You can blow away any website in the world if you try hard. Throw enough traffic at a server on the internet—friendly or otherwise—and it’ll buckle. For most these attacks are a headache, but here’s one man who makes a sport (and money) out of swarming his enemies online. More »
This week the Botnet known as Bamital has been reported dead by the two warriors that claim to have killed it: Symantec and Microsoft. This report shows that the death of said botnet will take down its abilities in full: hijacking search results galore being the main evil this Bamital creature was working with. Each time a user in the line of fire searched for something using search engines from whens they’d be sent to a malicious 3rd party site, having malware installed from that point.
Microsoft has made it clear that their research pushes Bamital far beyond the average malicious attack on the public. What they’ve found suggests that a whopping 8 million computers had been affected by Bamital over the past two years alone, including many of the most major search engines. If you’d been using Microsoft’s Bing, Yahoo, Google, or a variety of other smaller engines over the past two years, Microsoft and Symantec are saying this week that you were at risk – but that you aren’t any longer.
That said, there are still users out there with the malware already on their computers. For those folks, Microsoft has provided their Virus and Security Solution Center for remote help. This is a continuation of what Microsoft calls their MARS initiative, aka Microsoft Active Response for Security.
The other big name you’ll want to know if you’re tracking such things is Operation b58. This code-name is the one associated with Symantec and Microsoft taking down Bamital, and is the sixth “botnet disruption operation” Microsoft has initiated in three years. That’s a whole ‘lotta botnet bunker busting! And it’s not just about sitting at home and keying in to the malware tossers from afar – Microsoft has provided photos of, for example, Microsoft DCU’s Richard Boscovich and Craig Schmidt working with a “third-party cyberforensics expert” securing a lovely collection of evidence of the Bamital botnet down in New Jersey at a web-hosting facility that will remain nameless (that’s the image you’re seeing above).
The image you see above with the yellow dot web sort of graphic is what Microsoft describes as Figure 28. This map was included in a legal declaration filed by Microsoft DCU’s Craig Schmidt (also pictured above) in Operation b58. It shows what happens when a computer infected with Bamital sees when they search in Bing for the word Chrome – ads, ads, and more ads. Fun stuff!
[via Microsoft]
Bamital Botnet destroyed: Microsoft, Symantec victorious is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
It sounds like the plot of a movie: two major software corporations join together to shut down an evil global cyber crime operation and engage in wacky hijinks along the way. While the latter can be neither confirmed nor denied, according to an exclusive report by Reuters, Microsoft and Symantec did shut down servers that had been controlling hundreds of thousands of PCs without their users being any the wiser. More »
The nation of Georgia discovered a botnet trying to steal sensitive government documents, and what did they do? They gave the cyber-spy a taste of his own medicine, infecting his computer with the very same software he was targeting governments with. His infected computer eventually captured a photo of the alleged cyberterrorist, as well as his IP address. Georgia’s Computer Emergency Response Team says the hacker is behind the “Georbot Botnet” which targeted major governments around the world, including Georgia, the US, and France. The botnet was pretty sophisticated, using 0-day vulnerabilities, embedding itself in links on major Georgian news sites, and turning on microphones and webcams to glean important government data from infected computers. According to CERT, they’ve hack is linked to “Russian Security,” but all we know about him is the photo they gave us.
If you’re interested, read the entire report from CERT here.
By Ubergizmo. Related articles: Google disputes claims of Android botnet , German Police monitor Gmail, Skype, and Facebook via snooping malware,
Most Android malware lives in the margins, away from Google Play and the more reliable app shops. It’s nonetheless a good idea to be on the lookout for rogue code, and McAfee has stepped in with thorough explanations of how one of the most common scamware strains, Android.FakeInstaller, works its sinister ways. The bait is typically a search-optimized fake app market or website; the apps themselves not only present a legitimate-looking front but include dynamic code to stymie any reverse engineering. Woe be to anyone who’s tricked long enough to finish the installation, as the malware often sends text messages to expensive premium phone numbers or links target devices to botnets. The safeguard? McAfee would like you to sign up for its antivirus suite, but you can also keep a good head on your shoulders — stick to trustworthy shops and look for dodgy behavior before anything reaches your device.
Filed under: Cellphones, Mobile, Google
McAfee shows how major Android scamware ticks, prevents us from learning first-hand originally appeared on Engadget on Sat, 06 Oct 2012 06:19:00 EDT. Please see our terms for use of feeds.
Permalink | 
McAfee | Email this | Comments
Microsoft has kicked off a new initiative to try to stop the spread of the Nitol Botnet, and it has the backing of a US District Court in East Virginia in doing so. Microsoft’s Digital Crime Unit was granted permission to go after those distributing the Botnet after it was discovered that cybercriminals were infiltrating the company’s supply chain. Apparently, these unfavorable folks were loading counterfeit software housing the malware onto PCs at some point in the supply chain, leading retailers to unknowingly sell the infected machines.
Microsoft says that a supply chain becomes unsecure when reseller accepts stock from an untrustworthy source. After launching an investigation into these unsecure supply chains, Microsoft determined that it was being hosted at 3322.org, which contained a “staggering 500 different strains of malware hosted on more than 70,000 sub-domains.” The company obtained an ex parte temporary restraining that allows it to take control of 3322.org, thus stopping the spread of Nitol from it and its sub-domains.
In a write-up on the Microsoft Blog, the company says that 20% of the PCs purchased from an unsecure supply chain during its investigation were infected with malware, which obviously isn’t good. Nitol is capable of spreading to other machines and devices through things like USB flash drives, making the problem even more severe. Once you’ve been infected, all kinds of nasty things can happen to your computer, from the malware distributors remotely activating your webcams and microphones to listen in on what you’re doing, to logging all of your keystrokes and netting your personal information without you ever knowing your security has been breached.
While this is a big step in the right direction in the fight against Nitol, Microsoft is urging distributors, retailers, and resellers to make sure that the machines they buy and then sell to consumers are coming from legitimate sources. Microsoft also says that lawmakers need to do their part to help with the issue. As with most efforts against Malware, Microsoft’s battle against the Nitol Botnet is ongoing, so expect to hear more about it soon. Stay tuned.
Microsoft makes major progress in fight against Nitol Botnet is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
There are dedicated botnets out there in the wide world that exist solely for the purpose of distributing spam. Grub, the third largest botnet in the world, was finally taken offline by security experts yesterday, resulting in a dramatic 18% reduction of global spam. Grum’s servers, which were based in Russia, Panama, and the Netherlands, controled around 100,000 PCs. The two botnets that take first and second place, Cutwail and Lethic, are still active.
It took three days for security teams to knock the Grum servers offline, and the team is confident that it won’t be able to start back up again anytime soon: “The botnet does not have any apparent fall back mechanisms that would allow it to spin back up easily in the days to come.” Two command and control servers in the Netherlands were targeted first, then a Panamanian ISP eventually shut down another after feedback from the community.
It wasn’t all that easy, however, as six new command and control servers were enabled in the Ukraine after the Panama server was shut down. Eventually the FireEye Malware Intelligence Lab enrolled heavy cooperation from Russian ISPs and domain registrars, bringing all the servers down once and for all on Wednesday. Some of the bots are still sending out spam, but researchers believe it will eventually wither and die as the template memory runs dry.
[via PCMag]
Global spam falls by 18% as Grum botnet is knocked offline is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Last week, a Microsoft researcher claimed to have discovered an Android botnet, but it looks like it might not exist after all. According to a statement from Google, their analysis suggests that spammers are using infected computers and a fake mobile signature to bypass anti-spam mechanisms in the email platform they’re using.
In response, the author of the original post about the Android botnet wrote a follow-up post saying that Google’s suggestions could be correct, but the idea of an Android-based botnet shouldn’t be discounted either. Regardless of which theory is accurate – users should be careful about what they download anyway – either on their PCs or Android phones. Read up more about Google’s dispute here.
By Ubergizmo. Related articles: Android malware disguised as Google+ app, Android malware DroidDream Light spotted over the weekend,
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
