VB Migration

Tag: botnet

  • New paper: LokiBot: dissecting the C&C panel deployments

    First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. LokiBot C&C panel with CAPTCHA. In a new paper (published today in both HTML and PDF format) researcher Aditya Sood analyses the URL structure of…

  • VB2018 paper: Tracking Mirai variants

    The leaking or publishing of malware source code often leads to multiple spin-off families based on the code. Never has this been more clear than in the case of the Mirai Internet of Things (IoT) botnet. Mirai made its name when it was used in some damaging DDoS attacks in the second half of 2016;…

  • VB2018 paper: Tracking Mirai variants

    The leaking or publishing of malware source code often leads to multiple spin-off families based on the code. Never has this been more clear than in the case of the Mirai Internet of Things (IoT) botnet. Mirai made its name when it was used in some damaging DDoS attacks in the second half of 2016;…

  • VB2018 paper: Hide’n’Seek: an adaptive peer-to-peer IoT botnet

    Until recently IoT botnets mostly consisted of Mirai and its many descendants. However, during 2018 we have seen an increase in the variety of botnets living on the Internet of Things. One prime example is Hide’N’Seek, discovered by Bitdefender in January, which is notable for its use of peer-to-peer for command-and-control communication. Though the botnet’s…

  • VB2018 paper: Hide’n’Seek: an adaptive peer-to-peer IoT botnet

    Until recently IoT botnets mostly consisted of Mirai and its many descendants. However, during 2018 we have seen an increase in the variety of botnets living on the Internet of Things. One prime example is Hide’N’Seek, discovered by Bitdefender in January, which is notable for its use of peer-to-peer for command-and-control communication. Though the botnet’s…

  • New paper: Botception: botnet distributes script with bot capabilities

    The Necurs botnet has been active for some time. In 2014, Virus Bulletin published a 3-part article by Peter Ferrie ( 1 , 2 , 3 ) who had studied the botnet in great detail. And although, as is typical for botnets, Necurs’ activities can be somewhat volatile, it has been used for some notorious…

  • New paper: Botception: botnet distributes script with bot capabilities

    The Necurs botnet has been active for some time. In 2014, Virus Bulletin published a 3-part article by Peter Ferrie ( 1 , 2 , 3 ) who had studied the botnet in great detail. And although, as is typical for botnets, Necurs’ activities can be somewhat volatile, it has been used for some notorious…

  • VB2018 preview: IoT botnets

    For a long time IoT-botnets were just one of those things security professionals warned about. Then, with the appearance of Mirai in 2016, they became a reality. Mirai’s success in performing DDoS attacks, combined with the leak of the botnet’s source code, has led to a great many descendants, some of which stay closer to…

  • VB2018 preview: IoT botnets

    For a long time IoT-botnets were just one of those things security professionals warned about. Then, with the appearance of Mirai in 2016, they became a reality. Mirai’s success in performing DDoS attacks, combined with the leak of the botnet’s source code, has led to a great many descendants, some of which stay closer to…

  • Necurs update reminds us that the botnet cannot be ignored

    If, at some point in the past few years, you have looked at a spam campaign in which a lot of emails were being sent from Vietnam or India, there’s a good chance the spam was sent by the Necurs botnet. Necurs has been active for at least six years – Virus Bulletin published a…