Items tagged with botnet

Now might be a good time for Netgear to start doubling down on security for its networking products. The folks over at Trustwave found that 31 Netgear router models are susceptible to a security vulnerability that exposes the devices’ web GUI password to nefarious parties. More specifically, an attacker is able to take advantage of a router’s password recovery system in order to obtain login credentials, granting full access to the device. Needless to say, this is huge security oversight that could have wide-ranging implications for affected routers. “After few trials and errors trying to reproduce the issue, I found that the very first call to passwordrecovered.cgi will give out the credentials... Read more...
Like a massive army of Storm Troopers willing to follow devious commands, a pair of researchers from the University College London warn that a "large number of Twitter users are bots" that are ready to "contaminate the Twitter API stream." There are more than 350,000 in all, comprising what the researchers have named the Star Wars botnet. It has been dormant and "well hidden" since it was created in 2013. Juan Echeverria, a research student at UC London, and his supervisor and senior lecturer Shi Zhou outlined the threat in a research paper that is awaiting approval in a scientific journal. The have not present their findings to Twitter yet for that reason. Their main concern is not that the... Read more...
The Mirai botnet started making waves publicly during the fall of 2016 with a high-profile DDoS attack on the security site KrebsOnSecurity. The DDoS attack, which was at the time the largest on record, pummeled the site with 620 gigabits per second of traffic. Since that time, Mirai has “zombified” hundreds of thousands of IoT devices, sucking them into the botnet at an alarming rate to attack other high-profile targets. Considering that Brian Krebs, who runs KrebsOnSecurity, was directly affected by Mirai (and lost his cloud service provider, Akamai, as a result), it’s almost poetic that he is the one that has seemingly uncovered the originator of the malware. A person using the alias Anna... Read more...
Large scale distributed denial of service (DDoS) attacks powered by thousands and sometimes millions of Internet of Things (IoT) devices that have been turned into a massive botnet is something that content delivery networks (CDNs) and service providers must be prepared for in 2017. Lest anyone thinks otherwise, yet another "huge DDoS" assault was reported before the end of this year, this time from Incapsula, which fended off the largest attack to date on its network. With ten days to go before 2016 is in the rear view mirror (along with all of the celebrities it took), Incapsula found itself mitigating a DDoS attack that peaked at 650 gigabits per second, which is about 30Gbps more than the... Read more...
Over the past few months, we’ve witnessed the Mirai botnet wreak havoc with IoT devices like consumer webcams, DVRs and security cameras. These often budget-minded devices were often equipped with insecure software or employed security countermeasures that were easily overpowered. However, we’re learning today that it isn’t just cheap consumer devices that are susceptible to attacks — even high-end equipment can be compromised if a hacker has enough motivation to dig for exploits. Such is the case with Sony’s professional grade IPELA Engine IP cameras. According to SEC Consult, a backdoor was found on these cameras that would allow a would-be attacker to inject code and further penetrate a network.... Read more...
900,000 Deutsche Telekom customers in Germany were hit with an internet outage beginning on Sunday, and IT analysts have concluded that the company was the victim of a hacker attack. The 900,000 affected customers make up roughly 4.5 percent of Deutsche Telekom’s 20 million fixed-line customers.It is believed that the hackers used malicious software known as Mirai. Mirai turns network devices into remotely-controlled “bots” that can be used to launch attacks and target other victims. Remote interfaces allow network technicians to fix customers' routers from far away, but are also susceptible to outside attacks such as Mirai. The attack targeted the remote routers in homes and offices that not... Read more...
We recently witnessed a new and disturbing trend in cyber security and that is the widespread hacking of Internet connected devices to initiate DDoS attacks on an unprecedented scale. That is the method that made possible the Mirai botnet that targeted security expert Brian Krebs and his security blog with 620 gigabits per second of traffic, which at the time was a record. It is also what's causing a surge in DDoS attacks, as noted by content delivery network (CDN) Akamai. The CDN made its findings known in a recent security report compiled with data gathered from its intelligence platform. In it Akamai notes that the two largest DDoS attacks this past quarter both leveraged the Mira botnet.... Read more...
On Friday, DNS provider Dyn was walloped by a massive DDoS botnet attack which slowed down or completely sidelined major websites like Amazon, Twitter, and The New York Times. The attack was carried out using improperly configured Internet of Things (IoT) devices that were zombified by Mirai malware. In this particular case, however, the majority of the IoT devices used in the botnet were webcams made by China-based XiongMai Technologies. "It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States," said Flashpoint research director Allison Nixon. With all of the attention be thrust onto XiongMai, the company acknowledged... Read more...
Earlier this morning, we reported on the troubling news that the source code for the Mirai IoT DDoS botnet is now out in the open. If you recall, Miari is the botnet that was able to flood KrebsOnSecurity with 620 gigabits per second of traffic using a horde of zombie IoT devices (the attack was so devastating that Akamai cancelled its pro bono hosting arrangement with Brian Krebs). However, with Mirai source code now out for anyone to take advantage of, we may be seeing even more wide-scale DDoS attacks taking place in the future. And while KrebsOnSecurity might not exactly be a site that you have frequented in the past, Miari has the potential to cripple some big name properties. As Hans Gruber... Read more...
Well, this isn't good. The source code for the botnet that took KrebsOnSecurity down by tapping into an unprecedented number of Internet of Things (IoT) devices has been released to the public. It's availability virtually ensures that distributed denial of service (DDoS) attacks equal in size or even larger will follow, creating financial headaches and service disruptions for companies both big and small. Brian Krebs, a renowned security expert and author of the aforementioned blog, recently found his website the target of one of the largest DDoS attacks in history. The massive attack brought in a record 620 gigabits per second of traffic. That's almost twice as much as Akamai, the cloud provider... Read more...
The web is becoming the wild, wild west all over again it seems. You could argue the Internet's always been a potentially dangerous place, but with the proliferation of smart devices becoming increasingly commonplace, cybercriminals now have more points of entry into home networks than ever before. Smart home automation gadgets collectively comprise much of what's referred to as the Internet of Things (IoT), and just like your PC, they can be silently hijacked and enlisted into a botnet, a malicious network of systems under the control of a foreign party. Individually, all these smart lighting, media streamers, Nest thermostats, and other IoT gadgets don't pose a major threat, just as a... Read more...
There are two Dorkbots. One is a nerdy group of organizations that sponsor grassroots meetings of artists, engineers, designers, scientists, inventors, and anyone else involved in electronic art. Their motto is "people doing strange things with electricity," and they're cool. We like them. They're not affiliated with the other Dorkbot, which is the name of a botnet that the FBI just broke up.Despite the goofy name, Dorkbot was no laughing matter. Security researchers have been tracking Dorkbot for more than four years, during which time it's grown to infect over 1 million Windows PCs spread across 190 countries. Those behind the botnet used it launch cyberattacks and steal sensitive data.Left... Read more...
In what sounds like a scene out of one of those (well meaning, but never remotely accurate) cyber-action movies, teams of technicians from Symantec and Microsoft’s Digital Crimes unit wielding a court order from the U.S. District Court in Alexandria, Virginia, were escorted by U.S. Federal Marshals in raids on data centers in New Jersey and Virginia yesterday. Yes, that happened. According to Reuters, the purpose of the raids was to shut down the Bamital botnet by yanking offline servers that had been used to control between 300,000 and 1 million infected PCs as part of a massive click fraud campaign perpetrated by at least 18 individuals scattered across the globe, including in Russia,... Read more...
Researchers with Kaspersky Labs have released information on a new botnet they've discovered that dwarfs any previous cyber-espionage efforts as far as its size, scope, and complexity. The new network, dubbed Red October, has sunk its hooks into systems worldwide. The degree of penetration varies from state to state -- in the United States, the leaks were apparently confined to diplomatic offices and embassies, while in Russia, intrusions were picked up in military installations, embassies, nuclear power plants, and in research institutions. Elements of the Red October network have apparently been in play since 2007. Red October is the latest major cyber-espionage network detected worldwide.... Read more...
It's like the wild west all over again, only this time we have the Internet, modern technology, and plumbing. Oh, and Microsoft isn't asking anyone to bring back a head on a platter. The Redmond sheriff is simply asking for "new information that results in the identification, arrest, and conviction" of those responsible for propagating the Rustock botnet. The reward for assisting Microsoft with its hat trick is a cool quarter of a million dollars. That's a lot of coin. The offer "stems from Microsoft's recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it," the software giant said in a blog... Read more...
While much attention is focused on Facebook scams and trojans involving Osama bin Laden's death, Facebook users should be aware of another new way scammers are spreading links to rogue sites.  They have begun to circulate convincing links claiming to be stories from Wired News about the iPhone 5. This scam takes advantage of Facebook’s new social plugin for websites that allow for comments, M86 Security Labs reports.   If a Facebook user clicks on the link, the user is instead sent to a random .info site. M86 says it has documented over 10 of these sites for this particular scam. Once there, the user is asked to answer a CAPTCHA-like verification form, such as "what is 3 + 2?",... Read more...
One of the most active spam bots, Asprox, has a new gimmick for a Trojan it's been e-mailing around for the past six months: Facebook. Its botmasters are trying to cash in on last week's blocked accounts and unfriending frenzy. Wednesday, November 17, was National Facebook Unfriend day, the brainchild of late night talk show comedian Jimmy Kimmel. However, the day before, Facebook confirmed that it was automatically disabling accounts it found to be suspiciously "fake." In the process it said a "bug" made it also disable a bunch of real users' accounts. Lots of information and disinformation began to promptly circulate about the accounts being blocked because Facebook required users to scan and... Read more...
No one enjoys spam. In fact, it's probably one of the most universally hated things on the Internet. Spam senders probably don't even enjoy the spam that they're distributing, and it's safe to think that Microsoft loathes spam more than anyone else. Or at least that's the impression we get from the amount of fighting it went through to land at the place they're at now.A U.S. just recently granted the company's request to do away with a total of 277 Internet domains, which they maintain were used to "command and control" the Waledac botnet. If you aren't aware, a botnet "is a network of infected computers under the control of hackers," and according to Microsoft, the closing of the domains could... Read more...
The eventual creation of botnet(s) based on mobile devices rather than PCs has been theorized about for years, but no such malware has ever appeared in the real world—at least, not until now. Security researchers believe they may have found the first true mobile worm, dubbed "Sexy View" or "Sexy Space" depending on which version of the program one encounters. The infected payload displays many of the characteristics of PC botnet software and is now more sophisticated than other handheld attacks that have appeared to date. The "now," in this case, is important, as Sexy View first hit the radar six months ago or more. The program has evolved considerably since it debuted, and is now capable of... Read more...
For years, many people have believed that Macs are immune to malware, viruses, and worms that have wrought havoc on PCs. In reality, however, OS X is potentially just as vulnerable to harmful programs. The difference lies in the fact that hackers generally go after what will give them the biggest bang for their buck. Traditionally, that has meant targeting PCs because they run on a more prevalent OS. Given OS X’s small market share in comparison to Windows systems, Macs are less likely than PCs to be attacked. Since Macs are quickly gaining market share and status, however, they’re finding themselves under more frequent attacks. Apple has even alluded to this, having previously recommended that... Read more...
The Conficker worm has generated a fair amount of buzz in the media recently. Today, April 1, was suppose to be the worm’s day of attack. As of this evening eastern standard time, the doomsday some were predicting as a result of the Conficker worm did not materialize. That doesn’t mean Conficker is a bust, however. The worm still did what was expected—it generated 50,000 domain names and started contacting them. The Conficker virus has infected several million computers since November. It was programmed to seek new instructions beginning today. The hype over the programmed instructions led to speculation and reports stating Conficker could launch a massive cyber attack today. The hype surrounding... Read more...
Technology News Daily reports on the latest findings of Marshal's Threat Research and Content Engineering (TRACE) team, indicating that the Srizbi botnet comprises 49.4 percent of all spam for the week ending May 4, 2008--making Srizbi "the world's largest spam botnet." (Marshal is an e-mail and Internet-content security service provider.)"Srizbi is estimated to comprise at least 300,000 compromised computers and sends more than 60 billion spam messages per day. Recently, the botnet has been used to promote a range of products including watches, pens and male enlargement pills. Srizbi also actively distributes copies of its own malware in malicious spam campaigns using social engineering ploys... Read more...
Prev 1 2 3 Next