Botnet

Koobface command and control servers silent

by certifiedbug on January 19, 2012

in Internet Security

H Security

The Koobface network is apparently down, according to Facebook. Ryan McGeehan, Facebook security official, told Reuters that the company’s decision to expose the five men alleged to be behind the malware had had an effect within 24 hours: “The thing that we are most excited about is that the botnet is down.” Yesterday, Facebook decided to publish the names of alleged gang members based on details of research carried out in 2009-2010 by two German researchers. One of the researchers works for Security company Sophos, which pre-empted Facebook’s announcement by publishing the report.

http://www.h-online.com/security/news/item/Koobface-C-C-goes-silent-after-alleged-controllers-exposed-1416869.html

{ 0 comments }

Koobface malware gang exposed

by certifiedbug on January 17, 2012

in Internet Security

H Security

The five men behind the Koobface worm, which spreads over Facebook and other social networks, hide in plain sight, living comfortably in St Petersberg, Russia, according to Facebook investigators and other security researchers.

http://www.h-online.com/security/news/item/Koobface-gang-to-be-exposed-by-Facebook-1414813.html

IDG News Service -
http://www.computerworld.com/s/article/9223484/Facebook_researchers_turn_up_heat_on_Koobface_gang

{ 0 comments }

Microsoft: Rustock Civil Case Closed

by certifiedbug on September 22, 2011

in Microsoft

The Official Microsoft® Blog

Rustock Civil Case Closed: Microsoft Refers Criminal Evidence to FBI
22 Sep 2011

As you may have read in this morning’s edition of CNET, on Sept. 13th, Judge James L. Robart, of the U.S. District Court for the Western District of Washington ruled that the domain names and Internet protocol addresses used to host the botnet would be effectively removed from the defendants’ control. This case not only enabled the take down of a botnet known to be one of the single largest sources of spam on the Internet, but it is now helping to ensure that this botnet will never be used for cybercrime again. However, we’re not stopping here.

We are also turning over all of the evidence we collected during discovery and our investigation to the FBI, to help ensure those responsible for operating the Rustock botnet are held accountable for their actions. It is important to note that Microsoft ‘s $250,000 reward offer for information that leads to the arrest and conviction of Rustock’s operators remains in effect, but now any tips should be sent directly to the FBI at MS_Referrals@ic.fbi.gov.

Article:
http://blogs.technet.com/b/microsoft_blog/archive/2011/09/22/rustock-civil-case-closed-microsoft-refers-criminal-evidence-to-fbi.aspx

Certifiedbug, July 18, 2011. Microsoft Offers $250,000 Reward for Information on Rustock

{ 0 comments }

TDSS botnet sophisticated threat

by certifiedbug on September 7, 2011

in Internet Security

Krebs on Security

The TDSS botnet is the most sophisticated threat today, according to experts at Russian security firm Kaspersky Lab. First launched in 2008, TDSS is now in its fourth major version (also known as TDL-4). The malware uses a “rootkit” to install itself deep within infected PCs, ensuring that it loads before the Microsoft Windows operating system starts. TDSS also removes approximately 20 malicious programs from host PCs, preventing systems from communicating with other bot families.

Rent-a-Bot Networks Tied to TDSS Botnet

Krebs takes a closer look at a Russian individual who appears to have close ties to the TDSS operation.
Who’s Behind the TDSS Botnet?

TDL4 – Top Bot
http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot#5

Most often, TDL is planted on adult content sites, bootleg websites, and video and file storage services.

{ 0 comments }

Scareware Industry lull

August 3, 2011

Another great article from Brian Krebs. Fake Antivirus Industry Down, But Not Out Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law [...]

Read the full article →

Microsoft Offers $250,000 Reward for Information on Rustock

July 18, 2011

The Official Microsoft Blog Posted by Richard Boscovich Senior Attorney, Microsoft Digital Crimes Unit 18 Jul 2011 Last month, I shared with you that the Rustock botnet has remained inactive since Microsoft and its partners took it offline on March 16th. Today, we take our pursuit a step further. After publishing notices in two Russian [...]

Read the full article →

Microsoft-New Threat Data on Rustock

July 6, 2011

Since successfully taking down the Rustock botnet on March 16th, Microsoft has continued to analyze the threat, investigate leads on the operations and owners of the botnet and work with Community Emergency Response Teams (CERTs) and Internet Service Providers (ISPs) worldwide to help the legitimate owners of Rustock-infected computers to clean their computers of malware. [...]

Read the full article →

McAfee-How I became a Zombie

June 23, 2011

Botnets Demystified and Simplified Let’s face it: Most people–even folks in the security industry–have a hard time explaining botnets (robot networks of infected computers) in a way that your Uncle Joe or Aunt Betty can understand. Is it really a big deal? Yes, it is. With the rapid growth in malware and bot infections we’re [...]

Read the full article →

Second MSRT Release in April

April 26, 2011

Microsoft Malware Protection Center In continuation of our support for the takedown activities on the Win32/Afcore botnet, we are releasing a second edition of MSRT in April. This edition includes variants of Afcore released by the criminals behind it at approximately the same time as the previous edition of MSRT. While MSRT has traditionally been [...]

Read the full article →

Joint effort brings down Rustock Botnet

March 17, 2011

Microsoft On The Issues 17 Mar 2011 This operation, known as Operation b107, is the second high-profile takedown in Microsoft’s joint effort between DCU, Microsoft Malware Protection Center and Trustworthy Computing – known as Project MARS (Microsoft Active Response for Security) – to disrupt botnets and begin to undo the damage the botnets have caused [...]

Read the full article →

← Previous Entries