Srizbi Becomes World's Largest Botnet - PC World
2008-05-17 15:42:00 Srizbi Becomes World's Largest BotnetPC World - 4 hours agoHaving compromised 300000 PCs around the world, it was now sending out an estimated 60 billion spam emails per day on "watches, pens, male enlargement ...
How a Botnet looks like
2008-05-09 10:04:00 If you would like to know a little bit more on botnets and how they actually look like, there is a researcher who actually draw a map of one: What a Botnet Looks Like Roger
What a Botnet Looks Like
2008-05-08 17:28:00 Over on CSO they have an interesting graphical representation of a botnet. David Vorel mapped interconnected bots to create the map. The map allows you to zoom in a la Google Maps. Check it out. Article Link
Botnet servers
2008-05-04 00:10:00 Botnet servers will often liaise with other botnet servers, such that a group may contain 20 or more individual cracked high-speed connected machines as servers, linked together for purposes of greater redundancy. Actual botnet communities usually consist of one or several controllers who consider themselves as having legitimate access to a group of bots. Such controllers rarely have highly-developed command hierarchies between themselves; they rely on individual friend-to-friend relationships. Often conflicts will occur between the controllers as to who gets the individual rights to which machines, and what sorts of actions they may or may not permitBotnet is a jargon term for a collection of software robots, or bots, which run autonomously and automatically. They run on groups of zombie computers controlled remotely. This can also refer to the network of computers using distributed computing software.While the term "botnet" can be used to refer to any group of bots, such as IRC bo...
Storm Botnet, Shrinking From Gale To Drizzle?
2008-05-01 18:26:00 The folks at MessageLabs are stating that the Storm botnet has dropped down to around 100K nodes from it’s prjected high of over two million. From IT News: MessageLabs’ Intelligence Report for April 2008 said that new malicious software removal tools aimed at removing Storm infections were responsible for the sudden reduction in Storm-infected computers. The security firm ...
Microsoft: We took out Storm botnet
2008-04-25 05:50:00 Its malware scanner cleaned more then 500k PCs infected with the bot in '07 Microsoft today took credit for crushing the Storm botnet, saying that1 Vote(s)
By: JeQQ it
Investigadores infiltran y contaminan el Botnet Storm
2008-04-25 01:48:00 Un grupo de investigadores de la Universidad de Mannheim y el Institut Eurocom infiltraron el famoso botnet Storm, y probaron un método de contaminarlo aprovechándose de una vulnerabilidad en el protocolo P2P. La técnica no es nueva, pero gracias a dicha vulnerabilidad han demostrando que pueden interrumpir el proceso de comunicación entre las computadoras. El ...
LSDigital Pleads Guilty
2008-03-17 13:12:00 As part of Operation Bot Roast a hacker named, Robert Matthew Bentley, 21, of Panama City, Florida has plead guilty to a pair of felony counts. Bently, who at times used the moniker LSDigital, was responsible in part for a massive botnet that spanned the globe. From the Register UK: An indictment alleged that Bentley and his ...
Growth of Anti-Botnet Startups Points to AV Deficiencies
2008-03-14 06:55:00 "A slew of software companies new and old are shipping tools aimed at slowing the botnet epidemic, but the emergence of this new market is seen by some analysts as an indictment of the existing anti-malware industry. With reliable statistics showing a dramatic rise in botnet-related computer infections, venture capitalists are now pouring money into ...
By: Malware Help Org
Over 1 Million Potential Victims of Botnet Cyber Crime - FBI News
2008-02-09 13:14:00 The FBI announced the results of an ongoing cyber crime initiative to disrupt and dismantle “botherders” and elevate the public’s cyber security awareness of botnets. OPERATION BOT ROAST is a national initiative and ongoing investigations have identified over 1 million victim computer IP addresses. The FBI is working with their industry partners, viz. Microsoft Corporation, the Botnet Task Force and the CERT Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers and referring criminal botnet activity to law enforcement. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity.A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to...
MayDay! Sneakier, More Powerful Botnet on the Loose
2008-02-08 14:14:00 "A new peer-to-peer (P2P) botnet even more powerful and stealthy than the infamous Storm has begun infiltrating mostly U.S.-based large enterprises, educational institutions, and customers of major ISPs. The MayDay botnet can evade leading antivirus products, and so far has compromised thousands of hosts, according to Damballa, which says 96.5 percent of the infected machines ...
By: Malware Help Org
Botnet hunting
2008-02-04 23:07:00 Kees Leune – Digital Intelligence and Security Operations Group (DISOG) has an article up on how to start investigating botnets. They article contains a number of sections: Section 1, the rules of behavior Section 2, Locating binaries Section 3, extracting information Section 4,... read more
Fake MJ12bot v1.0.8 (virus based botnet)
2008-01-15 19:46:00 Acording to Majestic 12 number of fake MJ12bots appeared on the Net with name MJ12bot/v1.0.8 and user Majestic 12. Bot is virus based botnet and tray to infect your site or visitors.Kaspersky Labs have successfully identified this virus They called this fake MJ12bot virus thingy as: Trojan.Win32.Agent.dqy and Trojan.Win32.Zapchast.dv. Boot also try to abuse mail ...
By: Datacentar blog
Fake MJ12bot v1.0.8 (virus based botnet)
2008-01-15 19:46:00 According to Majestic 12 number of fake MJ12bots appeared on the Net with name MJ12bot/v1.0.8 and user Majestic 12. Bot is virus based botnet and tray to infect your site or visitors.Kaspersky Labs have successfully identified this virus They called this fake MJ12bot virus thingy as: Trojan.Win32.Agent.dqy and Trojan.Win32.Zapchast.dv. Boot also try ...
By: Datacentar blog
Anti-botnet vendors plug in
2008-01-04 13:18:00 A small group of IT security startups are hoping to cash in on the rise of the botnet scourge as businesses — telecommunications carriers and Internet service providers, in particular — seek new methods for stopping the attacks. Technorati Tags: Anti-botnet, Malware
Peering Inside the IRC Botnet
2007-12-18 07:19:00 Copyright © 2007 The Network Security. Org. Visit the original article at http://www.thenetworksecurity.o-rg/peering-inside-the-irc-botne-t.html.The average life span of a command and control server in an Internet Relay Chat (IRC)-based botnet is less than two months. And these machines and their drones that make up a botnet are typically scattered around the world, a new study ...
Peering Inside the IRC Botnet
2007-12-18 07:19:00 The average life span of a command and control server in an Internet Relay Chat (IRC)-based botnet is less than two months. And these machines and their drones that make up a botnet are typically scattered around the world, a new study on IRC botnets reveals. Technorati Tags: irc botnet, irc botnet analysis, Malware
Police close in on NZ botnet ringleader Siliconcom QED Connect Provides Ene
2007-12-03 09:24:00 The sweep is part of the FBI s second phase of Operation Bot Roast the same operation which resulted in four felony charges against US security consultant John Schiefer . Security from A to Z Click on the links below to find out more. A is for Antivirus B is for ...
FBI arrests Penn student in ?botnet? attacks
2007-11-30 00:44:00 A University of Pennsylvania student and a New Zealand hacker hijacked a university computer server last year, the FBI charged Thursday, part of an investigation into cyber-attacks called "botnets."
Botnet owner faces 60 years in prison and a $1.75 million fine
2007-11-12 15:07:00 Until recently, botnet owners seemed to be able to trash people’s systems without having to face very many consequences. And in a lot of instances, more than a system gets trashed when it is compromised by a botnet owner. Friday, the Central California U.S. Attorney’s office announced the prosecution of one of these botnet owners. Of ...
Was the Ron Paul botnet attack a dirty trick?
2007-11-02 05:01:00 Spam that included political messages about Ron Paul has caused his campaign nothing but grief. Could it be a political dirty trick?
Storm Worm Botnet Lobotomizing AntiVirus Programs
2007-10-27 00:00:00 The ever mutating, ever stealthy Storm worm botnet is adding yet another trick to its vast repertoire: Instead of killing antivirus products on target systems, it's now doing a hot fix with a memory patch to render them brain dead. The strategy means that users won't be alarmed by their antivirus software not running.
By: Malware Help Org
From Botnet Tracking to Intrusion Detection
2007-10-15 15:01:00 The following is an excerpt from the book Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In this section of Chapter 11:Tracking Botnets (.pdf), authors Niels Provos and Thorsten Holz explain how virtual honeypots can be used in the real world to investigate botnets and their behaviour. Something that is interesting, but rarely seen is ...
From Botnet Tracking to Intrusion Detection
2007-10-15 15:01:00 The following is an excerpt from the book Virtual Honeypots: From Botnet Tracking to Intrusion Detection. In this section of Chapter 11:Tracking Botnets (.pdf), authors Niels Provos and Thorsten Holz explain how virtual honeypots can be used in the real world to investigate botnets and their behaviour. Something that is interesting, but rarely seen is ...
Intro to Today?s Top Botnet Attacks
2007-10-10 18:12:00 by Corey Nachreiner, CISSP, Network Security Analyst, WatchGuard Technologies [Editor’s Note: This article supplements the list of attacks shown in Part 2 of the video series, Malware Analysis: Botnets. “Malware Analysis: Botnets, Part 2″ shows a small subset of botnet attacks in action. This article fills out that subset with more attacks commonly found in ...
The Storm Botnet: What?s This About?
2007-09-20 21:03:00 It’s freaky how the “Storm Botnet” has been reported by the media. It’s as if this was a natural phenomena like an ice age or El Nino. The average home user has no idea of the details and isn’t told what any of it means, only that they should be afraid. So, let’s see if ...
The Storm Botnet: What?s This About?
2007-09-20 21:03:00 It’s freaky how the “Storm Botnet” has been reported by the media. It’s as if this was a natural phenomena like an ice age or El Nino. The average home user has no idea of the details and isn’t told what any of it means, only that they should be afraid. So, let’s see if ...
ThreatSTOP Anti-Botnet DNS
2007-09-18 01:34:00 ha.ckers.org web application security lab – I was asked to take a look at ThreatSTOP the other day. Although it?s not very clear from the website after signing up I found out the basics. It?s essentially a lot like OpenDNS. In fact, it?s so much like OpenDNS that I actually confused id when I said what it was ... read more
Anti scammers under attack by Storm botnet
2007-09-11 16:13:00 I happened to be checking out the Artists Against 419 site (one of my favorites) and discovered that the site is under a pretty nasty DDOS attack. But apparently, it doesn’t stop there. I found this on SlashDot written by capnkr and posted by CowboyNeal: “It looks like the efforts of the anti-scammers at sites like 419eater, ...
Custom built botnet steals eBay accounts
2007-09-06 00:00:00 Online auction site eBay has been targeted by identity thieves, who are wielding a botnet that uses brute force to uncover valid account login information, a Tel Aviv based security company said Monday.
By: Malware Help Org
Study: Botnets boosting click fraud rates on ads
2007-08-08 19:13:00 The overall industry average click fraud rate–which represents the number of clicks on online pay-per-click ads that are not legitimate–has jumped, according to a new report from search engine marketing firm Click Forensics. The overall click fraud rate was 15.8 percent for the second quarter, up from 14.1 percent from a year ago and 14.8 percent ...
Botnets Are Fun
2007-07-23 15:43:00 If you believe that, you probably also believe that there is a Prince in another country that needs your help to secretly move millions of dollars out of his village before he is killed. No, botnets are not fun and you absolutely need to protect yourself from them. Here is one great way to keep ...
Fast flux botnets
2007-07-16 18:20:00 Researchers at the excellent Honeynet Project have published a detailed paper on the growing phenomenon of what they call “fast flux service networks “. Essentially, criminals are now using DNS records with a short time-to-live that return hundreds of A records of compromized hosts. Both the NS records for the domain and the ...
The human cost of botnets
2007-07-07 16:31:00 Botnets and “Zombie PCs” - virus-infected computers that are programmed to send out spam mail - are well-known now, but what is less commonly acknowledged is the potential human cost of these machines. According to the FBI, there is a growing problem with vital systems being taken over by botnets to launch spam virus ...
FBI pulls plug on several botnet hackers
2007-06-14 11:40:00 WASHINGTON - More than 1 million computers ? possibly yours, too ? are used by hackers as remote-controlled robots to crash online systems, accept spam and steal users' personal information, theFBI said Wednesday. The government has no way to track down all the computers, both in the U.S. and elsewhere, that hackers have massed into centrally controlled collections known as botnets.But the FBI has pulled the plug on several botnet hackers, or zombies. One man was charged this week in a scheme that froze computer systems at Chicago-area hospitals in 2006 and delayed medical services.What was viewed seven years ago as a kind of prank to boot people off-line has evolved into schemes to defraud people by stealing credit card andSocial Security data, by crashing retail Web sites and through "pump-and-dump" online stock deals.In those stock cases, hackers break into online trading accounts to buy and sell stocks, pumping up the price of those they can liquidate and then dumping them.FBI ...
Botnet controller via web
2007-06-13 11:00:00 Today, when I was tracking the server to which a variant of Trj/LdPinch sends information, I have come across, among the files in the server, some .php files that are used to control a botnet via web. The image below would be the initial screen from which the infected systems can be viewed for geographical area: And the option ?Botnet controller? allows different actions to be carried out in the affected systems:
By: PandaLabs Blog
Botnets Battle Over Turf
2007-04-27 07:50:00 More botnet-on-botnet turf wars have erupted — and intensified — over the past few months. Aside from the distributed denial-of-service (DDOS) attacks they launch against one another to disrupt their operations (like the recent DDOS battles between the Storm and Stration botnets), they also are constantly trying to hijack bots from one another. "Stealing is ...
Botnets by Email
2007-04-14 00:00:00 I make no effort to hide my email address, which means that I know the instant a new email based virus, phishing attack, or penny stock pumping scam launches when my inbox floods. Most such emails are easy to distinguish from legitimate emails because of their lack of personalization, poor grammar, or low quality images that attempt to foil spam filters.
By: Malware Help Org
JavaScript Botnet Code Leaked to Internet
2007-04-06 00:00:00 Software that could be used to turn a Web browser into an unwitting hacker's tool has been posted to the Internet, after it was downloaded by a quick thinking attendee at last month's Shmoocon hacker conference.
By: Malware Help Org
Botnets for sale
2007-04-06 00:00:00 On the morning of February 2, 2007, someone launched a distributed denial of service attack on Domain Name Service (DNS) servers worldwide, temporarily shutting down 2 of the 13 global databases. However, the Internet, which relies upon a hierarchy of DNS servers to resolve common name addresses (such as CNET.com) into a numerical IP address, was in no great danger.
By: Malware Help Org
DNS Attack: Possible Botnet Sales Pitch
2007-03-10 18:39:02 The attackers behind the distributed denial of service attack last month on the Internet's DNS root servers may have been doing a little botnet sales pitch, according to a newly released postmortem report on the attack.
By: Malware Help Org
Botnets Go One-on-One
2007-03-02 18:40:01 The most savvy and sophisticated botnet operators are bringing out the big guns now — operating deeper underground and staging massive distributed denial-of-service attacks on their adversaries. Jose Nazario, senior software and security engineer with Arbor Networks, will give an inside look at the latest botnet movements and strategies in a briefing at Black Hat DC next week. Nazario, who is among the researchers who track botnets, says big changes are now underway in the botnet world. "The two biggest shifts we’re seeing are HTTP for very specialized botnets and the successful deployment of peer-to-peer botnets," Nazario says. "That’s pretty frightening, if you think about it." Dark Reading - Desktop Security - Black Hat: Botnets Go One-on-One - Security News Analysis botnet, denial of service attacks, Exploits & Vulnerabilities, Hacking, Network Security, Web Security
Botnet Attack Features Cozy User Interface for Attacker
2007-02-25 18:29:01 Websense Security Labs researchers have caught a somewhat rare insight into an interface used by an attacker to control infected systems in a bot network. Websense discovered the new malicious Web sites yesterday, using the company's ThreatSeeker technology.
By: Malware Help Org
How many bots? How many botnets?
2007-02-22 18:28:01 I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. Today, it is clear the bad guys can get their hands on as many bots as they need, or in a more scary scenario, want. They don't need that many.
By: Malware Help Org
Botnets Prefer Windows XP
2007-01-02 09:56:02 I found an interesting article on SecureWorks site. When SecureWorks finds an infected client, they make a note of the OS the infected client is running. Their site shows a pie-chart revealing the most popular Operating Systems in use in botnets. Here is a breakdown: 47.23% – Windows XP SP2 21.92% – Windows XP SP1 14.98% – Windows XP with no service packs installed 6.35% – Windows 2000 SP4 4.9% – Windows 98 4.62% – Others Not that I think SecureWorks would intentionally skew the results or do anything dishonest, but keep in mind that SecureWorks is partnered with Apple. This is interesting because it shows that the majority of the botnet is made up of computers that are fairly up-to-date as far as their OS goes. Tags: botnet, windows xp sp2, windows xp sp1, windows 2000, windows 98, apple, secureworks
Worm/Botnet Circulating for MS06-040
2006-08-15 19:42:01 For those of you that haven’t patched yet… a worm (a variant of MocBot or a ‘new’ virus according to MS named Graweg) is circulating for MS06-040… it’s fairly standard.. exploit, install a service.. service connects to IRC to wait out commands.. LurHQ has a great analysis of the virus quote: Mocbot first appeared in late 2005, using the MS05-039 PNP vulnerability in order to spread. Since it is fairly unremarkable IRC bot and was not even the first to use the MS05-039 exploit, it received little attention past the ordinary anti-virus writeups and signatures. Amazingly, this new variant of Mocbot, still uses the same IRC server hostnames as a command-and-control mechanism after all these months. This may be partially due to the low-profile it has held, but also may be due to the fact that the hostnames and ip addresses associated with the command-and-control servers are almost all located in China. Historically Chinese ISPs and government enti...
By: ComputerDefense
|
|
 |
|
 |
