The botnet ecosystem

"Botnets are networks of computers infected by malicious programs called bots.Bots allow cybercriminals to take control of a compromised machine and use its resources for their own goals – distributing spam, launching DDoS attacks, scams etc. Since the advent of botnets, the number of cybercrimes has increased enormously. However, botnets are not just a tool for cybercriminals; they are at the core of cybercriminal activity – the center that links and unites the various parts of the cybercriminal world.
Read more

Security researchers continue hunt for Conficker authors

"There are several ongoing investigations attempting to find the authors of the Conficker botnet, one of the fastest spreading worms in history, but those responsible for the worm have proven elusive. Security expert Mikko Hyppönen, chief research officer at F-Secure Corp., said he is aware of several ongoing investigations, but was asked specifically not to leak details about them. He said investigators have to be especially careful not to leak information because security researchers have determined that the cybercriminals behind Conficker are staying informed.
Read more

Amazon EC2 Used as Botnet Command and Control

"Trend Micro released a report Dec. 9 highlighting what it expects to see as far as security threats in 2010. Among the more interesting predictions — attacks on cloud infrastructures will increase. Almost as if on cue, a report surfaced the same day that the Zeus Trojan was observed abusing the Amazon EC2 (Elastic Compute Cloud) for its command and control needs.
Read more

The Root of the Botnet Epidemic

"Over the course of a few days in February 2000, a lone hacker was able to bring some of the Web’s larger sites to their knees, using just a few dozen machines and some relatively primitive software to cripple Yahoo, eBay, E*trade, Amazon, ZDnet and others for hours at a time. No one knew it at the time, but these attacks would come to be seen in later years as some of the earlier outbreaks of what has become a massive online pandemic.
Read more

3 Basic Steps to Avoid Joining a Botnet

"Banging the drum for security awareness never gets old. As much as CSOs try to get folks to bone up on safe practices (both online and in the office), there are always going to be some who need reminding. Online, the biggest battle these days is against botnets: networks of infected computers which hackers can use — unbeknownst to the machine’s owner — for online crimes including sending out spam or launching a denial of service attack.
Read more

Recognizing phishing e-mails

"If you have received an e-mail from the Internal Revenue Service or the Federal Deposit Insurance Corporation, chances are it was a phishing attempt. If you received e-mail from your bank, PayPal, or Facebook urging you to immediately verify information or risk having your account suspended, it was undoubtedly phishing. Phishing attacks have spiked this year, according to recent reports. The Anti-Phishing Working Group reports that there were more than 55,600 phishing attacks in the first half of 2009 alone. Phishing is particularly dangerous because once criminals get a victim’s password for one Web site they can often use it to get into other accounts where people have re-used the password.
Read more

The Gumblar system

"Analysis of some infected websites showed that the only way to inject the infection of Gumblar was by using FTP access, because those websites have no server-side scripting. Later this was proved by an analysis of FTP log files. The malicious code injection in HTML pages (which is a simple insertion of <script> tag in every file having HTML) was done by downloading all files from the server that could have HTML, changing them and uploading back. We call the websites modified in this way “redirectors”, because they simply redirect browsers to the website spreading malware.
Read more

How a Botnet Gets Its Name

"Because the security industry lacks a uniform way to title botnets, the result is sometimes a long list of names for the same botnet that are used by different antivirus vendors and that can be confusing to customers. As it stands now, the infamous Conficker is also known as Downup, Downadup and Kido. The Srizbi botnet is also called Cbeplay and Exchanger. Kracken is also the botnet Bobax. Why they are called what they are called is up to the individual researchers who first identified them.
Read more

Find and Remove Zeus (Zbot) Banking Trojan

According to Trusteer a security company, “Zeus is the #1 botnet, with 3.6 million PCs infected in the US alone (i.e. approximately 1% of the PCs in the US)…Zeus is a financial malware. It infects consumer PCs, waits for them to log onto a list of targeted banks and financial institutions, and then steals their credentials and sends them to a remote server in real time.”
Read more

Microsoft sues scareware scammers

"Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers. The company is suing DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter, saying that these companies have used ads… Read more