botnets

Zeus botnet steals $47M from European bank customers

A new version of the Zeus botnet was used to steal about $47 million from European banking customers in the past year, security researchers report.

Dubbed "Eurograbber" by security vendors Versafe and Check Point Software Technologies in a report (PDF) released today, the malware is designed to defeat the two-factor authentication process banks use for transactions by intercepting bank messages sent to victims' phones.

A variant of the Zeus malware used to steal more than $100 million, Eurograbber typically launched its attack when a victim clicked on a malicious link most likely included in a phishing attempt. After … Read more

India is world leader in spam output

India has surpassed the U.S. and taken the lead as the greatest spam-sending country in the world. One out of every six junk messages that litter users' e-mail inboxes are coming from India, according to a new report from SophosLabs.

The security vendor's third-quarter "Dirty Dozen" report of spam-relaying countries found that India upped its percentage of global spam for the third quarter in a row and now accounts for more than 16 percent of all junk e-mails.

What is important to note, however, is that this spam doesn't necessarily come directly from India's … Read more

Symantec: Russian criminals sell Web 'proxy' with backdoors

A black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service, Symantec said today.

The security company said in a blog post that it has linked the malware to a cluster of Russian Web sites -- including one called Proxybox.name -- that claim to provide proxy access, VPN services, and antivirus scanning. Proxybox.name requires users to download what it calls "functional, simple, and convenient" proxy software.

Vikram Thakur, principal manager at Symantec Security Response, told CNET this afternoon that:

What … Read more

Microsoft settles botnet case against Chinese site

Microsoft reached a settlement in its legal case against a Web site that has been linked to malicious activity, with the Chinese company agreeing to block malware tied to its domain.

The software giant, which originally filed the suit about two weeks ago, said today that the operator of 3322.org, Peng Yong, has agreed to work with Microsoft and the Chinese Computer Emergency Response Team to block all malicious connections to the 3322.org domain and prevent malware infections associated with the site.

The 3322.org owner will direct all subdomains identified in a "block-list" to a … Read more

Microsoft finds malware hidden in new computers in China

Microsoft has found malware on new computers its employees purchased in various cities in China as part of an investigation into the security of the supply chain. That finding led researchers to a botnet called Nitol and a court order giving the company permission to take technical measures to disrupt the botnet.

The effort, dubbed Operation b70, began in August 2011 when it decided to see if there was any merit to claims that counterfeit software and malware were being installed on computers by suppliers before they hit the retail shelves in China. So, the company had employees go into … Read more

Hacker who infected 72K computers gets prison sentence

After pleading guilty last year to creating a botnet that wreaked havoc on about 72,000 computers, Joshua Schichtel was sentenced to prison today. The Department of Justice announced that Schichtel received a 30-month prison sentence for "selling command-and-control access to and use of thousands of malware-infected computers."

Schichtel was a unique hacker. Rather than infecting computers for his own benefit, he instead sold botnets to customers who must have not had the tech know-how to create their own malware.

"Individuals who wanted to infect computers with various different types of malicious software (malware) would contact Schichtel … Read more

Apple's iOS and Android are new favorite malware victims

The online world is under siege. Computers, laptops, and mobile devices are increasingly being attacked by worms, viruses, botnets, Trojans, spam, and more.

According to a new report by McAfee (PDF), Malware is multiplying at a faster pace now than any other time in the last four years. There has been a 1.5 million increase in malware over last quarter, along with growth of newer threats, including "ransomware" attacks, thumb drive corrupters, and botnets.

While Windows PCs remain the hardest hit, there's a growing trend of attacks on Apple's Mac devices and Android smartphones.

"… Read more

Watching the crooks: Researcher monitors cyber-espionage ring

LAS VEGAS -- Researchers have uncovered a huge amount of malware and registered domains being used by criminals linked to China who are conducting cyber-espionage on a wide range of government, industry, and human rights activists.

The growing menace from these "Advanced Persistent Threats" is detailed in a report unveiled today called "Chasing APT." In an interview at the Black Hat security conference here, Joe Stewart, director of malware research at Dell Secureworks Counter Threat Unit, said that over the last 18 months he's been monitoring attacks designed to steal data from organizations around the … Read more

Experts take down Grum spam botnet, world's third largest

Computer-security experts took down the world's third-largest botnet, which they say was responsible for 18 percent of the world's spam.

Command-and-control servers in Panama and the Netherlands pumping out up to 18 billion spam messages a day for the Grum botnet were taken down Tuesday, but the botnet's architects set up new servers in Russia later in the day, according to a New York Times report. California-based security firm FireEye and U.K.-based spam-tracking service SpamHaus traced the spam back to servers in Russia and worked with local ISPs to shut down the servers, which ran … Read more

Android botnet claim in dispute

Researchers at Microsoft and Sophos say they believe malware-infected Android phones are sending spam via Yahoo Mail accounts as part of a botnet, but Google and mobile firm Lookout say there could be other explanations.

Terry Zink, a program manager for Microsoft Forefront Online Security, said in a blog post two days ago that he had found some spam samples that had this Message-ID:

"<1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com>."

That was followed by speculation from Chester Wisniewski at Sophos, who wrote in a blog post today: "It is likely that Android users … Read more