Warning: Creating default object from empty value in /home/ict-forward/www-apps/wp-svn/wp-includes/ms-load.php on line 138
botnet « The FORWARD project blog

Posts Tagged ‘botnet’

Operation Avenge Assange

Friday, January 7th, 2011

The last few days wikileaks has been one of the hottest topics of the Internet world.

After WikiLeaks released a secret cable listing sites worldwide, that the U.S. considers critical to its national security,  it was targeted by DDoS attacks.
A few days later Julian Assagne was accused for the rape of two Swedish women. Many people think that both the DDoS attacks and the rape accusation are coordinated by the U.S.  In addition U.S. government persuaded Paypal to stop taking payments from wikileaks. While visa and MasterCard also stopped accepting payments from wikileaks.

All the above facts made many people suspicious and worried about the freedom of speech in the World Wide Web. As a result the Operation Payback group is targeting principals it considers responsible for the wikileaks hunt and Assagne’s (fake!?) rape case.

Since today the following websites has been attacked:

PostFinance postfinance.ch 2010-12-06
Swedish Prosecution Authority aklagare.se 2010-12-07
EveryDNS everydns.com 2010-12-07
Joseph Lieberman lieberman.senate.gov 2010-12-08
MasterCard mastercard.com 2010-12-08 10:30 UTC
Borgstrom and Bostrom advbyra.se 2010-12-08
BILD (not confirmed) bild.de 2010-12-08 19:30 UTC
Visa visa.com 2010-12-08 21:00 UTC
Sarah Palin sarahpac.com 2010-12-08
Paypal paypal.com 2010-12-09 02:50 UTC
Amazon amazon.com 2010-12-09 23:00 UTC

Those attacks are made using a “voluntary” bot-net. Users can join the bot-net with their PC using a modified version of the Low Orbit Ion Cannon (LOIC). Actually running this modified LOIC makes your PC a bot of the bot-net and (rumors say) 10 hacktivists (probably the coordinators) set the bot-net to target a site.  The site to be targeted is chosen after conversations in irc://irc.anonops.net at channel #OperationPayback. Any user disagreeing with an attack can log out from the bot-net at any time.


Zeus botnet’s C&C through Amazon EC2

Thursday, December 17th, 2009

A variant of the Zeus bot (Zbot) was found using Amazon’s Elastic Computer Cloud (EC2) infrastructure for Command&Control commands to infected machines.

Zbot is a password-stealing software, logs financial data and sends them to the botnet. Last year more than 100M US fraud was linked with Zeus malware variants. It was also held responsible for the “destruction” of 100.000 infected computers by deleting registry key data, making them inoperable. Zeus botnet is estimated to consist of millions of infected computers around the world.

(more…)

H1N1 malware epidemic

Monday, December 7th, 2009

Earlier this week, the Center for Disease Control (CDC) issued a new malware scam, to warn citizens about a large malware campaign exploiting the public awareness of phishing attacks and the interest in H1N1 vaccinations.

The E-mail security company AppRiver detected a large amount of  fake CDC e-mails which were sent at a rate of nearly 18,000 messages per minute, reaching more than 1 million in the first hour alone, according to the company’s blog post.

The e-mails claim users to register for a new state vaccination programm by creating a personal H1N1 vaccination profile at a fraudulent web page of CDC. However, anyone who clicks on the link, his computer is infected with malware, an executable copy of ZBot trojan horse. This trojan, also known as Zeus, powers one of the most active botnets which steal data of compromised machines.

According to the security company Sunbelt Software’s report,  ZBot is listed as the second most prevalent malware threat.

Malware propagation can be succesful in a situation where social engineering is dominatinated by technology due to the public awareness and fear.

Botnet hijacking

Thursday, May 7th, 2009

Security researchers at University of California, Santa Barbara have managed to infiltrate the Torpig botnet (also called Sinowal or Mebroot) allowed them to gain important new insights into one of the world’s most notorious zombie networks by collecting an astounding 70 GB worth of data stolen in just 10 days.

(more…)

First Mac botnet

Tuesday, April 28th, 2009

Researchers at Symantec found two hidden trojans – OSX.Iservice and OSX.Iservice.B – in pirated copies of Apple Computer’s iWork ’09 and Adobe Photoshop CS4 posted on some P2P networks, which use different techniques to obtain the user’s password and take control of the infected Mac machine.

(more…)