A statistical tool first used in 1966 and currently used in speech and gesture recognition may hold a key to sniffing out botnets – by predicting the likely “next move” of infected PCs and the healthy computers around them, researchers have claimed.
Scans of a huge botnet have revealed that it has harvested at least 16 million usernames and passwords for email sites and other online services, according to a report released German security agency, the Bundesamt für Sicherheit in der Informationstechnik (BSI).
Only weeks after Microsoft unveiled a global Cybercrime Center armed with new, hi-tech tools to combat crime, it announced it had carried out a global action leading to “significant disruption” of the Siferef botnet, a network controlling up to two million “zombie” PCs.
Microsoft has said that it has “liberated” two million PCs worldwide from Citadel botnets after an action on June 5 which targeted 1,400 networks.
Microsoft and the FBI have broken up a large portion of the Citadel botnet – a network which had stolen $500 million from bank accounts in 90 countries around the world by installing keylogger software on five million machines.
The mysterious Avatar rootkit, detected by ESET as Win32/Rootkit.Avatar, appears to reflect a heavy investment in code development, with an API and a SDK available, plus an interesting abuse of Yahoo Groups for C&C communications.
Technical analysis of Power Loader, a special bot builder for making downloaders for other malware families and yet another example of specialization and modularity in malware production.
We have just completed fresh analysis of the malicious software known as Win32/Festi. While the "Festi" botnet created with this malware has been in business since the autumn of 2009 we can see that the software is frequently updated, as described in our analysis, and these updates mean Festi continues to be a potent threat
The Flashback trojan has been all over the news lately, but it is not the only Mac malware threat out there at the moment. A few weeks ago, we published a technical analysis of OSX/Lamadai.A, the Mac OS X payload of a multi-platform attack exploiting the Java vulnerability CVE-2011-3544 to infect its victims. OSX/Lamadai.A has
The biggest Mac botnet ever encountered, the OSX/Flashback botnet, is being hit hard. On April 12th, Apple released a third Java update since the Flashback malicious code outbreak. This update includes a new tool called MRT (Malware Removal Tool) which allows Apple to quickly push malware removal code to their user base. The first mission
Earlier this month, researchers from AlienVault and Intego reported a new malware attack targeting Tibetan NGOs (Non-Governmental Organizations). The attack consisted of luring the victim into visiting a malicious website, which then would drop a malicious payload on the target’s computer using Java vulnerability CVE-2011-3544 and execute it. The webserver would serve a platform-specific JAR
Yesterday’s announcement by the US Department of Justice that the operators of file-sharing site Megaupload had been indicted for operating a criminal enterprise that generated over $175 million by trafficking in over half a billion dollars of pirated copyrighted material has sent shockwaves across the Internet. The accuracy of those figures may be questionable, but
Estos últimos días ha aparecido una nueva amenaza en la región. El analista de seguridad José Dos Santos Torrijos ha descubierto una nueva botnet orientada a atacar usuarios mexicanos, la cual está alojada en un sitio gubernamental de México. La amenaza permite a un atacante tomar control de la computadora del usuario, robar información, espiar
Los sistemas Linux y Mac, siempre se caracterizaron, entre otras cosas, por tener mayor seguridad en relación a los ataques de los creadores de malware. Esto se debe a que el mayor porcentaje de los usuarios a nivel mundial poseen las distintas versiones de los sistemas Windows, por lo que les es más conveniente generar
The TDSS botnet, now in its 4th generation, is seriously sophisticated malware, which is why we've spent so much time writing about it: the revision of the paper The Evolution of TDL: Conquering x64 that will be up on the white papers page shortly runs to 54 pages and includes some highly technical analysis, including the detail on
Android Smartphones are under attack again by rogue applications that once installed are reading information from the phone and sending it back to a pre-assigned location. According to mobile security firm as many as 120,000 users may have been infected from a cafeteria selection of at least two dozen applications from the Android Market. “Once
One of the (few) blessings of having been so long in this industry is that I remember a time when most malware was viral and Trojans were rare: so rare, in fact, that there was at one time a notorious "dirty dozen" set of Trojans. At around the same time, there were innumerable hoaxes describing malware with