Feeds

Articles about Botnets

Fighting Fantasy: Warlock of Firetop Mountain, Citadel of Chaos

Microsoft and FBI storm ramparts of Citadel botnets

The ZeuS-derived Citadel botnet, which rose to public prominence last year, is being progressively disabled by Microsoft and the FBI is on the hunt for its masters. Microsoft says Citadel was used to raid bank accounts around the world and netted more than $US500m. Redmond's Digital Crimes Unit says 1,000 of the estimated 1,400 …

McAfee dumps signatures and proclaims an (almost) end to botnets

Signature-based malware identification has been around since the dawn of the computer security industry, but McAfee has said it's dumping the system – or rather, adapting it – in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets. McAfee's malware signature database has grown to over …
Iain Thomson, 26 Feb 2013
The Register breaking news

Microsoft takes down ZeuS botnets

A Microsoft-led operation resulted in the takedown of key servers associated with the infamous ZeuS and SpyEye banking Trojan botnets on Friday. Months of investigation culminated in the coordinated seizure of command-and-control servers associated with the botnets and hosted in Scranton, Pennsylvania, and Lombard, Illinois. …
John Leyden, 26 Mar 2012
The Register breaking news

Ghost of HTML5 future: Web browser botnets

HTML5 will allow web designers to pull off tricks that were previously only possible with Adobe Flash or convoluted JavaScript. But the technology, already widely supported by web browsers, creates plenty of opportunities for causing mischief. During a presentation at the B-Sides Conference in London on Wednesday, Robert McArdle …
John Leyden, 27 Apr 2012

When ZOMBIES attack: DDoS traffic triples as 20Gbps becomes the new normal

DDoS traffic has more than trebled since the start of 2013, according to a new study released on Thursday that fingers zombie networks as the primary source of junk traffic that can be used to flood websites. More than a quarter of all botnets are located in either India, China and Iran. The study, by DDoS mitigation firm …
John Leyden, 27 Mar 2014
bug on keyboard

Botnet PC armies gulp down 16 MILLION logins from around the web: Find out if you're a victim

Officials in Germany have warned that large networks of hijacked, hacker-controlled PCs – aka botnets – have harvested 16 million email address and password combinations for websites and other online services. The (German Office of Information Security) BSI said cops and security researchers have been closely following armies of …
Shaun Nichols, 22 Jan 2014
The Register breaking news

Peer-to-peer update makes ZeuS botnets harder to take down

A new strain of the ZeuS crimeware toolkit comes with a peer-to-peer design that lets infected machines bypass centralized servers when receiving updates and marching orders from operators, a researcher said. The update to a custom-built ZeuS variant known as Murofet could make it harder for white-hat hackers and law- …
Dan Goodin, 13 Oct 2011
The Register breaking news

IRC botnets dying off

Web-controlled botnets now outnumber those controlled by the traditional method of IRC channel by a factor of five, according to the latest research from Team Cymru. IRC channels used to be the only way to control networks of compromised PCs back in the day but the approach has fallen out of favour over the years as more script- …
John Leyden, 16 Nov 2010
The Register breaking news

Botnets claim 7-fold increase in victims

Botnets used in banking credential theft and other criminal enterprises made huge gains in 2010, claiming more than seven times as many victims as the previous year, according to a report issued by a security firm that follows the large networks of infected machines. The dramatic increase was fueled by improvements in DIY …
Dan Goodin, 16 Feb 2011
IIA Logo

Australia's Internet Industry Association winds self up

Australia's Internet Industry Association is handing its members and regulatory functions to the Communications Alliance and will be wound up. The IIA has suffered erosion of its membership base over recent years, amid a flurry of mergers among Australia's tier-two telcos, and chairman Patric Fair has written to members to say …
The Register breaking news

Botnets fuel internet DDoS insurgency

Distributed denial of service attacks topped 100Gbps for the first time last year, during which attempts to flood websites with junk traffic went mainstream. Major incidents in 2010 included DDoS attacks associated with pro- and anti-WikiLeaks hackers and militias as well as hacking attacks linked to political turmoil in Burma …
John Leyden, 02 Feb 2011
Screen shot from SpyEye

Russian SpyEye author pleads guilty to starting malware onslaught

Russian national Aleksandr Andreevich Panin has pleaded guilty to charges of banking and wire fraud for his role in developing the SpyEye Trojan, which used botnets of enslaved computers to harvest financial credentials from internet users around the world. "The apprehension of Mr. Panin means that one of the world's top …
Iain Thomson, 29 Jan 2014
Dead Rising 2

Must try HARDER, infosec lads: We're RUBBISH at killing ZOMBIES

Botnet takedowns need to be improved if the industry is to avoid the risk of creating more problems than it solves every time its decapitates a zombie network, according to a former Scotland Yard detective turned security researcher. Adrian Culley, a technical consultant at infosec firm Damballa* who served with the Met Police …
John Leyden, 04 Dec 2013
The Register breaking news

Undead botnets blamed for big rise in email malware

Malicious spam volumes increased dramatically in the back half of 2009, reaching three billion messages per day, compared to 600 million messages per day in the first half of 2009. But this is still a tiny fraction of the estimated global spam volume, thought to be about 200 billion messages per day. A new report by net security …
John Leyden, 17 Feb 2010
The Register breaking news

Wiseguy ticket scalpers used botnets to outwit Captchas

A gang of ticket touts have admitted that they hired networks of compromised PCs to defeat CAPTCHAs that would normally have thwarted their plan to automatically purchase tickets for high interest events. The trio - who operated a firm called Wiseguy Tickets (now there's a name you can trust - Ed) snapped up tickets for gigs …
John Leyden, 19 Nov 2010
The Register breaking news

Microsoft loads botnet-crushing data into Azure

Microsoft is plugging its security intelligence systems into Azure so that service providers and local authorities can get near-realtime information on botnets and malware detected by Redmond. The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) was unveiled on Tuesday by Microsoft as an extension of its crime- …
Jack Clark, 28 May 2013
Internet map

Crap hospital databases next goldmine for cyber-crooks, say Microsoft's botnet slayers

The low levels of security in healthcare IT systems, and the high value of its data, is going to make the sector the next big target for scammers, according to the Microsoft-backed team that takes down botnets. "Healthcare is really in a disadvantaged place in cyber-security," said Patrick Peterson, CEO of security firm Agari, …
Iain Thomson, 28 Feb 2014
Network Cables Index Image

Websites stagger to feet, Network Solutions wears off DDoS hangover

Web-hosting biz and domain-name registrar Network Solutions was pummelled offline by attackers last night - and took its customers' websites down with it. The distributed denial-of-service assault (DDoS) lasted for about two or three hours before the US company was able to mitigate the effects and get its systems back online. …
John Leyden, 18 Jul 2013
The Register breaking news

Zeus botnets suffer mighty blow after ISP taken offline

At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world's most nefarious cyber operations. The massive drop is the result of actions taken by two Eastern European network providers. On Tuesday, they pulled the …
Dan Goodin, 10 Mar 2010
The Register breaking news

Zeus botnets' Achilles' Heel makes infiltration easy

A security researcher has discovered a potentially crippling vulnerability in one of the most widely used botnet toolkits, a finding that makes it easy for blackhats and whitehats alike to take control of huge networks of infected PCs. The flaw in the Zeus crimeware kit makes it trivial to hijack the C&C, or command and control …
Dan Goodin, 27 Sep 2010

Citadel botnet resurges to storm Japanese PCs

Citadel, the aggressive botnet at the heart of a widely criticised takedown by Microsoft back in June, is back and stealing banking credentials from Japanese users, according to Trend Micro. The security vendor claimed to have found “at least 9 IP addresses”, mostly located in Europe and the US, functioning as the botnet’s …
Phil Muncaster, 04 Sep 2013
Sorry we're closed

Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month

Domain-name service provider Dyn has announced that it will discontinue its last remaining free services, effective May 7. "For the last 15 years, all of us at Dyn have taken pride in offering a free version of our Dynamic DNS Pro product," Dyn CEO Jermey Hitchcock wrote in a Monday blog post. "What was originally a product …
Neil McAllister, 07 Apr 2014

Tor traffic torrent: It ain't the Syrians, it's the BOTS

The recent spike in traffic on the Tor anonymizing relay network is probably due to botnet activity rather than any recent political developments, research by Tor Project members has concluded. The overall number of clients accessing the Tor network on a daily basis has more than doubled since around mid-August, but so far …
Neil McAllister, 05 Sep 2013
The Register breaking news

Need an army of killer zombies? Yours for just $25 per 1,000 PCs

As little as $25 will buy you access to a thousand malware-infected PCs, neatly packaged as a botnet army to control or spy on. That's according to a security researcher studying underground souks of zombie computers. But the prices increase steeply for the more discerning crook who only wants to use compromised machines in …
John Leyden, 04 Mar 2013
balaclava_thief_burglar

Did Microsoft actually put 'get repeatedly pwned by Syrian hackers' on its 2014 todo list?

Another week, and yet another successful compromise of Microsoft's servers by the so-called Syrian Electronic Army. And this time it's Redmond's revamped Office blog that got vandalized. Hacked Microsoft Office blog All your blogs are belong to us "A targeted cyberattack temporarily affected the Microsoft Office blog and the …
Iain Thomson, 21 Jan 2014
Spam

SPAM supposedly spotted leaving the fridge

It's still silly season, it seems. Tell the world that a bunch of small business broadband routers have been compromised and recruited into botnets, and the world yawns. Add in a television or a multi-media centre, and there's a faint flicker of interest – perhaps a raised eyebrow, but not much more. Add in the word “ …

These lucky people get paid to play CYBER WAR GAMES

Some lucky infosec professionals will be taking part in a cyber war game designed to test the readiness of NATO countries to respond to "large scale cyber attacks targeting information infrastructures" in the pretty city of Tartu in Estonia. Cyber Coalition 2013, a three-day exercise which starts today, will involve staff from …
John Leyden, 26 Nov 2013
Sheep

Hey, Silk Road dealers: Looking for new life? Pay for a biz course with Bitcoin

A British university has become the first educational establishment in the world to allow its students to pay fees using Bitcoin. However, Cumbria University admitted it has no way of checking whether pupils had earned their virtual crypto currency by stealing, through botnets, by legitimate mining and trading, or via drug sales …
Jasper Hamill, 22 Jan 2014
Microsoft Cybercrime Center

Cybercrook? Bent on mischief? WE'LL GET YOU, vow Facebook and pals

Internet heavyweights have teamed up to form a non-profit organisation designed to supply internet infrastructure operators with free tools and intelligence in the fight against cybercrime. Facebook, security intelligence firm Crowdstrike, Verisign, ESET Anti-Virus, Verizon and the Anti-Phishing Working Group, among others, are …
John Leyden, 25 Mar 2014
The Register breaking news

One-third of orphaned Zeus botnets find way home

The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about a third of the orphaned channels were able to regain connectivity in less than 48 hours. The resurrection of at least 30 command and control channels came after their internet …
Dan Goodin, 11 Mar 2010
NSA parody T-shirt

NSA's TURBINE robot can pump 'malware into MILLIONS of PCs'

The latest batch of top-secret intelligence documents from the hoard collected by NSA whistleblower Edward Snowden detail the massive increase in the agency's use of its Tailored Access Operations (TAO) hacking unit – including a system dubbed TURBINE that can spam out millions of pieces of sophisticated malware at a time. The …
Iain Thomson, 12 Mar 2014
Zombie experience

'Quarter' of TWO-MILLION-strong zombie PC army lured to their deaths

Symantec has claimed credit for luring a significant lump of the powerful ZeroAccess botnet into a sinkhole. ZeroAccess has been active since 2011 and is one of the largest known botnets in existence: it has upwards of 1.9 million infected computers forming its army, all remotely controlled by miscreants. This swarm of PC robots …
John Leyden, 01 Oct 2013
Zombies, credit: Wikimedia from Night of The Living Dead

Zombie PCs are for crimelord chumps: Fear clusters, says infosec ace

It may be possible for a "single dedicated attacker" to run an internet "carpet-bombing" attack by applying Big Data and distributed computing technologies, security researcher Alejandro Caceres warns. The traditional botnet, or network of hijacked computers, has been used for distributed computing problems, such as Bitcoin …
John Leyden, 14 Aug 2013
Miner sculpture

New ransomware strain forces hapless users into becoming Bitcoin miners

Scammers are punting a strain of ransomware that puts compromised PCs to work mining Bitcoins after blocking all other activity on infected Windows computers. A new variant of the Reveton ransomware, spotted by researchers at Malwarebytes, locks a user out of their computer before running a Bitcoin miner. This means the …
John Leyden, 19 Sep 2013
bug on keyboard

Microsoft borks botnet takedown in Citadel snafu

Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners. The Windows 8 giant worked with financial service organisations, other technology firms and the Federal Bureau of Investigation to disrupt more than a thousand botnets. The botnets in question …
John Leyden, 10 Jun 2013
The Register breaking news

Grum botnet loses Dutch servers

ISPs in Russia and Panama are continuing to host Grum botnet command-and-control servers, after Dutch authorities silenced C&Cs in their country. According to FireEye Research, two Netherlands-based servers were taken offline on July 17. “With these two servers offline, the spam template inside Grum's memory will soon time out …
The Register breaking news

Ruggedised botnets pushing out even more spam

Cybercrooks have adapted to the takedown of rogue ISPs by building more resilient botnets. An annual security survey by MessageLabs found that the already high level of spam reached 87.7 per cent of email traffic during 2009, with highs and lows of 90.4 percent in May and 73.3 percent in February respectively. Junk volumes …
John Leyden, 08 Dec 2009
Warning: biohazard

iPhone worms can create mobile botnets

A detailed analysis of the most malign in a recent spate of iPhone worms points to future mobile botnet risks. The IKee-B (Duh) iPhone worm, released in late November, exploited default root passwords on jailbroken iPhones to turn the smartphones into botnet clients under the control of a server based in Lithuania. The worm …
John Leyden, 22 Dec 2009

Ex-Google, Mozilla bods to outwit EVIL BOTS with 'polymorphic' defence

Startup Shape Security is re-appropriating a favourite tactic of malware writers in developing a technology to protect websites against automated hacking attacks. Trojan authors commonly obfuscate their code to frustrate reverse engineers at security firms. The former staffers from Google, VMWare and Mozilla (among others) have …
John Leyden, 21 Jan 2014

Most spam comes from just six botnets

Six botnets are responsible for 85 per cent of all spam, according to an analysis by net security firm Marshal. The Srizbi botnet is reckoned to be the largest single source of spam - accounting for 39 per cent of junk mail messages – followed by the Rustock botnet, responsible for 21 per cent of the spam clogging up users' …
John Leyden, 29 Feb 2008
Zombie cloud

Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt

Microsoft has teamed up with the FBI to launch a renewed attempt to disrupt the operations of the infamous ZeroAccess botnet. ZeroAccess is responsible for infecting over two million computers, specifically targeting search results as part of a click-fraud scam that Redmond estimates is costing online advertisers $2.7m a month. …
John Leyden, 06 Dec 2013

Microsoft botnet smackdown 'caused collateral damage, failed to kill target'

Microsoft is attracting fresh criticism for its handling of the Citadel botnet takedown, with some security researchers pointing to signs that the zombie network is already rising from the grave again. Redmond worked with financial service organisations, other technology firms and the Federal Bureau of Investigation to disrupt …
John Leyden, 13 Jun 2013

Russian cybercrooks shun real currencies, develop private altcoins

Fraudsters are using private currencies to conduct transactions with each other on Russian-language cybercrime forums. The advent of new private financial systems and currencies in the Russian-language cybercrime community is a trend indicating a stronger level of collaboration, cooperation and sophistication amongst individual …
John Leyden, 17 Feb 2014
The Register breaking news

Rotten spam causing more infections than ever – study

Anti-spam tools have evolved to a degree where many of us hardly see much spam anymore. But when we do, the threat posed by those messages is greater than it has ever been, according to a new report from independent security firm AV-Test. The report, entitled "Spam – More Dangerous than Ever Before," was based on an 18-month …
Neil McAllister, 11 Apr 2013
The Register breaking news

Twitter-controlled botnets come to the unwashed masses

A security researcher has unearthed a tool that simplifies the process of building bot armies that take their marching orders from specially created Twitter accounts. TwitterNet Builder offers script kiddies a point-type-and-click interface that forces infected PCs to take commands from a Twitter account under the control of …
Dan Goodin, 13 May 2010

Android malware spotted hitching a ride on mobile botnet

Kaspersky Lab has reported the first sighting of mobile malware (Android, of course) that piggybacks on the back of a separate mobile botnet and uses the resources of other malware once it's installed. "For the first time malware is being distributed using botnets that were created using completely different mobile malware," …
Iain Thomson, 06 Sep 2013
The Register breaking news

Zombies are attacking America – researchers

Hackers responsible for an ongoing series of attacks against US banks over the past week may be tapping into botnets to power their assaults, according to security researchers. Meanwhile, the Financial Services ISAC (Information Sharing and Analysis Center) continues to advise banks to be prepared for attack. Bank of America, …
John Leyden, 28 Sep 2012
The Register breaking news

Sex, lies, and botnets: the saga of Perverted Justice

A computer programmer has been convicted of unleashing crippling attacks on rollingstone.com and other websites after they published a humiliating account of him engaging in an adulterous online affair with a fictitious woman. Bruce Raisley, 49, was found guilty of a single count of launching a malicious program that infected …
Dan Goodin, 23 Sep 2010
Flag Russia

Botnets linked to political hacking in Russia

Security researcher Jose Nazario has uncovered circumstantial evidence of the use of botnets in politically-motivated denial of service attacks. Political events in the wider world are sometimes accompanied by hacking incidents in cyberspace, such as defacements and the like. Nobody paid much attention to the issue until the …
John Leyden, 14 Dec 2007

Stratsec critical of cloud security

A study conducted by BAE security subsidiary Stratsec claims that cloud services aren’t doing enough to secure their instances against being used to host attacks. The company has described a series of experiments here. Stratsec says it was able to set up botnets – it refers to them as botClouds – on all five of the cloud …