Free Republic

In an unusual move, federal authorities will be contacting computer users with systems infected by the Coreflood botnet Trojan and asking them to agree to allow them to send commands to the malware so it will delete itself. The move comes in the in the wake of a coordinated takedown earlier this month by the FBI and other authorities, in which the U.S. government essentially substituted its own command-and-control servers in place of those used by Coreflood and issued commands telling the program to shut down on infected PCs. The move reduced activity from the Coreflood botnet by about 90...

Microsoft's Digital Crimes Unit, working with federal law enforcement agents, has brought down the world's largest spam network, Rustock. Rustock, at its peak, was a botnet of around 2 million spam-sending zombies capable of sending out 30 billion spam email per day. Microsoft's wholesale slaughter of Rustock could reduce worldwide spam output by up to 39%. Rustock was taken down, piece by piece, in a similar way to the Mega-D botnet. First the master controllers, the machines that send out commands to enslaved zombies, were identified. Microsoft quickly seized some of these machines located in the U.S. for further analysis,...

Analysis More details have emerged about a cybercrime investigation that led to the takedown of a botnet containing 12m zombie PCs and the arrest of three alleged kingpins who built and ran it. As previously reported, the Mariposa botnet was principally geared towards stealing online login credentials for banks, email services and the like from compromised Windows PCs. The malware infected an estimated 12.7 million computers in more than 190 countries. The botnet was shut down on 23 December 2009 following months of collaboration between security firms Panda Security and Defence Intelligence in co-operation with the FBI and Spain's Guardia...

Another day, another botnet. This time, it has the rather pretty name of Mariposa - it means butterfly - and is believed to be one of the world's largest. More than 13 million PCs were infected by Mariposa, which apparently infected more than half the world's 1,000 largest companies and at least 40 major financial institutions. The botnet was , and three men have been arrested. According to Panda Security, the three men used the aliases Netkairo, Ostiator and Johnyloleante. "Designed for information theft, Mariposa has stolen personal data from millions of compromised computers," says Defence Intelligence. "Amongst this personal...

SNIPPET: "UPDATED - Wednesday, October 28, 2009: A "New Facebook Login System" spam campaign is in circulation, launched by the same botnet. Sampled updatetool.exe once again interacts with the Zeus command and control at 193.104.27.42."

According to security researchers, computer servers at the government institutions of Poland suffered a well-synchronized cyber attack, which was allegedly launched by Russian sources in September 2009. The details of this attack on the Polish government are not yet revealed, as reported by the daily Rzeczpospolita. The attack took place in the beginning of September, a particularly intense moment, near about Westerplatte visit of Russian Prime Minister Vladimir Putin. The purpose of his visit was to commemorate the outburst of the Second World War, as reported by NATIONAL on October 11, 2009. Meanwhile, security experts informed that generally botnets are...

(PhysOrg.com) -- Computer scientists at Sandia National Laboratories in Livermore, Calif., have for the first time successfully demonstrated the ability to run more than a million Linux kernels as virtual machines. The achievement will allow cyber security researchers to more effectively observe behavior found in malicious botnets, or networks of infected machines that can operate on the scale of a million nodes. Botnets, said Sandia’s Ron Minnich, are often difficult to analyze since they are geographically spread all over the world. Sandia scientists used virtual machine (VM) technology and the power of its Thunderbird supercomputing cluster for the demonstration....

A security researcher has discovered a cluster of infected Linux servers that have been corralled into a special ops botnet of sorts and used to distribute malware to unwitting people browsing the web. Each of the infected machines examined so far is a dedicated or virtual dedicated server running a legitimate website, Denis Sinegubko, an independent researcher based in Magnitogorsk, Russia, told The Register. But in addition to running an Apache webserver to dish up benign content, they've also been hacked to run a second webserver known as nginx, which serves malware. "What we see here is a long awaited...

The FTC pulled the plug on the Cutwail botnet by shutting down Internet Service Provider Pricewert LLC when the agency filed a complaint Thursday alleging that it actively and knowingly participated in the distribution of child pornography, spam and malware. Security experts say that the Cutwait botnet was one of the most notorious botnets, accounting for up to 35 percent of global spam levels in May, security experts said. The FTC issued a complaint accusing the San Jose-based Pricewert, also known as 3FN and APS Telecom, of actively recruiting and colluding with criminals that sought to distribute illegal and malicious...

Almost two million PCs globally, including machines inside UK and US government departments, have been taken over by malicious hackers. Security experts Finjan traced the giant network of remotely-controlled PCs, called a botnet, back to a gang of cyber criminals in Ukraine. Several PCs inside six UK government bodies were compromised by the botnet.

Traditionally, botnets have spread through PCs running Windows, and not Macs, in part because of the low market share worldwide of computers like the iMac, shown here behind Apple CEO Steve Jobs in a 2006 photo. (Paul Sakuma/Associated Press) A piece of malicious software unwittingly shared over a peer-to-peer network in January was the key tool in what security researchers are saying was the first known attempt to create a botnet of Mac computers. Researchers at Symantec say the Trojan, called OSX.Iservice, hid itself in pirated versions of the Apple application iWork '09 and the Mac version of Adobe Photoshop...

JUVENILE COMPUTER HACKER SENTENCED FOR COMPUTER INTRUSION, INTERSTATE THREATS, AND WIRE FRAUD STEMMING FROM HACKING, BOTNET, AND “SWATTING” ACTIVITIES BOSTON, MA—A male juvenile, who has been widely known in the hacker underground by his online moniker, “DSHOCKER,” was sentenced today in federal court to 11 months in prison, to be served in a juvenile detention facility, for computer intrusion, interstate threats, and wire fraud, stemming from hacking, botnet, and “swatting” activities. In accordance with federal law, the juvenile was not publicly named. United States Attorney Michael J. Sullivan and Warren T. Bamford, Special Agent in Charge of the Federal Bureau...

DroneBL DNS Blacklist service: We have come across a botnet worm spreading around called "psyb0t". It is notable because, according to my knowledge, it: is the first botnet worm to target routers and DSL modems contains shellcode for many mipsel devices is not targeting PCs or servers uses multiple strategies for exploitation, including bruteforce username and password combinations harvests usernames and passwords through deep packet inspection can scan for exploitable phpMyAdmin and MySQL servers

I've used Semantec, Grisoft's AVG, and Panda AV apps. None of those have been satisfactory. They all tend to use too much system resources, or cause other problems. Currently, I'm using Panda AV, but it is causing start up problems and it seems to have a mind of its own WRT running scans. On the firewall front, I've used Zone Alarm Pro, but it slows my WinXP computer down. I've forgotten the names of the succession of other firewall apps I've used. Currently, the Panda AV app I'm using also provides a firewall. I'm not defenseless even without a firewall...

Security watchers are bracing themselves to respond to the activitation of the huge botnet created by the Conficker superworm. The malware has created a network of infected PCs under its control estimated at 9m or even more, according to the latest estimates — dwarfing the zombie army created by the infamous Storm worm, which reached a comparatively paltry 1m at its peak in September 2007. Variants of Conficker (aka Downadup), which began circulating in late November, exploit the MS08-067 vulnerability in the Microsoft Windows server service addressed by Redmond with an out-of-sequence patch last October. The malware also infects removable...

When malware spammers get out of control, what’s the best thing to do?Call in the US Army, perhaps?A free malware-detector called BotHunter, sponsored by the US Army Research Office, “works so well that it has even found infected Mac computers, much to the embarrassment of the Mac owners who, of course, swear that their computers cannot be infected with bots,” SC Magazine quotes Marcus Sachs, director at SANS Internet Storm Center, as saying.And there have been 35,000 downloads so far, the story has Phillip Porras, program director of enterprise and infrastructure security at SRI International, a research and technology organization,...

(This has become increasingly irritating. Why do I need three or four things running to do ONE job!) Unfortunately, eweek doesn't want anyone a FR to read them! The link to the above titled article is here.The resulting Slashdot discussion is here.

The battle against the botnet hordes By Chris Vallance Reporter, BBC iPM Few owners of hijacked PCs know their machine has been attacked On 11th February a US teenager who used the online nickname of "Sobe" pleaded guilty to delinquency charges resulting from his surreptitious installation of adware on hundreds of thousands of computers. The computers "Sobe" used had been hi-jacked and co-opted into a network of computers called a "botnet". Botnets are networks of computers which have been subverted by malicious code so they fall under the control of cyber criminals. Typically owners of machines forming a botnet...

October 24, 2007: The most powerful Internet weapon on the planet is apparently dying the death of a thousand cuts. The weapon in question is the Storm botnet. This was the largest botnet ever seen, and it appeared to be acting like something out of a science fiction story. Last Summer, the Storm network was believed capable to shutting down any military or commercial site on the planet. Or, Storm could cripple hundreds of related sites temporarily. Worse, Storm could have done some major damage in ways that have not yet been experienced. There's never been anything quite like Storm,...

The Storm worm botnet has grown so massive and far-reaching that it easily overpowers the world's top supercomputers. That's the latest word from security researchers who are tracking the burgeoning network of Microsoft Windows machines that have been compromised by the virulent Storm worm, which has pounded the Internet non-stop for the past three months. Despite the wide ranging estimates as to the size of the botnet, researchers tend to agree that it's one of the largest zombie grids they've ever seen -- one capable of doing great damage. "In terms of power, the botnet utterly blows the supercomputers away,"...

Thursday likely marked the largest proliferation of e-mail virus attacks in more than a year, according to security company Postini. Postini said that two variations of the Storm Worm virus, which originally spread across the Internet in January, have quickly driven global virus levels 60 times higher than their daily average. E-mail users should be on alert for messages with "love"-related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with "Worm Alert!" subject lines that contained a .zip file full of malicious code. Postini, which is based in San Carlos, Calif., says...

Excerpts - NEW YORK (CNNMoney.com) -- A disgruntled hacker with a personal grudge against Symantec, which provides anti-virus software to leading Fortune 500 companies, could be behind a new, crippling computer virus that's already hit a division of at least one big U.S. corporation on Thursday. If it spreads, technology experts warn the latest strains of the insidious RINBOT computer virus could hijack network systems of businesses worldwide. ~ snip ~ Cluley said this strain appears to be hitting MS SQL servers. It looks for networks that run the Microsoft Windows operating system, including Windows 2000, Windows 95, Windows 98,...

A new report has revealed that spam mail constituted almost 94 per cent of all emails during December, a record figure. The study by security firm Postini indicated that spam levels have more than doubled since December 2005, posing a serious threat to businesses. It said that most spam is being created by botnets and web users can expect figures to continue to increase throughout 2007 as more computers become connected to the internet. 'This continued rise in spam levels is threatening the viability of email for businesses that are not properly protected and is sapping the productivity of hundreds...

CHICAGO, March 17 (UPI) -- A botnet -- or robotic network -- sends an instant message to your smart phone. You think it is from a friend and open the IM. But it's not a chatty note at all, as the automated message fraudulently scans the system, looking for your credit-card numbers, bank-account statements and secret passwords. Experts tell United Press International's Wireless World that computer criminals are now using these "botnets" to attack consumers and businesses via text messaging, adding to the threats and problems created by the new, emerging mobile technology.

SAN FRANCISCO – A California man was indicted Friday on federal charges of creating a robot-like network of hijacked computers that helped him and two others bring in $100,000 for installing unwanted ad software. The indictment from a federal grand jury in Seattle also accuses Christopher Maxwell, 20, and two unidentified conspirators of crippling Seattle's Northwest Hospital with a ”botnet” attack in January 2005. Authorities say the hospital attack caused $150,000 in damages, shut down the intensive care unit and disabled doctors' pagers. “Some people consider botnets a mere annoyance or inconvenience for consumers but they are highly destructive,” U.S....