03.14.10
Internet Mayhem With Microsoft Windows Botnets
Summary: News reports about security, mostly from IDG and almost exclusively about Microsoft and Windows
• ZeuS Botnet Still Mutating, Still on the Move
New capabilities are strengthening the ZeuS botnet, which criminals use to steal financial credentials and execute unauthorized transactions in online banking, automated clearing house (ACH) networks and payroll systems. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC.
• ZeuS botnet code keeps getting better for criminals
New capabilities are strengthening the ZeuS botnet, which criminals use to steal financial credentials and execute unauthorized transactions in online banking, automated clearing house (ACH) networks and payroll systems. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC.
[...]
The Windows-based ZeuS Trojan software, which takes up about 50,000 bytes on a compromised Windows-based computer, is designed to plunder accounts in North American and United Kingdom banking systems via the victim’s computer. The criminal might be located a continent away, directing unauthorized transfers of funds to accounts through elaborate command-and-control systems.
• One-third of orphaned Zeus botnets find way home
The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about a third of the orphaned channels were able to regain connectivity in less than 48 hours.
The resurrection of at least 30 command and control channels came after their internet service provider found a new upstream provider to provide connectivity to the outside world, autonomous system records showed on Thursday. As a result, some of the rogue customers who used the Troyak ISP to herd huge numbers of infected PCs were able to once again connect to the compromised machines and issue commands.
• Zeus Botnet Dealt a Blow as ISP Troyak Knocked out
• After Takedown, Botnet-linked ISP Troyak Resurfaces (Windows not mentioned)
Zeus is a botnet kit used by a large number of cybercriminals. Researchers have counted 249 Zeus command-and-control servers to date. Another Internet service provider named Group 3 was also knocked offline Wednesday. It has not been reconnected, however.
• Estonian DDoS revenge worm crafter jailed
An Estonian virus writer has been jailed for two and a half years for creating a Windows worm family that launched denial of service attacks on the websites of a local insurance firm and ISP.
Artur Boiko, 44, was convicted by a jury of creating the Allaple worm and sentenced to two years and seven months following a trial. Boiko pleaded not guilty but prosecutors persuaded the jury that he became a malware author in late 2006 to seek revenge against insurance firm IF following a dispute over a rejected car accident insurance claim.
• FBI Embeds Cyber-investigators in Ukraine, Estonia
Hoping to catch cybercrooks, the U.S. Federal Bureau of Investigation has begun embedding agents with law enforcement agencies in Estonia, the Ukraine and the Netherlands.
• Homeland Security is recruiting new cyber-warriors (they aim for prevention after the act instead of eternal cure)
Department of Homeland Security Janet Napolitano said during a keynote speech today that her agency has new authority to beef up the department’s team of cyber-warriors and couldn’t help making her pitch before the thousands of security experts in the room.
• Professor Gets Money For Cybersecurity Research
More problems surfacing:
• New Internet Explorer Flaw Revealed
• Microsoft Warns of New Bug Affecting IE Users
• Microsoft warns of new IE bug; attacks under way
• IE Zero-day Exploit Code Goes Public
Exploit code for the unpatched bug in Internet Explorer was published on the Web yesterday, a step security pros said earlier would be the precursor to widespread attacks.
• McAfee inadvertently speeds creation of Metaploit IE exploit pack
• Chinese Hack Attacks Said Likely to Recur (Internet Explorer was the cause [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12])
Recent Internet attacks from China against Google and other U.S. companies will more than double this year if the pace during the first two months continues, a security expert says.
• US expert: Chinese gov’t likely behind massive cyberattacks
The Chinese government is likely behind recent cyberattacks on U.S. government Web sites and on U.S. companies in an apparent effort to quash criticism of the government there, an expert on U.S. and Chinese relations said Wednesday.
• FBI Director: Hackers Have Corrupted Valuable Data
Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the U.S. Federal Bureau of Investigation said Thursday.
• FBI: Cyberfraud Losses Doubled in 2009 (no wonder it costs so much to recover)
Last year was a tough one for most businesses, but for cybercriminals it was one of the best yet.
According to data released Friday by the U.S. Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), victims reported total losses of US$559.7 million in 2009, more than double the tally for 2008.
• Trojan armed with hardware-based anti-piracy control
The latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to thwart would-be pirates by introducing a hardware-based product activation scheme similar to what’s found in Microsoft Windows.
The newest version with bare-bones capabilities starts at $4,000 and additional features can fetch as much as $10,000. The new feature is designed to prevent what Microsoft refers to as “casual copying” by ensuring that only one computer can run a licensed version of the program. After it is installed, users must obtain a key that’s good for just that one machine.
Zombies in another sense (traditional and not harmful):
• Six Essential IPhone Apps for a Zombie Attack
• ZombieSmash Coming to IPhone
