Items tagged with botnet

D-Link is finally coming to terms with a Federal Trade Commission (FTC) lawsuit that was brought against it for serious lapses in security in its networking products. The FTC alleged in its lawsuit that D-Link had left its customers vulnerable to hacks by improperly securing its hardware, not following best practices with regards to login security, and the a rather unforgivable sin of storing passwords in plaintext. The lawsuit was originally filed in 2017, but D-Link and the FTC agreed to a settlement this week. “We sued D-Link over the security of its routers and IP cameras, and these security flaws risked exposing users’ most sensitive personal information to prying eyes,”... Read more...
In recent years, we've seen a number of garden variety consumer electronics devices -- including routers and webcams among others -- that have been sucked into zombie botnets to wreak havoc around the globe. Many of those devices were accessible due to extremely weak passwords that were enacted by default by their manufacturers. California, however, is looking to change this and has passed a law that would require all internet-connected device sold in the state to have a unique "strong" password. This unique password would be obtained in one of two ways as outlined by the "Information Privacy: Connected Devices" bill. Manufacturers can choose to give each individual device... Read more...
Just when we thought things had cooled down a bit in the botnet space, we're getting word of a new outbreak that it affecting PC users in the United States. Virobot has multi-pronged attack vector, and can not only place a victim's computer into a zombie botnet, but it also has a ransomware component. According to Trend Micro, it first discovered evidence of Virobot on September 17th, and found that it is similar in some respects to Locky. Once Virobot has found a willing host, it will then scan the registry to see if it has the go-ahead to begin encrypting files. If the coast is clear, it will begin a file encryption process using a cryptographic random number generator. Once the encryption... Read more...
Hauwei is far and away best known for its smartphones and, to some extent, it's line of laptops like the Matebook X Pro. However, it also manufacturers routers and gateways, and one of its older models, the HG532, contains a vulnerability that a malware author exploited to create a fairly large botnet. What's particularly frightening about this is that it only took the malware author a single day to wreak havoc. The new botnet currently spans over 18,000 routers, and is presumably growing. It was initially spotted by security researchers from NewSky Security and later confirmed by several other outfits. Just in : IoT hacker identifying himself as "Anarchy" has claimed to hack about 18000+ Huawei... Read more...
Malware is a huge problem for computer users today as the threat posed by malicious software continues to increase. A new botnet was recently detected in a live environment for an unnamed client of Deep Instinct, a security firm. The security firm says that the botnet, dubbed Mylobot, uses three different layers of evasion techniques. The evasion techniques that the botnet uses contact command and control servers that download the final payload, Deep Instinct says that the combination and complexity of the evasion techniques that the botnet deploys have never been seen in the wild before. Mylobot also uses several malicious techniques including anti-VM, anti-sandbox, anti-debugging, wrapping... Read more...
It's not often that the US Justice Department or FBI pleads with the public to do something, so when this happens, it's worth paying attention. This past week, the agency managed to thwart a botnet called VPNFilter by deactivating a domain that would have sent further instructions to routers belonging to ordinary folk like you and me. A problem still remains, though, and it's the one the these agencies want help with. Even though the malicious domain was killed off, thousands of home routers remain infected with the malware that made them susceptible to that kind of attack to begin with. Because the bug is severe enough, router vendors have been issuing firmware updates to remedy the... Read more...
The United States Federal Bureau of Investigation and Department of Justice dealt a blow to a sophisticated Russian botnet that security researchers referred to as VPNFilter. They did it  by seizing a key domain used to perpetuate the attacks. In doing so, the agencies effectively disrupted a malicious effort that was able to infect hundreds of thousands of routers and network storage devices. Security researchers estimate that at least 500,000 network devices scattered across 54 countries were unwittingly part of the botnet. According to Talos Intelligence, VPNFilter affected devices build by several notable brands, including Linksys, MikroTik, Netgear, and TP-Link in the small and home... Read more...
With Monero being relatively easy to mine compared to other cryptocurrencies, legitimate users and a bunch of nefarious users are working hard to mine the valuable digital currency. The value of Monero means that some of those nefarious users are rolling out massive botnets to shackle PCs into working for them.  Proofpoint says that it has been monitoring the Monero miner Smominru, which is using the EternalBlue Exploit. The company says that the way Smominru uses Windows Management Infrastructure is unusual among cryptocurrency mining malware. Proofpoint wrote, "The speed at which mining operations conduct mathematical operations to unlock new units of cryptocurrency is referred to... Read more...
The largest spam botnet in the world has a new trick up its sleeve, prompting security outfit Check Point to place it back in its list of the top ten most prevalent malwares. Called Necurs, the botnet dished up more than 12 million emails in a single morning during the Thanksgiving holiday. What makes it even more annoying, however, is that hackers have added the relatively new Scarab ransomware to the botnet's list of dirty tricks. "The re-emergence of the Necurs botnet highlights how malware that may seem to be fading away, doesn’t always disappear or become any less of a threat. Despite Necurs being well known to the security community, hackers are still enjoying lots of success distributing... Read more...
A security firm is warning of a new botnet targeting IoT (Internet of Things) devices that is on the move. Dubbed IoT_reaper, the new botnet borrows some of the source code from Mirai, which took down the popular security blog KrebsOnSecurity with a massive DDoS attack, ultimately forcing Brian Krebs, the security expert in charge of the blog, to find a new hosting company and seek shelter behind Google Shield for DDoS protection. Unfortunately, it is believed that this new strain called Reaper could be even more virulent than Mirai. Whereas Mirai was able to spread by cracking weak passwords on IoT devices that oftentimes were never changed from their defaults, Reaper looks for multiple vulnerabilities... Read more...
Symantec has issued a warning that it found at least eight different apps on Google Play that were infected with a malware called Android.Sockbot. The apps all posed as add-ons for Minecraft: Pocket Edition and claimed to change the way characters look in the game with new skins. The infection from these apps was widespread with an install base between 600,000 and 2.6 million devices. The malware was mainly focused on infecting users in the U.S., but there were infections in Russia, Ukraine, Brazil, and Germany as well. Symantec says that it set up network analysis of the malware and found that it was aimed at generating illegal ad revenue. However, the apps had no functionality to display ads... Read more...
Official app stores are supposed to be safe havens for mobile users to download and install programs and games without fear of mucking up their smartphones and tablets. Unfortunately that is not always the case. Researchers at veteran security outfit Check Point, makers of the popular ZoneAlarm personal firewall, recent detected a new strain of malware on Google Play that seems intent on enlisting the help of unsuspecting users to participate in a botnet. Dubbed "FalseGuide," the researchers discovered the malware hidden inside more than 40 guide apps for games, the oldest of which was uploaded as early as November 2016. That means it was able to hide for at least five months. Check Point estimates... Read more...
A full-blown Skynet situation might be the thing of science fiction (we hope, anyway), but that doesn't mean bizarre things involving machines can't happen. As proof of this, Verizon teased an entry in its upcoming 2017 Data Breach Digest that describes a recent DDoS attack on an unnamed university involving vending machines, light bulbs, and 5,000 Internet of Things (IoT) devices. As with many DDoS attacks involving IoT devices, this one is the result of system administrators being a little too lax with security on these seemingly benign devices. The university in question dismissed complaints from students across campus about slow or inaccessible network connectivity. When things took a turn... Read more...
  Just yesterday, we posted a story concerning printer security and how we should take it more seriously given IoT botnets that are swooping across the globe (namely Mirai), along with the sensitive data and documents these machines are custodians of. Today’s printers have relatively potent processors, complex operating systems and of course connect to the internet, to enable remote printing and firmware updates (among other things). Unsurprisingly, though the timing is impeccable, a hacker by the name of Stackoverflowin’ just made the case for increased security with it comes to printers. Stackoverflowin’ revealed to Bleeping Computer that he has gone on a tirade for the past 24 hours via... Read more...
1 2 3 Next