tag
Botnet

Hexzone Hotzone

Some more information on the Hexzone botnet has come my way, mostly from FireEye’s Atif Mushtaq and Paul Ferguson’s hairdresser (don’t ask!). Atif also mentions the association with ransomware: the malware is installed as a Browser Helper Object (BHO) on the victim’s machine, and hijacks browsing sessions, taking the victim to a page hosting pornography.

Another Big Botnet

There is some chatter about a news item that has been released by Finjan in a blog post this morning.  The news has been picked up by Computer Weekly and USA Today. The un-named bot involved in this story is detected by ESET as Win32/Hexzone.AP.  It is a typical Trojan that reports to a command

Mac Musings

I haven’t commented on the recent flurry of interest in the Mac botnet issue, having already mentioned it a few weeks ago here. It’s not as though anyone has shown much interest in the technical aspects, such as the interesting use of the Authorization Services APIs to trick the victim into authorizing installation. Just one of

Oh My, a Mac Botnet!

Some of you may have recently read of researchers discovering a botnet that is using Mac computers. Are you surprised? Well, perhaps if you drink the Apple flavored Kool-Aid you are, but if you understand operating systems at all then this is really not at all surprising. Operating systems are designed to run programs. A

Win32/Conficker.AQ: What’s in a Name?

Larry Seltzer, one of the better commentators on malware issues, has picked up on the disparity between ESET’s naming of the latest variant and Symantec’s – they call it W32.Downadup.E. Richard Adhikari (who also seems to pretty clueful) also picked up on the naming issue when we exchanged emails a few days ago. This issue

Conficker: rising and shining…

So now for a little more tech detail on Win32/Conficker.AQ (kindly supplied by Juraj Malcho at our labs in Europe – however, if I get anything wrong, that will almost  certainly be down to my faulty interpretation!) The new variant has two main components. The server component is an .EXE that infects vulnerable PC’s in

Confounded by Conficker: not so Dozy

If you just got here looking for my blog on Conficker and "blended hoaxes", I’m afraid I just pulled it (temporarily at least) in the light of new data that’s come in since last night: I don’t want to mislead anyone, as it seems that the new Conficker stuff is a lot more active and

Russian DDoS Revisited

Talking of the C-worm ("Will no-one rid me of this troublesome malware?") I mentioned in a blog from a couple of days ago that Jose Nazario supplied some useful information on an issue I was checking into. The issue concerned reports from a Russian news site of Distributed Denial of Service attacks on Russian sites:

Not every Botnet is Conficker

If it was the intention of the Conficker gang to create a huge splash, they succeeded. (In fact, it’s quite possible that they’ve attracted more attention than they really wanted.) In any case, it seems that lots of people are looking nervously over their shoulders for any indication that something unpleasant and Conficker-related is about

Mad Macs – the iBot

When I write about Mac issues, I usually find myself abused by individuals convinced that there are no Mac viruses, never were any Mac viruses, and never could be any Mac viruses. Less advanced cases sometimes admit that there is Mac malware (and malware that isn’t Mac-specific, but can affect Mac users), but buy into

Conficker Removal (Update)

[Update: it seems that people who missed the whole MS-DOS/having fun with the C> prompt and batchfiles thing are still struggling with the fact that vendors are releasing cleaning tools that are really command-line tools, so some step-by-step notes are added below.] I’m sure you’re almost as bored with this issue as I am with the

Conficker: Before the Flood (April Showers)

I don’t, of course, know for sure what’s going to happen on April 1st, when Conficker is timed, potentially, to go to its next stage of evolution. We do know, from inspecting code in the variants and subvariants that have come our way, that infected machines will be looking for instructions and updates on that date. At the very least,

BBC television – have they got the picture yet?

The BBC published a self-justification of sorts over the Click fiasco on Friday 13th March: when I came upon it the following morning, I posted a comment there, pointing out Mark Perrow had addressed the issues this industry hadn’t complained about, and ignored the issues that we were concerned about. My comment is number 14,

Psyb0t: varying the angle of attack

DroneBL, a site that tracks IP addresses that considered vulnerable to abuse that some sites use for its DNSBL (blocking list), blogged yesterday on the fact that it’s been subjected to a Distributed Denial of Service attack (DDoS), apparently by systems infected with malware going by the name of psyb0t. According to the blog, this

Comodo Backs BBC against AV

The Tech Herald have brought it to our attention that Comodo, a security company who include an antivirus product in their range, have backed the BBC’s action in buying and exploiting a botnet for the Click programme’s story. This is clearly swimming against the tide – virtually all the mainstream anti-malware companies who’ve commented have

BBC Botnet: Another View or Two

And still the controversy rages: several people have pointed out that it’s unlikely that the PCs in the BBC’s botnet are all in the UK, suggesting that there could be additional legal issues relating to other jurisdictions. The H reiterated the point that Ofcom regulations state that payment shouldn’t be made to "convicted or confessed

BBC Botnet Revisited

[update] Commentary by Larry Seltzer for eWeek:   http://www.eweek.com/c/a/Security/The-British-Botnet-Corporation-324874/ I don’t promise that this is my last word on the subject, but, having now seen the full Click programme and the BBC’s response to some of the criticism they’ve received, I found I had a few more things to say on the topic. If you aren’t

More on the BBC’s Botnet

Update: several nice, thoughtful blogs on the subject from John Graham at http://john-graham.me.uk/. International law firm Pinsent Mason’s Struan Robertson seems to agree (at least in part) with commentatory in the security industry that the BBC have broken the UK’s Computer Misuse Act. Robertson, focused on the Click program’s unauthorised access to 22,000 bot-compromised PCs in order to

Zombies Down Under

The estimable Graham Cluley’ drew my attention in his blog to the fact that this is National Zombie Awareness Week in Australia. A zombie is security geekspeak for a PC that has been infected by a bot or agent, so that it’s added to a network of compromised machines (a botnet) under the control of

Fast Flux Report: Situation Normal, All Fluxed Up

ICANN’s Fast Flux Working Group recently announced an Initial Report. In fact, it also offered a 20 day window for submitting comments on the report, but I missed that, as I was travelling and didn’t read that particular email. Perhaps you did better, in which case you probably won’t be much interested in this blog.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

22 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.