The FBI announced Slovenian police have arrested the person accused of creating the malware behind the notorious Mariposa botnet. – Law enforcement officials have identified and arrested the person they said
is the mind behind one of the largest botnets on the Web.
According to the FBI, the Slovenian Criminal Police identified and arrested
a 23-year-old known as quot;Iserdo, quot; who stands accused of
creating malware …
A 23-year-old Slovenian man was arrested on suspicion that he wrote computer malware that affected 12.7 million PCs running Windows. The botnet was named Mariposa (“butterfly” in Spanish).
Symantec’s MessageLabs have linked the Storm botnet to a spam campaign relying on shortened URLs. According to Symantec, Storm returned to the threat landscape in May and now accounts for nearly 12 percent of all spam containing shortened URLs. – Spammers are increasingly turning to shortened URLs to beat spam filters, and an old foe is at the center of it.
According to Symantecs July 2010 MessageLabs Intelligence Report, spam with shortened hyperlinks reached a peak of 18 percent April 30, translating to 23.4 billion spam e-mails. An anal…
Researchers say the notorious Windows worm has created a headless botnet – but one that continues to maintain a hold of millions of computers. A year after the infamous April 1 doomsday deadline, the investigation into the masterminds of the worm continues.
– On April 1, 2009,
the Conficker worm played an April Fools Day joke of its own on those who predicted
an Internet meltdown.
But instead of a meltdown, infected computers only got a slight update in
functionality, followed by brief attempts to rope them into rogue antivirus
scams and then months…
The research community celebrated briefly when more than 25 percent of the command-and-control servers tied to the Zeus Trojan went dark March 9. But will this takedown have a lasting effect?
– The Zeus Trojan was knocked off of malware’s
Mount Olympus this week when the upstream provider for six of the most notorious
Zeus-hosting ISPs was taken down.
The shutdown of Kazakhstani provider
Troyak-AS March 9 is credited with cutting the number of active Zeus
command-and-control serve…
SecureWorks researcher Joe Stewart revealed details of his research into a Russian botnet that has taken the unusual step of targeting Russian banks – a change from the typical focus on snaring victims in the West. The botnet also has a plug-in architecture that allows attackers to extend its abilities without writing new source code.
– Like the sequel to a
successful movie, the botnet behind the distributed denial of service attacks
that hit the country
of
Georgia during its conflict with Russia in 2008 has been updated.
This time though, the idea
isnt hacktivism its stealing financial data and, unlike in the case of oth…
Three men have been arrested in Spain accused of masterminding one of the world’s biggest computer crime networks. The trio is suspected of running the Mariposa botnet which infected more than 13-million computers with a virus that stole credit card numbers and other confidential data.
The Spanish government, along with IT security firms Defense Intelligence and Panda Security, announced the arrest of three men who allegedly masterminded the Mariposa botnet, which infected upwards of 11 million unique IPs with malicious code. The botnet spread through a combination of instant messenger programs, P2P networks and USB keys. Security experts noted how Mariposa employed particularly effective malware distribution software, which allowed the botnet to spread despite the botmasters supposed lack of advanced hacking skills.
– Spanish security forces, in conjunction with IT security
firms Defense Intelligence and Panda Security, announced the arrest of three men
who allegedly ran the Mariposa botnet, which spread malicious programming to
millions of PCs in 190 countries.
Mariposa means butterfly in Spanish, but t…
Security researchers at Damballa analyzed the command and control activity of the botnet associated with the attack on Google. The Damballa report supplies information about the attack’s tactics and reach.
– Researchers at Damballa
have uncovered evidence that the botnet behind the now infamous attack on
Google in 2009 was active months before the search engine giant was hit.
In a 31-page analysis of a botnet described as quot;amateur, quot; the researchers traced
the botnet’s activity back to July…
Microsoft’s week focused in large part on government and legal initiatives. These included the announcement of Business Productivity Online Suite Federal, likely an attempt to help head off the threat of Googles planned federal cloud-computing system, and a legal attack against the Waledac botnet. Microsoft also tried to prevent an internal document from appearing on watchdog site Cryptome. In more benign news, Microsoft also entered into intellectual property-sharing agreements with both Panasonic and Amazon.com.
– Microsoft had a big week on the government and legal fronts, ranging
from lawyer-driven attempts to shut down a botnet and a watchdog site
that posted its internal documents, to the announcement of an
online-services cloud for the federal government.
On Feb. 24, Microsoft announced security an…
In response to a lawsuit filed by Microsoft, a federal judge issued a temporary restraining order against 277 Internet domains associated with the notorious Waledac botnet.
– Microsoft is using the law as a weapon to take down the Waledac botnet.
According to the company, a federal judge in
Virginia issued a temporary restraining order Feb. 22 to cut off 277 Internet domains associated with Waledac in response to a complaint filed by Microsoft.
The legal maneuver…
Zeus is among the most popular crimeware tool kits out there and was placed in the spotlight last week due to NetWitness’ discovery of the Kneber botnet. In a discussion with eWEEK, security pros walk through some of the ways Zeus infiltrates organizations and discuss the importance of defense-in-depth as well as having sound policies governing the remediation and investigation process if infected by malware.
– When NetWitness uncovered
the now-notorious Kneber botnet, the culprit of attack had a familiar name Zeus.
The
Zeus Trojan, also known as Zbot, is one of the popular pieces of malware on
the market, selling for a few hundred dollars to several thousand. In
the case of Kneber, the Trojan made it…
Researchers at NetWitness uncovered a 75,000-strong botnet that infected companies around the world. Among its targets – login credentials for Facebook, Yahoo and other sites. According to security pros, the botnet is part of a growing trend to use social networking sites as a stepping stone to steal valuable financial data.
– Researchers at NetWitness have uncovered a 75,000-strong botnet of
systems infected with the notorious Zeus Trojan. But perhaps even more
notable than its size is the data that it is targeting.
The botnet, which has touched 2,500 organizations throughout the world
and been dubbed “Kneber” due …
Compromised Websites are now being used to host malware exploiting Adobe software and Microsoft Windows security flaws. The move is the latest twist in the Gumblar attack campaign ScanSafe uncovered in May.
– The Gumblar botnet is back with a new trick up its sleeve.
The goal, however, remains the same to steal FTP credentials and other data.
Gumblar
first made the news in May, when attackers compromised legitimate sites and
sent visitors on to a malicious site that infected their PCs with malware. N…
Click Forensics discovers a botnet behind a significant spike of click fraud traffic. As in the recent scam making use of NYTimes.com, attackers are using fake antivirus software to infect PCs.
– Click Forensics has found an unusually large spike in click fraud traffic
coming from a new botnet apparently eluding the filters of search engines,
publishers and ad networks alike.
Dubbed the quot;Bahama botnet, quot; the network of compromised computers
is distributing malware while masking…
Scientists at Sandia National Laboratories have demonstrated the ability to run more than 1 million Linux kernels as virtual machines, an effort they say will ultimately help researchers analyzing massive botnets.
– Scientists at Sandia National Laboratories are harnessing more than a
million Linux kernels as virtual machines as part of an effort to aid researchers
to better analyze botnet behavior.
According to Sandia, which serves as an R amp;D arm for the Department of
Energy, the project will allow s…
It’s a busy time for botnets.
According to Marshal8e6, spam levels are up 60 percent between January and June. The vast majority of that spam comes from massive botnets such as Cutwail and Mega-D.
Today, eWEEK is focusing on just one of those botnets Rustock which has been spamming users for the past few years. In its latest biannual report, TRACELabs Marshal8e6 noted Rustock uses rootkit functionality to hide itself, and changes spam templates often. It typically uses HTML templates from legitimate newsletters and inserts its own images and links to give Rustock spam a mask of respectability. This also allows it to dodge spam filters.
In this slideshow, eWEEK has gathered images of Rustock in action to help illustrate a day in the life a prolific botnet. (Images courtesy of SecureWorks, Symantec, Marshal8e6 and FireEye)
– …
