Posts tagged as:

Botnet

Mariposa Botnet infection cleanup

by certifiedbug on March 6, 2010

in Microsoft

Microsoft Malware Protection Center. In focus: Mariposa botnet

The MMPC added Win32/Rimecud to MSRT’s removal capability in January 2010 and between January and February reported over 1 million distinct machines disinfected from this worm.

The Mariposa botnet criminals presumably use a number of different threats, but it appears to be primarily Win32/Rimecud. It is great to see our industry colleagues moving in the same direction to address these disruptive threats. Rimecud isn’t particularly new and the criminals apparently were trading their goodies at their counter. We first observed Win32/Rimecud in November 2008.

Since January 2010
Rimecud

Certifiedbug: March 3, 2010. Three arrested for running “Mariposa” botnet

{ 0 comments }

Spanish police have arrested three men allegedly responsible for the Mariposa botnet which controlled nearly 13 million infected computers.

The botnet was rendered inactive on December 23, 2009 following months of collaboration between security firms Panda Security and Defense Intelligence in co-operation with the FBI, Spain’s Guardia Civil and security experts around the world.

Personal computer users were not the only ones in the bot masters net.

It would be easier for me to provide a list of the Fortune 1000 companies that weren’t compromised,” said Christopher Davis, chief executive of security firm Defence Intelligence.

BBC: http://news.bbc.co.uk/2/hi/technology/8547453.stm

http://certifiedbug.com/blog/tag/botnet/

{ 0 comments }

Microsoft knocks out Waledac Botnet

February 25, 2010

Microsoft, a founding member of the Botnet Task Force, announced that a federal judge has granted a temporary restraining order cutting off 277 Internet domains believed to be run by criminals controlling a vast network of infected PCs.

This action has quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, [...]

Read the full article →

Lethic Botnet Taken Down-bots attempt connection to new host

January 13, 2010

Darkreading.com reports that researchers with communications security firm Neustar took over the Lethic botnet command-and-control servers.
Yet another botnet has been shut down as of today as researchers joined forces with ISPs to cut communications to the prolific Lethic spamming botnet — a development that illustrates how botnet hunters increasingly are going on the offensive [...]

Read the full article →

Koobface friendly Riccom AS29550 taken Off-Line

December 22, 2009

hpHosts
15 December 2009
I’m happy to announce, I woke up to a rather surprising e-mail today, from a Josh Kirkwood over at EuroConnex/BlueConnex. He informed me, because of this, they’ve booted Riccom, leaving them stranded.
http://hphosts.blogspot.com/2009/12/euroconnexblueconnex-boots-riccom-ltd.html
Dancho Danchev’s Blog
December 22, 2009
Clearly, in terms of cybercrime, especially one that’s monetizing an asset with high liquidity such as scareware, “better [...]

Read the full article →

Zbot spotted in the cloud

December 10, 2009

Researchers with HCL Technologies, a contractor performing security research for CA, spotted the password stealer Zeus (Zbot) using a hacked server on Amazon’s Elastic Compute Cloud (EC2) services to run a botnet command and control center.
The hacked website was contacted and the Zeus malware removed.
CA Security Advisor Research Blog:
http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx
Hat tip: Sunbelt Blog

Read the full article →

Germany to coordinate fight against botnets

December 8, 2009

Interesting article at The H Security
“In 2010 the German government is planning to pick up the fight against infected home computers. In the first half of next year it plans to set up an advisory centre which will help users purge their computers of viruses and bots.”
The concept is nothing new. 1&1 launched a [...]

Read the full article →

Looking back at McColo

November 13, 2009

Brian Krebs-Security Fix
A year later: A look back at McColo
A year ago today, the Internet community witnessed a remarkable event: The unplugging of McColo, a Web hosting facility in Northern California that for a long time controlled a majority of the spam-sending operations on the planet. McColo’s two main Internet providers abruptly yanked the [...]

Read the full article →

W32/Xpaj Botnet

October 7, 2009

W32/Xpaj Botnet Growing Rapidly
The Virus is building a widespread “zombie” network, by taking control thousands of Internet-connected computers. The new botnet is in its infancy, although thousands of machines have been infected during last two weeks. The botnet infects computers around the world and has spread across many countries. The attacks are mostly aimed at [...]

Read the full article →

Botnets use fallback domains

June 15, 2009

FireEye Malware Intelligence Lab
Atif Mushtaq “Killing the beast…Part I” kicks off the first in a series of articles about the Pushdo, Xarvester, Rustock, Koobface and Ozdok botnets.

Read the full article →