Entries with tag botnet.

Pushdo Botnet Is Evolving, Evading Detection

New research finds that a Pushdo Trojan variant has continued evolving and thriving and now can counteract attempts to disrupt the botnet it has created. Security experts first spotted the Trojan, which hackers use to distribute spam and other malware, in 2007 . Cutwail, the network’s spam-generating engine, is reportedly responsible for much of the world’s spam traffic. Security experts have tried to take down the Pushdo/Cutwail botnet four times during the last five years, according to PC World, but the disruption was only temporary. Security experts from vendors Damballa and Dell SecureWorks, as well as the Georgia Institute of Technology, say the latest variant of Pushdo uses domain-generation algorithms, which periodically generate multiple domain names that botnet controllers can use to contact zombie computers. The many new contact points make shutting down botnets difficult for security experts. It also causes problems with user security products designed to block malicious traffic. The Trojan also has zombies regularly query legitimate websites to camouflage their traffic to command-and-control servers. Damballa published its Pushdo findings online at < https://www.damballa.com/downloads/r_pubs/Damballa_mv20_case_study.pdf >.  (PC World)(Infosecurity Magazine)(Damballa)

WordPress Botnet Continues Growing

A recent series of attacks against WordPress blogs is creating a growing botnet, according to security researchers. The attacks—which focus on individuals whose WordPress username is “admin”—attempts to crack their password for signing into the blog using brute-force attacks. The botnet reportedly now consists of 90,000 or more computers. Security experts are concerned the botnet could continue growing and create a massive problem. The attacks reportedly started after WordPress began offering an optional two-step authentication login. Once a website is infected, it is equipped with a backdoor. This lets the hackers control the site remotely and make it part of the botnet. (BBC)(Matt Mullenweg)(Krebs on Security)

Android-Based Botnet Discovered

A Microsoft engineer has found a botnet targeting Yahoo! Mail users on Android devices. Terry Zink says the botnet is being used to send spam e-mail messages from compromised Yahoo! mail accounts and speculates the users were either infected by a malicious Android application they might have downloaded to circumvent paying for a legitimate copy or a rogue version of a legitimate application. He says the spam samples had the same Message-ID with the tagline “Sent from Yahoo! Mail on Android.”  Graham Cluley, an expert with Sophos, said if this attack did originate from Android devices, it would be the first time smartphones had been exploited in this manner. “We’ve seen it done experimentally to prove that it’s possible by researchers, but not done by the bad guys,” Cluley told the BBC. “We are seeing a lot of activity from cybercriminals on the Android platform.” (PhysOrg)(BBC)(Terry Zink's Cyber Security Blog)

Showing 3 results.