Posts Tagged ‘Botnet’

DDoS attack alertDDoS attack has become a consumer product.

She still can not be sold in the shops, but in underground sites, you will find many opportunities – sets for DDoS, price lists and even DDoS services for hire. Anyone from individuals to organizations involved in cybercrime can easily deploy a botnet and launch an attack.

Not require programming skills and knowledge of hacking, DDoS kits allow novice hackers to easily run a botnet. DDoS kit includes two components – Designer bots, as well as the management server. (more…)

BotnetA joint operation between Microsoft and Symantec completed the discovery and the closure of a major botnet (a network of infected computers that perform malicious commands) called Bamital.

Hundreds of thousands of machines involved in the botnet, brought a group of operators of 18 people an income of more than $ 1 million in a year. The present case is unique in that for the first time in the history of closing botnets manufacturers have released special tools to help users to solve the problem affected.

According to reports, after the closure of a botnet of infected computers have lost access to search services on the Internet. Bamital botnet was the sixth since 2010, the closing of which Microsoft has received the judgment. In addition, this is the second case of collaboration Microsoft and Symantec to close botnet. Closed scale botnet seemed truly global.

The principle of a botnet Bamital was to redirect browsers to the links that the user clicks in search sites Google, Bing and Yahoo. Instead of the desired web user to the fake sites under the control of the botnet operators. In contrast to the various “toolbars” (such as Ask and Conduit), which do not affect the search results, just replaced a botnet links extradition. (more…)

Vulnerability

New botnet on Android

According to researchers from security company Cloudmark, a functional botnet for Android-devices is extremely rare.

According to experts in the information security of the company Cloudmark, they have discovered a new Trojan application that creates a botnet by infecting mobile devices based on Android. In this case, the main feature of the virus is that it uses to spread infected smartphones SMS spam. As noted in the Cloudmark, they first encountered the malicious botnet uses of mobile devices in this way.

In the anti-virus companies have also stressed that the threat is a new challenge to the virus writers operators. This is due to the fact that companies often block the number of its subscribers, if their infected devices spread spam. Moreover, these subscribers are usually not even aware that their smartphone has been compromised.

“I believe that the operators still are working on ways to address the problem, – said Cloudmark chief engineer Andrew Conway, – the threat is fairly new.” (more…)

Zeus botnet Eurograbber

Zeus botnet Eurograbber

The company Check Point, which has a serious authority in the protection of information, published 18-page report on the new botnet called ‘Eurograbber’.

According to the results of the investigation conducted by Check Point and Versafe, since it was first detected in Italy in early 2012, the system Eurograbber stole more than 36 million euros ($ 47 USD million) from the accounts of private and corporate clients in various countries in the eurozone.

Technology steal money from bank accounts Eurograbber built on botnet Zeus – very popular with cybercriminals platform to create branched botnets with centralized management server. Unlike Eurograbber of previously detected malware is its high complexity and risk. The fact that Eurograbber uses special circuitry to bypass two-factor authentication, which is still considered a reliable means of protection: messages with one-time passwords that are sent from the bank to the customer’s mobile phone, intercepted and used by hackers.

Name Eurograbber detected complex viruses gave security experts from companies and Check Point Versafe. For 2012, the virus had spread throughout Europe. According to experts, the operators Eurograbber stole more than 36 million euros, with each victim lost from 500 to 25 000. (more…)

Hackers attackThe basic version of the program found will cost interested users at $ 2399.

On one of the forums we found a link to the new version of malicious service Citadel 1.3.4.5. Note that the program Citadel is a “social network” for hackers.

As part of the Citadel in hackers can vote for new ideas, offer their value certain development or improvement of the new module. In addition, users can exchange messages Citadel and comment posted in her application. Participants social platform provides the ability to monitor the stages of development of a new module. Developers regularly updated with the current status and the time remaining until the end of development.

Members also receive Citadel jabber-notifications, which provide information about the new user appearing modules and applications. (more…)

BotnetIn 2007, the attention of researchers of information security has attracted P2P-botnet, created by a malicious program known as the Storm Worm (classified “Kaspersky Lab” – Email-Worm.Win32.Zhelatin).

The authors of “Storm” worm spread their offspring are very active: apparently, they have created an entire factory to create new versions of the malicious program.

Some experts believe that the “Storm” Worm is a malicious program for the construction of a zombie network of new generation. The fact that the bot was designed and distributed by professionals in their field, and the architecture and the protection of zombie networks are well thought out, according to the following characteristics of the “Storm” botnet: (more…)

BotnetClassification of botnets today is quite simple. It is based on the architecture of botnets and the protocols used to control the bots.

Classification of botnets: Architecture

So far known only two types of architecture botnets.

  • Botnets with a single point. In this architecture with botnets of zombie computers all connected to one control center, or C & C (Command & Control Centre). C & C expects to add new bots, registers them in its database, to monitor their condition and gives them the team, the owner of the botnet selected from the list of available commands for the bot. Respectively, in the C & C shows all connected zombie computers, and centralized management zombie network web host must have access to the command center. (more…)

MicrosoftNitol botnet distributed with the downloadable file that contains the DLL module.

Microsoft has conducted an analysis of the source code botnet Nitol, whose work was recently stopped in Operation “Operation b70”. Recall that during the operation, employees uncovered a scheme in which the attackers spread the virus even at the stage of production of computers, and some buyers in China with pre-purchased equipment botnet client.

Expert analysis indicated that a family of viruses Nitol, probably part of the general class of instruments DDoS. Many variants of this virus contains elements copied from other malicious programs used for the organization of distributed denial of service attacks.

Most of the detected in the study of modifications Nitol has two main components: an executable loader and component libraries. When running on a system boot installs DLL, in most cases, removing it from its own resources, and sets it as a service or driver. Some library modules run immediately after installation by calling the main function of the DLL from the executables, and some run only after a reboot. (more…)

Botnet or zombie network

Posted: October 17, 2012 in Glossary
Tags: , ,

BotnetBotnet or zombie network – a network of computers infected with malware that allows an attacker to remotely manage other people’s machines without the knowledge of their owners.

In recent years, botnets have become a stable source of income for cybercriminals. Consistently low costs and minimum knowledge needed to control the botnet, contribute to popularity, and with it the number of botnets. To DDoS-attacks or spam, carried by zombie networks, attackers and their customers earn thousands of dollars.

Botnets are created to make money. There are several areas of commercially viable applications of zombie networks: DDoS-attacks, collecting confidential information, spam, phishing, search engine spam, wrapping click-counters, etc. It should be noted that profit will be any direction, no matter what the attacker has chosen, and botnet can perform all of these activities simultaneously. (more…)