Botnet

Twitter Botnet Update

[Update: Alex Matrosov has posted screenshots of the Twebot update at http://twitpic.com/1ousmx and http://twitpic.com/1ouse5.] Juraj Malcho, the Head of our Lab in Bratislava, reports that there have been further developments regarding the tool for creating Twitter-controlled bots described by Jorge Mieres and Sebastián Bortnik, Security Analysts at ESET Latin America, in an earlier blog at http://www.eset.com/blog/2010/05/14/botnet-for-twits-applications-for-dummies.

Botnet for Twits, Applications for Dummies

Our colleagues in ESET Latin America have just blogged about an interesting botnet creation tool: the original blog is at http://blogs.eset-la.com/laboratorio/2010/05/14/botnet-a-traves-twitter/, by Jorge Mieres and Sebastián Bortnik, Security Analysts. (Mistakes in interpretation are, as usual, down to me!) In the last years we have seen many security incidents driven by botnets and exploiting the technologies

Top 10 signs your computer may be part of a Botnet

There are few signs that indicate your computer is part of a botnet that might not be indicating something else. Any malware can cause almost all of the same symptoms that a bot can. Sometimes conflicts between programs or corrupted files can cause the same symptoms as well, but still, there are some signs that

Another Look at Koobface: How It Infects Facebook Users

Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it: NOTE: The audio is not

No Ifs or Bots: if only…

I came across a nice article today by Dennis Fisher on “The Root of the Botnet Epidemic”. It's the start of what looks like an interesting series on "the roots, growth and effects of the botnet epidemic" and the first aricle takes a historical overview of the situation around the turn of the century, looking

IBot revisited (briefly)

I don't want to flog (or blog) this iPhone bot thing to death: after all, the number of potential victims should be shrinking all the time. However, having updated my previous blog (http://www.eset.com/threat-center/blog/2009/11/22/ibot-mark-2-go-straight-to-jail-do-not-pass-go)  on the topic a couple of times, I thought I'd actually go to a new blog rather than insert update 3. So here are the update bits

iBot Mark 2: Go Straight To Jail Do Not Pass Go

[Update, courtesy of Mikko: this worm targets at least one Dutch bank, and activates when users go to the online bank with an infected iPhone ] [Update 2, courtesy of Paul Ducklin: how to change the password of an infected phone. I could just tell you what the password is, but you might want to read

Botnets, Complacency and the UK Government

Gadi Evron drew my attention in an article for Dark Reading to a piece in IT Pro by Asavin Wattanajantra. The piece quotes Dr. Steve Marsh, of the UK's Cabinet Office (the Office of Cyber Security, to be precise) as saying that botnet operators are interested in money-generating attacks on the private sector, not causing

You’ve Got Bot!!!

  Comcast has announced that they are trialing a new service that alerts users when their computers are infected. You can read about it here: http://news.cnet.com/8301-27080_3-10370996-245.html. Essentially what happens is that when Comcast notices traffic that looks like bot related traffic they will pop up a message on the subscriber’s computer that indicates there is

September’s Global Threat Report

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET's ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number

Can’t Surf the Web?

Australia’s Internet Industry Association (IIA) is working on best practices for isolating computers with bots on them (http://iia.net.au/index.php/initiatives/isps-guide.html) At the same time, the Internet Engineering Task Force (IETF) is also drafting a document about the same thing (http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03) If these recommendations are adopted then people who have bots on their computers would have to get

Is Apple’s Snow Leopard Immune to Malware?

There is an interesting and humorous work of fiction at http://www.appleinsider.com/articles/09/09/07/inside_mac_os_x_snow_leopard_malware_protection.html. Humorous as long as you don’t believe it! The article starts out saying “Safari, like other modern browsers, already flags certain websites that are known to be used to distribute malicious software”. That’s a nice layer of defense, but there are sites many sites

A Motivation for the Twitter Attack?

Some people are speculating that the motivation for the Twitter attack was to try to silence one person. There are really good signs that the attack against an individual was what took down Twitter, but still we really don’t know. I speculated that it might be a show of force to try to sell botnet

Cyber war or Cyber hype?

Cyber war or Cyber hype? On July 4th several US government web sites were hit with a distributed denial of service (DDOS) attack. In human speak that means you couldn’t get to those web sites because too many other computers were making them unavailable. Many of the attack failed, but some sites, like www.ftc.gov effectively

Hexzone – FUD for Thought?

In a comment to a previous post, Finjan have confirmed that Win32/Hexzone.AP is just one of the malicious programs downloaded to machines infected by the unnamed bot  behind the 1.9 million PC botnet they reported: it isn’t the bot itself.  While I think we’d pretty much established that (especially after some very useful input from Atif

A little more Hexzone

Firstly, here’s a little extra information from our lab in Slovakia. They report that the variants they have analyzed use a custom packer that makes multiple calls to the graphical user interface API (Application Programming Interface, presumably in order to fool emulators and analysts into thinking they are dealing with a standard application. The Hexzone family

Hexzone Hotzone

Some more information on the Hexzone botnet has come my way, mostly from FireEye’s Atif Mushtaq and Paul Ferguson’s hairdresser (don’t ask!). Atif also mentions the association with ransomware: the malware is installed as a Browser Helper Object (BHO) on the victim’s machine, and hijacks browsing sessions, taking the victim to a page hosting pornography.

Another Big Botnet

There is some chatter about a news item that has been released by Finjan in a blog post this morning.  The news has been picked up by Computer Weekly and USA Today. The un-named bot involved in this story is detected by ESET as Win32/Hexzone.AP.  It is a typical Trojan that reports to a command

Mac Musings

I haven’t commented on the recent flurry of interest in the Mac botnet issue, having already mentioned it a few weeks ago here. It’s not as though anyone has shown much interest in the technical aspects, such as the interesting use of the Authorization Services APIs to trick the victim into authorizing installation. Just one of

Oh My, a Mac Botnet!

Some of you may have recently read of researchers discovering a botnet that is using Mac computers. Are you surprised? Well, perhaps if you drink the Apple flavored Kool-Aid you are, but if you understand operating systems at all then this is really not at all surprising. Operating systems are designed to run programs. A

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic

2FA

18 May 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.