Tag: botnet
-
Paper: Prosecting the Citadel botnet – revealing the dominance of the Zeus descendent: part one
Aditya K. Sood and Rohit Bansal dissect botnet primarily used for financial fraud. It is unlikely that anyone still thinks that cybercrime is performed by 16-year-old kids who write short pieces of code that wreak havoc all over the world, but if you do still hold that belief, it won’t hurt to take a look…
-
Game over for GameOver Zeus botnet?
Coordinated effort against gang that’s also behind CryptoLocker ransomware. A large, coordinated effort involving law enforcement, security vendors and various security researchers, has caused serious disruption to both the GameOver Zeus botnet and the CryptoLocker ransomware. GameOver Zeus is a particularly sophisticated variant of the Zeus trojan. Rather than a centralised command and control infrastructure,…
-
Updated botnet likely cause of surge in Tor traffic
New Tor version should help the network deal with increased traffic. Sometimes a picture says more than a thousand words: The graph shows the daily number of users of the Tor anonymity network over the past three years. As both the network and concerns over anonymity have grown, the usage has shown a slow but…
-
Kelihos checks machines’ IP addresses against DNS blacklists
Role of node in a botnet dependent on whether the IP address is blacklisted. Whenever I look at the results of the VBSpam tests, it always amazes me how large a percentage of spam is blocked because the sending IP address appears on a DNS blacklist. It is not that I wouldn’t expect those that…
-
Latest VBSpam tests show web host spam harder to block
Most filters see a small increase in their catch rates overall. The results of VB ‘s latest spam filter test show that the spam sent from web hosts is significantly harder to block than spam sent via other means. Following various reports on the amount of spam sent from compromised web hosts, we compared delivery…
-
Ruby on Rails vulnerability exploited in the wild
Code executed on web servers to cause them to join IRC botnet. A critical vulnerability in Ruby on Rails is currently being exploited to make web servers join an IRC botnet, Ars Technica reports . The vulnerability was discovered and subsequently patched at the beginning of this year, but many website owners haven’t applied the…
-
German anti-botnet advisory recommends the use of ad blockers for security
‘If websites want to include ads, they must make sure they are secure.’ In an open letter to several prominent German websites, Botfrei , the German anti-botnet advisory centre, has defended its advice to users to run advertisement-blocking tools. In the letter (published in German here ), Botfrei ‘s Thorsten Kraft says he understands the…
-
Grum botnet’s command-and-control servers shut down
Spam-sending botnet believed to be third largest in the world. International co-operation between a number of parties has led to all command-and-control servers of the ‘Grum’ botnet being taken down. The takedown gives a good insight into how these operations work, and how co-operation is essential: During the weekend, two command-and-control servers, based in the…
-
New Zeus/SpyEye botnet does away with command-and-control servers
Increasing use of UDP to avoid communication tracking. Researchers at Symantec have discovered a new parallel build of Zeus (also known as Zbot) and SpyEye that appears to be entirely controlled through peer-to-peer communication. Most botnets are controlled through a number of command-and-control servers, that are used to control the behaviour of the thousands of…
-
Compromised websites used to mine bitcoins
In-the-browser botnet turns victims’ CPU cycles into cash for the attackers. Researchers have discovered a compromised website where a piece of JavaScript has been included that is used to mine bitcoins for the attacker. Bitcoins are a digital currency whose popularity and value have increased significantly in recent years. Bitcoins can be used to make…