Botnet | WeLiveSecurity

Botnet

September’s Global Threat Report

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET’s ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number

Can’t Surf the Web?

Australia’s Internet Industry Association (IIA) is working on best practices for isolating computers with bots on them (http://iia.net.au/index.php/initiatives/isps-guide.html) At the same time, the Internet Engineering Task Force (IETF) is also drafting a document about the same thing (http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03) If these recommendations are adopted then people who have bots on their computers would have to get

Is Apple’s Snow Leopard Immune to Malware?

There is an interesting and humorous work of fiction at http://www.appleinsider.com/articles/09/09/07/inside_mac_os_x_snow_leopard_malware_protection.html. Humorous as long as you don’t believe it! The article starts out saying “Safari, like other modern browsers, already flags certain websites that are known to be used to distribute malicious software”. That’s a nice layer of defense, but there are sites many sites

A Motivation for the Twitter Attack?

Some people are speculating that the motivation for the Twitter attack was to try to silence one person. There are really good signs that the attack against an individual was what took down Twitter, but still we really don’t know. I speculated that it might be a show of force to try to sell botnet

Cyber war or Cyber hype?

Cyber war or Cyber hype? On July 4th several US government web sites were hit with a distributed denial of service (DDOS) attack. In human speak that means you couldn’t get to those web sites because too many other computers were making them unavailable. Many of the attack failed, but some sites, like www.ftc.gov effectively

Hexzone – FUD for Thought?

In a comment to a previous post, Finjan have confirmed that Win32/Hexzone.AP is just one of the malicious programs downloaded to machines infected by the unnamed bot  behind the 1.9 million PC botnet they reported: it isn’t the bot itself.  While I think we’d pretty much established that (especially after some very useful input from Atif

A little more Hexzone

Firstly, here’s a little extra information from our lab in Slovakia. They report that the variants they have analyzed use a custom packer that makes multiple calls to the graphical user interface API (Application Programming Interface, presumably in order to fool emulators and analysts into thinking they are dealing with a standard application. The Hexzone family

Hexzone Hotzone

Some more information on the Hexzone botnet has come my way, mostly from FireEye’s Atif Mushtaq and Paul Ferguson’s hairdresser (don’t ask!). Atif also mentions the association with ransomware: the malware is installed as a Browser Helper Object (BHO) on the victim’s machine, and hijacks browsing sessions, taking the victim to a page hosting pornography.

Another Big Botnet

There is some chatter about a news item that has been released by Finjan in a blog post this morning.  The news has been picked up by Computer Weekly and USA Today. The un-named bot involved in this story is detected by ESET as Win32/Hexzone.AP.  It is a typical Trojan that reports to a command

Mac Musings

I haven’t commented on the recent flurry of interest in the Mac botnet issue, having already mentioned it a few weeks ago here. It’s not as though anyone has shown much interest in the technical aspects, such as the interesting use of the Authorization Services APIs to trick the victim into authorizing installation. Just one of

Oh My, a Mac Botnet!

Some of you may have recently read of researchers discovering a botnet that is using Mac computers. Are you surprised? Well, perhaps if you drink the Apple flavored Kool-Aid you are, but if you understand operating systems at all then this is really not at all surprising. Operating systems are designed to run programs. A

Conficker: rising and shining…

So now for a little more tech detail on Win32/Conficker.AQ (kindly supplied by Juraj Malcho at our labs in Europe – however, if I get anything wrong, that will almost  certainly be down to my faulty interpretation!) The new variant has two main components. The server component is an .EXE that infects vulnerable PC’s in

Confounded by Conficker: not so Dozy

If you just got here looking for my blog on Conficker and “blended hoaxes”, I’m afraid I just pulled it (temporarily at least) in the light of new data that’s come in since last night: I don’t want to mislead anyone, as it seems that the new Conficker stuff is a lot more active and

Russian DDoS Revisited

Talking of the C-worm (“Will no-one rid me of this troublesome malware?”) I mentioned in a blog from a couple of days ago that Jose Nazario supplied some useful information on an issue I was checking into. The issue concerned reports from a Russian news site of Distributed Denial of Service attacks on Russian sites:

Not every Botnet is Conficker

If it was the intention of the Conficker gang to create a huge splash, they succeeded. (In fact, it’s quite possible that they’ve attracted more attention than they really wanted.) In any case, it seems that lots of people are looking nervously over their shoulders for any indication that something unpleasant and Conficker-related is about

Mad Macs – the iBot

When I write about Mac issues, I usually find myself abused by individuals convinced that there are no Mac viruses, never were any Mac viruses, and never could be any Mac viruses. Less advanced cases sometimes admit that there is Mac malware (and malware that isn’t Mac-specific, but can affect Mac users), but buy into

Conficker Launches Cyber Attack Against Big Ben

In an apparent effort to cause British commuters to miss their trains, Chinese hackers have ordered the Conficker.C botnet to randomly change the time on the venerable and vulnerable Big Ben. This has caused millions of Londoners to be late for work this morning. Hey, this is no more ridiculous than trying to protect against

BBC television – have they got the picture yet?

The BBC published a self-justification of sorts over the Click fiasco on Friday 13th March: when I came upon it the following morning, I posted a comment there, pointing out Mark Perrow had addressed the issues this industry hadn’t complained about, and ignored the issues that we were concerned about. My comment is number 14,

Psyb0t: varying the angle of attack

DroneBL, a site that tracks IP addresses that considered vulnerable to abuse that some sites use for its DNSBL (blocking list), blogged yesterday on the fact that it’s been subjected to a Distributed Denial of Service attack (DDoS), apparently by systems infected with malware going by the name of psyb0t. According to the blog, this

Comodo Backs BBC against AV

The Tech Herald have brought it to our attention that Comodo, a security company who include an antivirus product in their range, have backed the BBC’s action in buying and exploiting a botnet for the Click programme’s story. This is clearly swimming against the tide – virtually all the mainstream anti-malware companies who’ve commented have