Free Republic

Beijing, now Moscow.… Who else is hiding in broadband gateways?The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. This latest court-authorized takedown happened in January, and involved neutralizing "well over a thousand" home and small business routers that had been infected with the Moobot malware, which is a Mirai variant, according to FBI Director Christopher Wray, speaking at the Munich Cyber Security Conference on Thursday. Moobot can be used to remote-control compromised devices and launch...

A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit, used to conceal and otherwise enable a variety of crimes. These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations. In recent months, allegations of Unit 26165 activity of this type has been the subject of a private sector cybersecurity advisory

That should keep the criminals offline for, well, weeks probably Embedded links are in the original article. Microsoft has announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang has been using to spread the remote-control malware and orchestrate infected machines. The tech giant's Digital Crimes Unit obtained a court order from a US federal judge in Georgia to take down the domains, which are now directed to a Microsoft-controlled sinkhole so they can't be used by the malware's masterminds to communicate with their botnet of commandeered Windows computers. From what we can tell...

Emotet Botnet Disrupted in International Cyber Operation Emotet Malware Infected More than 1.6 Million Victim Computers and Caused Hundreds of Millions of Dollars in Damage Worldwide The Justice Department today announced its participation in a multinational operation involving actions in the United States, Canada, France, Germany, the Netherlands, and the United Kingdom to disrupt and take down the infrastructure of the malware and botnet known as Emotet. Additionally, officials in Lithuania, Sweden, and Ukraine assisted in this major cyber investigative action. “The Emotet malware and botnet infected hundreds of thousands of computers throughout the United States, including our critical infrastructure,...

While Sabu and Topiary are firmly on the inside, the likes of The Jester and LulzSec Exposed are most certainly notInside Sabu Apparent founder and leader of LulzSec, he is a long-time hacktivist associated with senior Anonymous members. Decides who can join the group and who should be targeted. Attempts by rivals to uncover details about his real-life identity suggest he is a 30-year-old IT consultant skilled in the Python programming language who has lived in New York. The timing of some his tweets – tweeting "goodnight all" at 0700 BST, or 0200 New York time – implies he is...

Department of Justice U.S. Attorney’s Office Eastern District of New York FOR IMMEDIATE RELEASE Wednesday, September 25, 2019 Two Kazakh Cybercriminals Plead Guilty in Global Digital Advertising Fraud Involving Tens Of Millions of Dollars in Losses Leader of Scheme Will Forfeit Online Domains and More Than Eight Million Dollars Seized From Swiss Bank Accounts Sergey Ovsyannikov and Yevgeniy Timchenko, citizens of the Republic of Kazakhstan, pleaded guilty yesterday and today, respectively, in federal court in Brooklyn to conspiring to commit wire fraud and related charges, for their involvement in a widespread digital advertising fraud. Ovsyannikov was arrested in October 2018...

Italian security researchers from VoidSec have come across a botnet structure that was using vulnerable Aethra Internet routers and modems to launch brute-force attacks on WordPress websites. This particular incident was uncovered after one of the VoidSec researchers was sifting through his WordPress log file and found a brute-force attack coming from the same IP range. After further investigation, all the IPs came from six Internet Service Providers (ISP): Fastweb, Albacom (BT-Italia), Clouditalia, Qcom, WIND, and BSI Assurance UK, four of which are from Italy. What all these networks had in common were Aethra routers. VoidSec researchers narrowed down most...

Five years ago, Utah government computer systems faced 25,000 to 30,000 attempted cyberattacks every day. At the time, Utah Public Safety Commissioner Keith Squires thought that was massive. "But this last year we have had spikes of over 300 million attacks against the state databases" each day: a 10,000-fold increase. Why? Squires says it is probably because Utah is home to the new, secretive National Security Agency computer center, and hackers believe they can somehow get to it through state computer systems. "I really do believe it was all the attention drawn to the NSA facility. In the cyberworld, that's...

(Reuters) - Cyber criminals have infected hundreds of thousands of computers with a virus called "Pony" to steal bitcoins and other digital currencies, in the most ambitious cyber attack on virtual money uncovered so far, according to security firm Trustwave. Trustwave said on Monday that it has found evidence that the operators of a cybercrime ring known as the Pony botnet have stolen some 85 virtual "wallets" that contained bitcoins and other types of digital currencies. The firm said it did not know how much digital currency was contained in the wallets.

A botnet which experts believe sent out 18% of the world's spam email has been shut down, a security firm said.Grum's control servers were mainly based in Panama, Russia and Ukraine. Security company FireEye and spam-tracking service SpamHaus worked with local internet service providers (ISPs) to shut down the illegal network. A botnet is a network of computers that has been hijacked by cybercriminals, usually by using malware. "Grum's takedown resulted from the efforts of many individuals," wrote Atif Mushtaq, a security researcher with FireEye. "This collaboration is sending a strong message to all the spammers: Stop sending us...

In an unusual move, federal authorities will be contacting computer users with systems infected by the Coreflood botnet Trojan and asking them to agree to allow them to send commands to the malware so it will delete itself. The move comes in the in the wake of a coordinated takedown earlier this month by the FBI and other authorities, in which the U.S. government essentially substituted its own command-and-control servers in place of those used by Coreflood and issued commands telling the program to shut down on infected PCs. The move reduced activity from the Coreflood botnet by about 90...

Microsoft's Digital Crimes Unit, working with federal law enforcement agents, has brought down the world's largest spam network, Rustock. Rustock, at its peak, was a botnet of around 2 million spam-sending zombies capable of sending out 30 billion spam email per day. Microsoft's wholesale slaughter of Rustock could reduce worldwide spam output by up to 39%. Rustock was taken down, piece by piece, in a similar way to the Mega-D botnet. First the master controllers, the machines that send out commands to enslaved zombies, were identified. Microsoft quickly seized some of these machines located in the U.S. for further analysis,...

Analysis More details have emerged about a cybercrime investigation that led to the takedown of a botnet containing 12m zombie PCs and the arrest of three alleged kingpins who built and ran it. As previously reported, the Mariposa botnet was principally geared towards stealing online login credentials for banks, email services and the like from compromised Windows PCs. The malware infected an estimated 12.7 million computers in more than 190 countries. The botnet was shut down on 23 December 2009 following months of collaboration between security firms Panda Security and Defence Intelligence in co-operation with the FBI and Spain's Guardia...

Another day, another botnet. This time, it has the rather pretty name of Mariposa - it means butterfly - and is believed to be one of the world's largest. More than 13 million PCs were infected by Mariposa, which apparently infected more than half the world's 1,000 largest companies and at least 40 major financial institutions. The botnet was , and three men have been arrested. According to Panda Security, the three men used the aliases Netkairo, Ostiator and Johnyloleante. "Designed for information theft, Mariposa has stolen personal data from millions of compromised computers," says Defence Intelligence. "Amongst this personal...

SNIPPET: "UPDATED - Wednesday, October 28, 2009: A "New Facebook Login System" spam campaign is in circulation, launched by the same botnet. Sampled updatetool.exe once again interacts with the Zeus command and control at 193.104.27.42."

According to security researchers, computer servers at the government institutions of Poland suffered a well-synchronized cyber attack, which was allegedly launched by Russian sources in September 2009. The details of this attack on the Polish government are not yet revealed, as reported by the daily Rzeczpospolita. The attack took place in the beginning of September, a particularly intense moment, near about Westerplatte visit of Russian Prime Minister Vladimir Putin. The purpose of his visit was to commemorate the outburst of the Second World War, as reported by NATIONAL on October 11, 2009. Meanwhile, security experts informed that generally botnets are...

(PhysOrg.com) -- Computer scientists at Sandia National Laboratories in Livermore, Calif., have for the first time successfully demonstrated the ability to run more than a million Linux kernels as virtual machines. The achievement will allow cyber security researchers to more effectively observe behavior found in malicious botnets, or networks of infected machines that can operate on the scale of a million nodes. Botnets, said Sandia’s Ron Minnich, are often difficult to analyze since they are geographically spread all over the world. Sandia scientists used virtual machine (VM) technology and the power of its Thunderbird supercomputing cluster for the demonstration....

A security researcher has discovered a cluster of infected Linux servers that have been corralled into a special ops botnet of sorts and used to distribute malware to unwitting people browsing the web. Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware. "What we see here is a long awaited...

The FTC pulled the plug on the Cutwail botnet by shutting down Internet Service Provider Pricewert LLC when the agency filed a complaint Thursday alleging that it actively and knowingly participated in the distribution of child pornography, spam and malware. Security experts say that the Cutwait botnet was one of the most notorious botnets, accounting for up to 35 percent of global spam levels in May, security experts said. The FTC issued a complaint accusing the San Jose-based Pricewert, also known as 3FN and APS Telecom, of actively recruiting and colluding with criminals that sought to distribute illegal and malicious...

Almost two million PCs globally, including machines inside UK and US government departments, have been taken over by malicious hackers. Security experts Finjan traced the giant network of remotely-controlled PCs, called a botnet, back to a gang of cyber criminals in Ukraine. Several PCs inside six UK government bodies were compromised by the botnet.