Entries with tag botnets.

Microsoft Takes Aim at Tor-Distributed Botnet

Microsoft reports it has been quietly deleting old versions of Tor anonymizing software clients from Windows machines to prevent them from being exploited by the Sefnit botnet. Sefnit adds a version of the Tor client to computers it infects to anonymize communications with the hacker’s command and control server. Sefnit uses its botnet for click fraud and illegal Bitcoin mining, and also leaves infected computers open to other types of attacks. Although the precise number of infected computers isn’t known, the Tor network grew from roughly 1 million computers to 5.5 million computers in about two weeks because of Sefnit’s spread. The precise number isn’t known because the number could include those who willingly added Tor to their computer. Microsoft says it has removed 2 million infected Tor client systems from computers. Microsoft estimates there are at least two million more infected machines that are probably not running Microsoft security software, which could eliminate the threat. (SlashDot)(Malware Protection Center, Microsoft Threat Research & Response Blog)

Newly Found Android Botnet Is Used in Multiple Spyware Campaigns

A newly discovered mobile botnet—which researchers from security vendor FireEye describe as “one of the largest advanced mobile botnets to date”—is being used for at least 64 spyware campaigns targeting Android devices. Once an Android device is compromised, the MisoSMS botnet uses malware to steal a user’s text messages and e-mail them to cybercriminals in China. The infection is prevalent on Android devices in Korea, explain researchers. They say the attackers appear to be using command-and-controls servers in Korea and China to access the text messages. (SlashDot)(FireEye)
 

Symantec Disables Portion of Resilient Botnet

Security vendor Symantec has disrupted part of the ZeroAccess botnet, freeing 500,000 of the 1.9 million infected computers from the malicious network’s control. Symantec researchers took advantage of an undisclosed flaw in the network’s peer-to-peer updating to poison 256 peer computers that were part of the botnet. The researchers then injected their own IP addresses into the botnet to gain control of them. They tried to wrest control of ZeroAccess’ entire command-and-control mechanism. However, because the botnet distributes its instructions peer to peer, rather than via centralized servers, this frustrated the researchers’ attempts. In addition, the botmasters subsequently updated the malware they use to control computers to eliminate the vulnerabilities that Symantec exploited. The company is working to free victimized computers that don’t have the update. Symantec researchers call ZeroAccess “one of the most menacing botnets in current circulation.” The botnet operators use the computers they control to distribute malware, and commit advertising fraud, specifically click fraud, and online currency fraud through using the compromised computers for Bitcoin mining. The advertising fraud alone reportedly nets about $700,000 per year from roughly 1,000 clicks/day per computer. (BBC)(Computerworld)(Ars Technica)

New Threat: Computers with Factory-Installed Malware


Cybercriminals are now installing malware before computer systems leave the factory, according to newly released information from Microsoft. The company found botnet malware called Nitol that  lets criminals  steal information that can ultimately be used to steal money from infected users’ online bank accounts. Microsoft says the criminals responsible for Nitol exploited insecure supply chains to have viruses installed as PCs were being built. It says its investigators purchased 20 PCs --10 desktops and 10 laptops -- from different cities in China and found four viruses. The malware was traced to counterfeit software some Chinese PC makers were installing. Nitol is allegedly linked to a web domain that has been involved in cybercrime since 2008. Microsoft was given permission by a US court to seize the domain, blocking any trafficking of stolen data. Nitol infections  aren’t restricted to mainland China. Infected machines have been discovered in the US, Russia, Australia, Germany, and the Cayman Islands. Microsoft claims that this is its second such botnet disruption action in a six-month period. The court documents were unsealed today. (BBC)(Associated Press)(The Official Microsoft Blog)

Showing 4 results.