next goldmine for cyber-crooks, say Microsoft's botnet slayers

The low levels of security in healthcare IT systems, and the high value of its data, is going to make the sector the next big target for scammers, according to the Microsoft-backed team that takes down botnets. "Healthcare is really in a disadvantaged place in cyber-security," said Patrick Peterson, CEO of security firm Agari, …
Iain Thomson, 28 Feb 2014

Microsoft's anti-malware crusade knackers '4 MILLION' No-IP users

Microsoft has won a court order to gain control of 23 No-IP domains owned by dynamic DNS (DDNS) provider Vitalwerks Internet Solutions. The US software giant claimed the domains were being used by malware developed in the Middle East and Africa. Vitalwerks operates its No-IP DDNS service from Nevada, and there is no suggestion …
Iain Thomson, 01 Jul 2014

Citadel botnet resurges to storm Japanese PCs

Citadel, the aggressive botnet at the heart of a widely criticised takedown by Microsoft back in June, is back and stealing banking credentials from Japanese users, according to Trend Micro. The security vendor claimed to have found “at least 9 IP addresses”, mostly located in Europe and the US, functioning as the botnet’s …
Phil Muncaster, 04 Sep 2013

Watch a bank-raiding ZeuS bot command post get owned in 60 seconds

Web thieves may get more than they bargained for if tech pros follow the lead of one researcher – who demonstrated how to hack the systems remote-controlling the infamous ZeuS crime bot in 60 seconds. The dangerous Trojan ZeuS infects Windows PCs to, among other things, silently siphon cash from victims' online bank accounts. …
Darren Pauli, 06 May 2014
The Register breaking news

Need an army of killer zombies? Yours for just $25 per 1,000 PCs

As little as $25 will buy you access to a thousand malware-infected PCs, neatly packaged as a botnet army to control or spy on. That's according to a security researcher studying underground souks of zombie computers. But the prices increase steeply for the more discerning crook who only wants to use compromised machines in …
John Leyden, 04 Mar 2013
The Register breaking news

One-third of orphaned Zeus botnets find way home

The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about a third of the orphaned channels were able to regain connectivity in less than 48 hours. The resurrection of at least 30 command and control channels came after their internet …
Dan Goodin, 11 Mar 2010

Tor traffic torrent: It ain't the Syrians, it's the BOTS

The recent spike in traffic on the Tor anonymizing relay network is probably due to botnet activity rather than any recent political developments, research by Tor Project members has concluded. The overall number of clients accessing the Tor network on a daily basis has more than doubled since around mid-August, but so far …
Neil McAllister, 05 Sep 2013
Sorry we're closed

Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month

Domain-name service provider Dyn has announced that it will discontinue its last remaining free services, effective May 7. "For the last 15 years, all of us at Dyn have taken pride in offering a free version of our Dynamic DNS Pro product," Dyn CEO Jermey Hitchcock wrote in a Monday blog post. "What was originally a product …
Neil McAllister, 07 Apr 2014
balaclava_thief_burglar

Did Microsoft actually put 'get repeatedly pwned by Syrian hackers' on its 2014 todo list?

Another week, and yet another successful compromise of Microsoft's servers by the so-called Syrian Electronic Army. And this time it's Redmond's revamped Office blog that got vandalized. Hacked Microsoft Office blog All your blogs are belong to us "A targeted cyberattack temporarily affected the Microsoft Office blog and the …
Iain Thomson, 21 Jan 2014

These lucky people get paid to play CYBER WAR GAMES

Some lucky infosec professionals will be taking part in a cyber war game designed to test the readiness of NATO countries to respond to "large scale cyber attacks targeting information infrastructures" in the pretty city of Tartu in Estonia. Cyber Coalition 2013, a three-day exercise which starts today, will involve staff from …
John Leyden, 26 Nov 2013
Spam

SPAM supposedly spotted leaving the fridge

It's still silly season, it seems. Tell the world that a bunch of small business broadband routers have been compromised and recruited into botnets, and the world yawns. Add in a television or a multi-media centre, and there's a faint flicker of interest – perhaps a raised eyebrow, but not much more. Add in the word “ …

Most spam comes from just six botnets

Six botnets are responsible for 85 per cent of all spam, according to an analysis by net security firm Marshal. The Srizbi botnet is reckoned to be the largest single source of spam - accounting for 39 per cent of junk mail messages – followed by the Rustock botnet, responsible for 21 per cent of the spam clogging up users' …
John Leyden, 29 Feb 2008
The Register breaking news

Ruggedised botnets pushing out even more spam

Cybercrooks have adapted to the takedown of rogue ISPs by building more resilient botnets. An annual security survey by MessageLabs found that the already high level of spam reached 87.7 per cent of email traffic during 2009, with highs and lows of 90.4 percent in May and 73.3 percent in February respectively. Junk volumes …
John Leyden, 08 Dec 2009
Warning: biohazard

iPhone worms can create mobile botnets

A detailed analysis of the most malign in a recent spate of iPhone worms points to future mobile botnet risks. The IKee-B (Duh) iPhone worm, released in late November, exploited default root passwords on jailbroken iPhones to turn the smartphones into botnet clients under the control of a server based in Lithuania. The worm …
John Leyden, 22 Dec 2009
Sheep

Hey, Silk Road dealers: Looking for new life? Pay for a biz course with Bitcoin

A British university has become the first educational establishment in the world to allow its students to pay fees using Bitcoin. However, Cumbria University admitted it has no way of checking whether pupils had earned their virtual crypto currency by stealing, through botnets, by legitimate mining and trading, or via drug sales …
Jasper Hamill, 22 Jan 2014
Microsoft Cybercrime Center

Cybercrook? Bent on mischief? WE'LL GET YOU, vow Facebook and pals

Internet heavyweights have teamed up to form a non-profit organisation designed to supply internet infrastructure operators with free tools and intelligence in the fight against cybercrime. Facebook, security intelligence firm Crowdstrike, Verisign, ESET Anti-Virus, Verizon and the Anti-Phishing Working Group, among others, are …
John Leyden, 25 Mar 2014
NSA parody T-shirt

NSA's TURBINE robot can pump 'malware into MILLIONS of PCs'

The latest batch of top-secret intelligence documents from the hoard collected by NSA whistleblower Edward Snowden detail the massive increase in the agency's use of its Tailored Access Operations (TAO) hacking unit – including a system dubbed TURBINE that can spam out millions of pieces of sophisticated malware at a time. The …
Iain Thomson, 12 Mar 2014
The Register breaking news

Grum botnet loses Dutch servers

ISPs in Russia and Panama are continuing to host Grum botnet command-and-control servers, after Dutch authorities silenced C&Cs in their country. According to FireEye Research, two Netherlands-based servers were taken offline on July 17. “With these two servers offline, the spam template inside Grum's memory will soon time out …
Zombie experience

'Quarter' of TWO-MILLION-strong zombie PC army lured to their deaths

Symantec has claimed credit for luring a significant lump of the powerful ZeroAccess botnet into a sinkhole. ZeroAccess has been active since 2011 and is one of the largest known botnets in existence: it has upwards of 1.9 million infected computers forming its army, all remotely controlled by miscreants. This swarm of PC robots …
John Leyden, 01 Oct 2013
Zombies, credit: Wikimedia from Night of The Living Dead

Zombie PCs are for crimelord chumps: Fear clusters, says infosec ace

It may be possible for a "single dedicated attacker" to run an internet "carpet-bombing" attack by applying Big Data and distributed computing technologies, security researcher Alejandro Caceres warns. The traditional botnet, or network of hijacked computers, has been used for distributed computing problems, such as Bitcoin …
John Leyden, 14 Aug 2013
bug on keyboard

Microsoft borks botnet takedown in Citadel snafu

Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners. The Windows 8 giant worked with financial service organisations, other technology firms and the Federal Bureau of Investigation to disrupt more than a thousand botnets. The botnets in question …
John Leyden, 10 Jun 2013
Miner sculpture

New ransomware strain forces hapless users into becoming Bitcoin miners

Scammers are punting a strain of ransomware that puts compromised PCs to work mining Bitcoins after blocking all other activity on infected Windows computers. A new variant of the Reveton ransomware, spotted by researchers at Malwarebytes, locks a user out of their computer before running a Bitcoin miner. This means the …
John Leyden, 19 Sep 2013