Items tagged with botnet

The sheer number of malware campaigns operating online targeting users, in an attempt to steal information or extort money, is staggering. One of the recently revived botnets targeting users is called Emotet, which typically loads various types of malware and spreads via Wi-Fi networks. A vigilante hacker, however, has now stepped in to replace the nefarious payloads sent by these botnets with glorious animated GIFs. The identity of the vigilante hacker or hackers is unknown, but their actions are essentially preventing victims from being compromised by malware. The sabotage of the Emotet botnet is reportedly severely impacting a large portion of Emotet's operation. Currently, about 25% of all... Read more...
Check Point Research has discovered a significant increase in attacks using the Phorpiex Botnet in June 2020. The research firm found that the botnet has had a resurgence delivering the Avaddon Ransomware, which is a Ransomware-as-a-Service (RaaS) variant that first surfaced in early June. Delivery during the month via the botnet caused the malware to rise 13 places to become the second most widely spread malware for the month. The malware doubled its impact on organizations globally in June compared to May. Phorpiex is known for spreading large-scale malspam campaigns, though it does distribute other malware families as well. The latest campaign using the botnet attempts to get email recipients... Read more...
D-Link is finally coming to terms with a Federal Trade Commission (FTC) lawsuit that was brought against it for serious lapses in security in its networking products. The FTC alleged in its lawsuit that D-Link had left its customers vulnerable to hacks by improperly securing its hardware, not following best practices with regards to login security, and the a rather unforgivable sin of storing passwords in plaintext. The lawsuit was originally filed in 2017, but D-Link and the FTC agreed to a settlement this week. “We sued D-Link over the security of its routers and IP cameras, and these security flaws risked exposing users’ most sensitive personal information to prying eyes,”... Read more...
In recent years, we've seen a number of garden variety consumer electronics devices -- including routers and webcams among others -- that have been sucked into zombie botnets to wreak havoc around the globe. Many of those devices were accessible due to extremely weak passwords that were enacted by default by their manufacturers. California, however, is looking to change this and has passed a law that would require all internet-connected device sold in the state to have a unique "strong" password. This unique password would be obtained in one of two ways as outlined by the "Information Privacy: Connected Devices" bill. Manufacturers can choose to give each individual device... Read more...
Just when we thought things had cooled down a bit in the botnet space, we're getting word of a new outbreak that it affecting PC users in the United States. Virobot has multi-pronged attack vector, and can not only place a victim's computer into a zombie botnet, but it also has a ransomware component. According to Trend Micro, it first discovered evidence of Virobot on September 17th, and found that it is similar in some respects to Locky. Once Virobot has found a willing host, it will then scan the registry to see if it has the go-ahead to begin encrypting files. If the coast is clear, it will begin a file encryption process using a cryptographic random number generator. Once the encryption... Read more...
Hauwei is far and away best known for its smartphones and, to some extent, it's line of laptops like the Matebook X Pro. However, it also manufacturers routers and gateways, and one of its older models, the HG532, contains a vulnerability that a malware author exploited to create a fairly large botnet. What's particularly frightening about this is that it only took the malware author a single day to wreak havoc. The new botnet currently spans over 18,000 routers, and is presumably growing. It was initially spotted by security researchers from NewSky Security and later confirmed by several other outfits. Just in : IoT hacker identifying himself as "Anarchy" has claimed to hack about 18000+ Huawei... Read more...
Malware is a huge problem for computer users today as the threat posed by malicious software continues to increase. A new botnet was recently detected in a live environment for an unnamed client of Deep Instinct, a security firm. The security firm says that the botnet, dubbed Mylobot, uses three different layers of evasion techniques. The evasion techniques that the botnet uses contact command and control servers that download the final payload, Deep Instinct says that the combination and complexity of the evasion techniques that the botnet deploys have never been seen in the wild before. Mylobot also uses several malicious techniques including anti-VM, anti-sandbox, anti-debugging, wrapping... Read more...
It's not often that the US Justice Department or FBI pleads with the public to do something, so when this happens, it's worth paying attention. This past week, the agency managed to thwart a botnet called VPNFilter by deactivating a domain that would have sent further instructions to routers belonging to ordinary folk like you and me. A problem still remains, though, and it's the one the these agencies want help with. Even though the malicious domain was killed off, thousands of home routers remain infected with the malware that made them susceptible to that kind of attack to begin with. Because the bug is severe enough, router vendors have been issuing firmware updates to remedy the... Read more...
The United States Federal Bureau of Investigation and Department of Justice dealt a blow to a sophisticated Russian botnet that security researchers referred to as VPNFilter. They did it  by seizing a key domain used to perpetuate the attacks. In doing so, the agencies effectively disrupted a malicious effort that was able to infect hundreds of thousands of routers and network storage devices. Security researchers estimate that at least 500,000 network devices scattered across 54 countries were unwittingly part of the botnet. According to Talos Intelligence, VPNFilter affected devices build by several notable brands, including Linksys, MikroTik, Netgear, and TP-Link in the small and home... Read more...
With Monero being relatively easy to mine compared to other cryptocurrencies, legitimate users and a bunch of nefarious users are working hard to mine the valuable digital currency. The value of Monero means that some of those nefarious users are rolling out massive botnets to shackle PCs into working for them.  Proofpoint says that it has been monitoring the Monero miner Smominru, which is using the EternalBlue Exploit. The company says that the way Smominru uses Windows Management Infrastructure is unusual among cryptocurrency mining malware. Proofpoint wrote, "The speed at which mining operations conduct mathematical operations to unlock new units of cryptocurrency is referred to... Read more...
The largest spam botnet in the world has a new trick up its sleeve, prompting security outfit Check Point to place it back in its list of the top ten most prevalent malwares. Called Necurs, the botnet dished up more than 12 million emails in a single morning during the Thanksgiving holiday. What makes it even more annoying, however, is that hackers have added the relatively new Scarab ransomware to the botnet's list of dirty tricks. "The re-emergence of the Necurs botnet highlights how malware that may seem to be fading away, doesn’t always disappear or become any less of a threat. Despite Necurs being well known to the security community, hackers are still enjoying lots of success distributing... Read more...
A security firm is warning of a new botnet targeting IoT (Internet of Things) devices that is on the move. Dubbed IoT_reaper, the new botnet borrows some of the source code from Mirai, which took down the popular security blog KrebsOnSecurity with a massive DDoS attack, ultimately forcing Brian Krebs, the security expert in charge of the blog, to find a new hosting company and seek shelter behind Google Shield for DDoS protection. Unfortunately, it is believed that this new strain called Reaper could be even more virulent than Mirai. Whereas Mirai was able to spread by cracking weak passwords on IoT devices that oftentimes were never changed from their defaults, Reaper looks for multiple vulnerabilities... Read more...
Symantec has issued a warning that it found at least eight different apps on Google Play that were infected with a malware called Android.Sockbot. The apps all posed as add-ons for Minecraft: Pocket Edition and claimed to change the way characters look in the game with new skins. The infection from these apps was widespread with an install base between 600,000 and 2.6 million devices. The malware was mainly focused on infecting users in the U.S., but there were infections in Russia, Ukraine, Brazil, and Germany as well. Symantec says that it set up network analysis of the malware and found that it was aimed at generating illegal ad revenue. However, the apps had no functionality to display ads... Read more...
Official app stores are supposed to be safe havens for mobile users to download and install programs and games without fear of mucking up their smartphones and tablets. Unfortunately that is not always the case. Researchers at veteran security outfit Check Point, makers of the popular ZoneAlarm personal firewall, recent detected a new strain of malware on Google Play that seems intent on enlisting the help of unsuspecting users to participate in a botnet. Dubbed "FalseGuide," the researchers discovered the malware hidden inside more than 40 guide apps for games, the oldest of which was uploaded as early as November 2016. That means it was able to hide for at least five months. Check Point estimates... Read more...
A full-blown Skynet situation might be the thing of science fiction (we hope, anyway), but that doesn't mean bizarre things involving machines can't happen. As proof of this, Verizon teased an entry in its upcoming 2017 Data Breach Digest that describes a recent DDoS attack on an unnamed university involving vending machines, light bulbs, and 5,000 Internet of Things (IoT) devices. As with many DDoS attacks involving IoT devices, this one is the result of system administrators being a little too lax with security on these seemingly benign devices. The university in question dismissed complaints from students across campus about slow or inaccessible network connectivity. When things took a turn... Read more...
  Just yesterday, we posted a story concerning printer security and how we should take it more seriously given IoT botnets that are swooping across the globe (namely Mirai), along with the sensitive data and documents these machines are custodians of. Today’s printers have relatively potent processors, complex operating systems and of course connect to the internet, to enable remote printing and firmware updates (among other things). Unsurprisingly, though the timing is impeccable, a hacker by the name of Stackoverflowin’ just made the case for increased security with it comes to printers. Stackoverflowin’ revealed to Bleeping Computer that he has gone on a tirade for the past 24 hours via... Read more...
Now might be a good time for Netgear to start doubling down on security for its networking products. The folks over at Trustwave found that 31 Netgear router models are susceptible to a security vulnerability that exposes the devices’ web GUI password to nefarious parties. More specifically, an attacker is able to take advantage of a router’s password recovery system in order to obtain login credentials, granting full access to the device. Needless to say, this is huge security oversight that could have wide-ranging implications for affected routers. “After few trials and errors trying to reproduce the issue, I found that the very first call to passwordrecovered.cgi will give out the credentials... Read more...
Like a massive army of Storm Troopers willing to follow devious commands, a pair of researchers from the University College London warn that a "large number of Twitter users are bots" that are ready to "contaminate the Twitter API stream." There are more than 350,000 in all, comprising what the researchers have named the Star Wars botnet. It has been dormant and "well hidden" since it was created in 2013. Juan Echeverria, a research student at UC London, and his supervisor and senior lecturer Shi Zhou outlined the threat in a research paper that is awaiting approval in a scientific journal. The have not present their findings to Twitter yet for that reason. Their main concern is not that the... Read more...
The Mirai botnet started making waves publicly during the fall of 2016 with a high-profile DDoS attack on the security site KrebsOnSecurity. The DDoS attack, which was at the time the largest on record, pummeled the site with 620 gigabits per second of traffic. Since that time, Mirai has “zombified” hundreds of thousands of IoT devices, sucking them into the botnet at an alarming rate to attack other high-profile targets. Considering that Brian Krebs, who runs KrebsOnSecurity, was directly affected by Mirai (and lost his cloud service provider, Akamai, as a result), it’s almost poetic that he is the one that has seemingly uncovered the originator of the malware. A person using the alias Anna... Read more...
Large scale distributed denial of service (DDoS) attacks powered by thousands and sometimes millions of Internet of Things (IoT) devices that have been turned into a massive botnet is something that content delivery networks (CDNs) and service providers must be prepared for in 2017. Lest anyone thinks otherwise, yet another "huge DDoS" assault was reported before the end of this year, this time from Incapsula, which fended off the largest attack to date on its network. With ten days to go before 2016 is in the rear view mirror (along with all of the celebrities it took), Incapsula found itself mitigating a DDoS attack that peaked at 650 gigabits per second, which is about 30Gbps more than the... Read more...
Over the past few months, we’ve witnessed the Mirai botnet wreak havoc with IoT devices like consumer webcams, DVRs and security cameras. These often budget-minded devices were often equipped with insecure software or employed security countermeasures that were easily overpowered. However, we’re learning today that it isn’t just cheap consumer devices that are susceptible to attacks — even high-end equipment can be compromised if a hacker has enough motivation to dig for exploits. Such is the case with Sony’s professional grade IPELA Engine IP cameras. According to SEC Consult, a backdoor was found on these cameras that would allow a would-be attacker to inject code and further penetrate a network.... Read more...
900,000 Deutsche Telekom customers in Germany were hit with an internet outage beginning on Sunday, and IT analysts have concluded that the company was the victim of a hacker attack. The 900,000 affected customers make up roughly 4.5 percent of Deutsche Telekom’s 20 million fixed-line customers.It is believed that the hackers used malicious software known as Mirai. Mirai turns network devices into remotely-controlled “bots” that can be used to launch attacks and target other victims. Remote interfaces allow network technicians to fix customers' routers from far away, but are also susceptible to outside attacks such as Mirai. The attack targeted the remote routers in homes and offices that not... Read more...
1 2 Next