In huge change in policy, police move against criminal servers |
In a big step, the FBI has for the first time taken aim at tacking control of a HUGE BOT net by taking control of the criminal’s servers. The US Justice Department has to seek a court order to carry out the sting. It enabled authorities to issue its own commands, effectively ordering the malware to shutdown. It also logged the addresses of the compromised machines. The action was coordinated with Microsoft Corp., which issued a software patch April 12 to correct a vulnerability in it’s OS. The vulnerability allows the software to spread from one computer to another creating zombie systems.
The approach was similar to that used by Dutch authorities against the Bredolab botnet.
Millions of systems have been recruited to become Zombie PC’s. The Coreflood, malware program prompting the FBI investigation has been around for at least a decade now. I can record keystrokes, allowing criminals to take over unsuspecting computers and steal passwords, banking info and credit cards.
The size of the network of compromised systems is around 2.3 million systems and has raked in millions for those behind it.
29 domain names have bee seized as well that were being used by the botnet.
“As a result the zombie machines in the Coreflood network are being re-routed to communicate with the server controlled by law enforcement agencies.” explained Noa Bar Yosef, a senior strategist at the security firm Impreva.
“There has been a real legal barrier to to this because essentially you are issuing instruction to someone else’s comptuer,” said Alex, Cox, principle research analyst at NetWitness Corp. a cyber security firm based in Reston, Virginia.
“That is very, very significant,” Cox said.
Richard Boscovish, a lawyer in Microsoft’ digital crimes unit, said by email, “There is clearly a strong public/private momentum happening in the fight against botnets.” He stated that, “The unit was happy to provide technical information from the lessons we learned from the recent Rustock and Waledac botnet takedowns to assist these agencies.”
Source: BBC, Businessweek
More Stories
Facebook Paying Social Media Users to Suspend Accounts Ahead of November Elections
Facebook is offering money to those who are willing to stop using Facebook and Instagram in the weeks before the...
Multiple nation-state groups are hacking Microsoft Exchange servers
Multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers. (more…)
The rare form of machine learning that can spot hackers who have already broken in – MIT Technology Review
Darktrace’s unsupervised-learning models sound the alarm before intruders can cause serious damage. — Read on www.technologyreview.com/s/612427/the-rare-form-of-machine-learning-that-can-spot-hackers-who-have-already-broken-in/
Hackers Delete Thousands of Dark Web Pages • Digit
Hackers have permanently deleted 6,500 hidden services that were hosted on the Daniel's Hosting dark web server. — Read on...
Mining Botnet Conscripts 5000 Android Devices
A fast-moving botnet that appeared over the weekend has already infected thousands of Android devices with potentially destructive malware that...
Surviving Electmageddon: Protecting against a wave of DNS outages
This is a re-print of an excellent article posted this week regarding setting up multiple DNS addresses. To protect...