Showing posts sorted by date for query botnet. Sort by relevance Show all posts
Showing posts sorted by date for query botnet. Sort by relevance Show all posts

Microsoft Along With FBI & EC3 Shattered The Notorious ZeroAccess Botnet

Posted by Avik Sarkar On 12/08/2013 01:14:00 am

Microsoft Along With FBI & EC3 Shattered The Notorious ZeroAccess Botnet Responsible For Infecting More Than 2 Million Computers
Redmond based software giant Microsoft yet again got a huge success against a big racket of cyber criminals while shattering one of the world's largest and most rampant botnets named 'ZeroAccess'. The Sirefef botnet, also known as ZeroAccess, is responsible for infecting more than 2 million computers, specifically targeting search results on Google, Bing and Yahoo search engines, and is estimated to cost online advertisers $2.7 million each month. Tech giant Microsoft working alongside the Federal Bureau of Investigation (FBI), Europol's European Cybercrime Centre (EC3) have successfully disrupted this notorious botnet. This is Microsoft’s first botnet action since the Nov. 14 unveiling of its new Cybercrime Center — a center of excellence for advancing the global fight against cyber crime — and marks the company’s eighth botnet operation in the past three years.

“This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organizations and networks behind these dangerous botnets that use malicious software to gain illicit profits,” said Troels Oerting, head of the EC3. “EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cyber crime units in five European countries and Microsoft.”
Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cyber criminals to remotely control the botnet from tens of thousands of different computers. ZeroAccess is used to commit a slew of crimes, including search hijacking, which “hijacks” people’s search results and redirects people to sites they had not intended or requested to go to in order to steal the money generated by their ad clicks. ZeroAccess also commits click fraud, which occurs when advertisers pay for clicks that are not the result of legitimate, interested human users’ clicks, but are the result of automated Web traffic and other criminal activity. Research by the University of California, San Diego shows that as of October 2013, 1.9 million computers were infected with ZeroAccess, and Microsoft determined there were more than 800,000 ZeroAccess-infected computers active on the Internet on any given day.



How It Happened:- 
Last week, Microsoft filed a civil suit against the cyber criminals operating the ZeroAccess botnet and received authorization from the U.S. District Court for the Western District of Texas to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes. In addition, Microsoft took over control of 49 domains associated with the ZeroAccess botnet. A10 Networks provided Microsoft with advanced technology to support the disruptive action.
As Microsoft executed the order filed in its civil case, Europol coordinated a multijurisdictional criminal action targeting the 18 IP addresses located in Europe. Specifically, Europol worked with Latvia, Luxembourg, Switzerland, the Netherlands and Germany to execute search warrants and seizures on computer servers associated with the fraudulent IP addresses located in Europe. This is the second time in six months that Microsoft and law enforcement have worked together to successfully disrupt a prevalent botnet. It demonstrates the value coordinated operations have against cyber criminal enterprises. For more information about this botnet operation click here

ZeroAccess is counted as a very sophisticated malware, blocking attempts to remove it, therefore recommended for every Microsoft user to click Here for detailed instructions on how to remove this threat. As Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or antivirus software as quickly as possible. 
In conversation with press David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit said -“Microsoft is committed to working collaboratively — with our customers, partners, academic experts and law enforcement — to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world.” 

While talking about ZeroAccess botnet take down, I would like to remind you that in Match, last year Microsoft has successfully shutdown two command and control (C&C) server of world's of the most dangerous banking trojan Zeus.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers Exploiting Old Ruby on Rails Vulnerability To Compromise Web Servers & Create Botnet

Posted by Avik Sarkar On 6/03/2013 09:06:00 pm

Hackers Exploiting Old Ruby on Rails Vulnerability (CVE-2013-0156) To Compromise Web Servers & Create IRC Botnet
A critical vulnerability on Ruby on Rails spotted in January this year which was deemed “critical” at the same time yet again found in the wild. The vulnerability known as CVE-2013-0156 that affected versions 3.0.20 and 2.3.16 again rises it's hand. Though a security patch was released by the Rails developers. But as we all know that many server administrator used to be unaware of these events have not patched their systems. As a result hackers and cyber criminals are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a dangerous botnet. This major security issue was first discovered by a security consultant Mr. Jeff Jarmoc of research firm Matasano Security. In his blog Jarmoc said "It’s pretty surprising that it’s taken this long to surface in the wild, but less surprising that people are still running vulnerable installations of Rails. It also appears to be affecting some web hosts." According to his blog post -the exploit that's currently being used by attackers adds a custom cron job -- a scheduled task on Linux machines that executes a sequence of commands. Those commands download a malicious C source file from a remote server, compile it locally and execute it. The resulting malware is a bot that connects to an IRC (Internet Relay Chat) server and joins a predefined channel where it waits for commands from the attackers. A pre-compiled version of the malware is also downloaded in case the compilation procedure fails on the compromised systems.
"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc said. "There's no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands." But the matter of relief is that Jarmoc concluded while saying "this is a pretty straightforward skiddy exploit of a vulnerability that has been publicly known, and warned about, for months."

But still administrators who have not yet patched their Rails version should immediately should update the Ruby on Rails installations on their servers to at least versions 3.2.11, 3.1.10, 3.0.19 or 2.3.15 which contain the patch for this vulnerability. However, the best course of action is probably to update to the latest available Rails versions, depending on the branch used, since other critical vulnerabilities have been addressed since then. 

Brief About RoR:- Ruby on Rails is a popular framework for developing Web applications based on the Ruby programming language and is used by major websites including Hulu, GroupOn, GitHub and Scribd.







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Posted by Avik Sarkar On 11/29/2012 06:02:00 pm

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Those people who wander in many underground hackers community, knows very well that several unethical equipment such as Botnet, Zero-day exploit, black hole exploit kit, malware, undisclosed vulnerabilities and so on were sold there for different prices. Those products were generally priced between $5-$500, but today I will talk about an expensive product, which listed itself top on the black market. I am talking about a new cross-site scripting exploit that enables attackers to steal cookies and access Yahoo email accounts. According to the blog post of Krebs on Security -A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. The hacker posted the following video to demonstrate the exploit for potential buyers. 


“I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers,” wrote the vendor of this exploit, using the hacker handle ‘TheHell.’ “And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!” -said the hacker.  
In response Ramses Martinez, director of security at Yahoo!, said the challenge now is working out the exact yahoo.com URL that triggers the exploit, which is difficult to discern from watching the video. “Fixing it is easy, most XSS are corrected by simple code change,” Martinez said. “Once we figure out the offending URL we can have new code deployed in a few hours at most.”





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI's Cybercrime Unit Taken New Initiative to Nab Hackers & Intruders

Posted by Avik Sarkar On 10/31/2012 06:09:00 am

FBI's Cybercrime Unit Taken New Initiative to Nab Hackers & Intruders 

The month of October has been declared by FBI as the National Cyber Security Awareness Month of 2012 , and in the last week of this month the cyber crime division of FBI has started a new program which will specially emphasis on hackers and intrusion. The main aim of this program is to focusing on hackers and to prevent cyber crime. Last month  Federal Bureau of Investigation (FBI) has issued a report based on information from law enforcement and complaints submitted to the Internet Crime Complaint Center (IC3) detailing recentcyber crime trends and new twists to previously-existing cyber scams. Now the recent movement of FBI will surely inject fear into the heart & mind of hackers. According to FBI's official release - Early last year, hackers were discovered embedding malicious software in two million computers, opening a virtual door for criminals to rifle through users’ valuable personal and financial information. Last fall, an overseas crime ring was shut down after infecting four million computers, including half a million in the U.S. In recent months, some of the biggest companies and organizations in the U.S. have been working overtime to fend off continuous intrusion attacks aimed at their networks. The scope and enormity of the threat—not just to private industry but also to the country’s heavily networked critical infrastructure—was spelled out last month in Director Robert S. Mueller’s testimony to a Senate homeland security panel: “Computer intrusions and network attacks are the greatest cyber threat to our national security.”
To that end, the FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code. Agents are cultivating cyber-oriented relationships with the technical leads at financial, business, transportation, and other critical infrastructures on their beats. 

Today, investigators in the field can send their findings to specialists in the FBI Cyber Division’s Cyber Watch command at Headquarters, who can look for patterns or similarities in cases. The 24/7 post also shares the information with partner intelligence and law enforcement agencies—like the Departments of Defense and Homeland Security and the National Security Agencyon the FBI-led National Cyber Investigative Joint Task Force.
A key aim of the Next Generation Cyber Initiative has been to expand our ability to quickly define “the attribution piece” of a cyber attack to help determine an appropriate response, said Richard McFeely, executive assistant director of the Bureau’s Criminal, Cyber, Response, and Services Branch. “The attribution piece is: who is conducting the attack or the exploitation and what is their motive,” McFeely explained. “In order to get to that, we’ve got to do all the necessary analysis to determine who is at the other end of the keyboard perpetrating these actions.”
The Cyber Division’s main focus now is on cyber intrusions, working closely with the Bureau’s Counterterrorism and Counterintelligence Divisions.  “We are obviously concerned with terrorists using the Internet to conduct these types of attacks,” McFeely said. “As the lead domestic intelligence agency within the United States, it’s our job to make sure that businesses’ and the nation’s secrets don’t fall into the hands of adversaries.”
In the Coreflood case in early 2011, hackers enlisted a botnet—a network of infected computers—to do their dirty work. McFeely urged everyone connected to the Internet to be vigilant against computer viruses and malicious code, lest they become victims or unwitting pawns in a hacker or web-savvy terrorist’s malevolent scheme.
“It’s important that everybody understands that if you have a computer that is outward-facing—that it’s connected to the web—that your computer is at some point going to be under attack,” he said. “You need to be aware of the threat and you need to take it seriously.” 


To Listen the Podcast of FBI's "“The intrusions are occurring 24/7, 365 days a year.” Click Here






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime

Posted by Avik Sarkar On 10/27/2012 02:49:00 am

Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime 

All of us, who are associated or directly involved in this cyber domain know very well that its almost impossible to stand against the rising cyber crime & cyber criminals. Then the very first question will arise and that is, what is the solution? The answer will be tie-up collaboration, unity in diversity. That means if we stand together and help each other, then definitely we can control cyber crime, not only that but also we can have a safe and secure cyber space. While talking about co-operation and collaboration then a live instance is here for you. It is your favorite social network, Facebook who stand against cyber criminals and donate $250,000 to help fight cyber crime. According to UAB NewsThe Center for Information Assurance and Joint Forensics Research at the University of Alabama at Birmingham has received a $250,000 donation from Facebook in recognition of the center’s role in tracking international criminals behind social-media botnet Koobface as well as other spammers. The donation, which comes from money Facebook has recovered from spammers located around the world, will be used to expand the new CIA|JFR headquarters. 
“As a result of numerous collaborations over the years, Facebook recognizes the center as both a partner in fighting Internet abuse, and as a critical player in developing future experts who will become dedicated cybersecurity professionals,” says Joe Sullivan, chief security officer at Facebook. “The center has earned this gift for their successes in fighting cybercrime and because of the need for formal cybersecurity education to better secure everyone’s data across the world.”  
Here we want to remind our readers that 'Koobface' was the most dangerous malware ever made to infiltrate Facebook made by few Russian hacker. The hackers, known as the Koobface gang, sent Facebook users attractive invitations to watch a funny or sexy video. When the unsuspecting users clicked the link, the message appeared saying that their computer’s Flash software needed updating. The “update” was in fact malware that hijacked the user’s clicks and delivered them to advertisers, making the hackers money -to the tune of over $2 million annually. According to Kaspersky Labs the network of infected computers included between 400,000 and 800,000 PC. Earlier in this year the entire Koobface gang was exposed and the C&C server of Koobface has been stopped prenatally by few German Researchers. 

With this story here we, the entire VOGH Team would like to congratulate the team at the University of Alabama at Birmingham on the donation from Facebook. More power to them and similar experts around the world, helping investigate cybercrime and making the online world a safer place! 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

GoDaddy Outage Was Not Beacuse of Hacker Attack But Technical Difficulties

Posted by Avik Sarkar On 9/13/2012 11:57:00 pm

GoDaddy Outage Was Not Beacuse of Hacker Attack But Technical Difficulties 

GoDaddy -the website which is widely known as a DNS and hosting provider remained down for most of time on 10th September came back online in the 10th evening. As expected thousands of other web sites reportedly went offline as their hosting provider GoDaddy experienced massive service disruptions. GoDaddy, which claims to be the world's biggest web hosting company, confirmed the problems on its official Twitter account but has not yet stated the cause of the disruptions. A hacker code named "Anonymous Own3r" on Twitter took responsibility of the outage. The attack came on behalf of the hacker collective group 'Anonymous' as a protest against GoDaddy's support of the SOPA act. The hacker stated the reason of the outage is a massive denial of service (DDoS) attack which was generated from an IRC-Botnet. A tweet from the @AnonOpsLegion account: "#TangoDown -- http://www.godaddy.com/ | by@AnonymousOwn3r" was the initial public promotion of the outage, leading some to believe that the Anonymous online activist collective was behind the disruption. However, the AnonymousOwn3r account clarified in various tweets that: "it's not Anonymous coletive [sic] the attack is coming just from me." But this claim was later disputed by posts from the @YourAnonNews account which is known to be one of the legitimate twitter source of Anon. 
After completing the investigation of the outage, GoDaddy released a press note where they have clearly said that the outage was not because of DDoS attack but internal technical difficulties. According to Scott Wagner Go Daddy CEO -
"GoDaddy.com and many of our customers experienced intermittent service outages starting shortly after 10 a.m. PDT. Service was fully restored by 4 p.m. PDT. The service outage was not caused by external influences. It was not a "hack" and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.
At no time was any customer data at risk or were any of our systems compromised. Throughout our history, we have provided 99.999% uptime in our DNS infrastructure. This is the level our customers expect from us and the level we expect of ourselves. We have let our customers down and we know it. We take our business and our customers' businesses very seriously. We apologize to our customers for these events and thank them for their patience."





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hacker Sentenced to 30 Months in Prison for Selling Access to Botnets & Infecting 72,000 PCs

Posted by Avik Sarkar On 9/11/2012 12:05:00 am


Hacker Sentenced to 30 Months in Prison for Selling Access to Botnets & Infecting 72,000 PCs


A 30-year old computer hacker received a thirty month in prison sentence for creating a botnet and a charge of violating the Computer Fraud and Abuse Act. According to Depertment of Justice - Joshua Schichtel, of Phoenix, was sentenced today to 30 months in prison for selling command-and-control access to and use of thousands of malware-infected computers, announced Assistant Attorney General Lanny A. Breuer of the Justice Department’s Criminal Division and U.S. Attorney for the District of Columbia Ronald C. Machen Jr.
Schichtel was sentenced by Chief U.S. District Judge Royce C. Lamberth in the District of Columbia.  In addition to his prison term, Schichtel was ordered to serve three years of supervised release. 
Schichtel entered a guilty plea on Aug. 17, 2011, to one count of attempting to cause damage to multiple computers without authorization by the transmission of programs, codes or commands, a violation of the Computer Fraud and Abuse Act.
According to court documents, Schichtel sold access to “botnets,” which are networks of computers that have been infected with a malicious computer program that allows unauthorized users to control infected computers.  Individuals who wanted to infect computers with various different types of malicious software (malware) would contact Schichtel and pay him to install, or have installed, malware on the computers that comprised those botnets.  Specifically, Schichtel pleaded guilty to causing software to be installed on approximately 72,000 computers on behalf of a customer who paid him $1,500 for use of the botnet.

This case was investigated by the Washington Field Office of the FBI.  The case is being prosecuted by Corbin Weiss, Senior Counsel in the Criminal Division’s Computer Crime and Intellectual Property Section and Special Assistant U.S. Attorney for the District of Columbia.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Targets Australian Security Intelligence Organisation (ASIO) & Defence Signals Directorate (DSD)

Posted by Avik Sarkar On 8/11/2012 12:58:00 am

Anonymous Targets Australian Security Intelligence Organisation (ASIO) & Defence Signals Directorate (DSD)

Australian rampage of Anonymous continues, after took down of several Australian Government website & a massive data breach from Australian ISP named AAPT now the nuisance hacker collective group today attempted to hack into both the Australian Security Intelligence Organisation (ASIO) and Defence Signals Directorate (DSD) websites. The attack was took place in early Friday, and here also Anon enlisted this cyber attack among their F**k Friday rampage also known as #FFF. The hacker group claimed to have shut down a computer server belonging to Australia's domestic spy agency ASIO, reportedly briefly closing down access to its public webpage. On its Twitter feed Anonymous Australia (@AuAnon) wrote: "The anonymous Operation Australia hackers have today again been busy with further attacks on the ASIO and DSD website."
According to sources - ASIO server faced massive traffic generated from a DDoS botnet, which immediately effected the normal service and later when loads get increased then as expected ASIO became passive and gone offline. The Australian Security Intelligence Organisation (ASIO) acknowledged some disruption to its website. "ASIO's public website does not host any classified information and any disruption would not represent a risk to ASIO's business."- said ASIO spokesman. The Sydney Morning Herald reported that ASIO's website was down for at least 30 minutes Friday morning, but it appeared to be loading normally Friday afternoon. Operation Australia, which has its own @Op_Australia Twitter stream said it would "stop the attacks at 10pm Aus. BUT we will never stop watching!". 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Russian Hacker 'Dmitry Zubakha' Arrested For DDoS Attacks on Amazon, eBay & Priceline

Posted by Avik Sarkar On 7/24/2012 01:36:00 am

Russian Hacker 'Dmitry Zubakha' Arrested For DDoS Attacks on Amazon, eBay & Priceline

A twenty five years old hacker from Russia get arrested for allegedly perforimg two massive DDoS (Denial-of-Service) attacks on one of the most popular online shopping site Amazon.com and eBay in 2008. Dmitry Olegovich Zubakha also known as "Cyber bandit" in most of the hacker's underground community was indicted in 2011, but he was just arrested in Cyprus on Wednesday. The arrest of Zubakha took place under an international warrant and  currently he is in custody pending extradition to the United States. According to the indictment unsealed on Thursday said- Zubakha, with the help of another Russian hacker planned and executed DDoS attacks against Amazon.com, eBay, and Priceline in the middle of 2008. Zubakha and his co-conspirator launched the attack with the help of a DDoS botnet to generate a large number of traffic which interrupts the normal service of those online shopping sites. According to a press release by the U.S. Department of Justice (DOJ), the attacks made it "difficult for Amazon customers to complete their business on line."
He has been charged by law enforcement for stealing more than 28,000 credit cards in 2009 for that reason, Zubakha and his partner are also charged with aggravated identity theft for illegally using the credit card of at least one person. At present the charges in the indictment conspiracy, intentionally causing damage toa protected computer resulting in a loss of more than $5000, possession of more than 15 unauthorized access devices (credit card numbers), and aggravated identity theft are just allegations. Zubakha faces up to five years in prison for conspiracy, up to teh years in prison and a $250,000 fine for intentionally causing damage to a protected computer, up to ten years in prison and a $250,000 fine for possessing unauthorized access devices, and an additional two years in prison for aggravated identity theft. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

C&C Servers of World's Third Largest Spam Botnet "Grum" Been Knocked Down

Posted by Avik Sarkar On 7/21/2012 02:58:00 am


C&C Servers of World's Third Largest Spam Botnet "Grum" Been Knocked Down



Researcher get another big success by taking down two of the command and control(C&C) servers belong to  the world's largest spam botnet named "Grum". Though  this is not complete victory, as there are still two other C&C servers are currently working actively, but researchers are very much optimistic that the volume of spam will drop this take down. 
Atif Mushtaq, senior staff scientist at security firm FireEye, said in a blog post that the botnet known as Grum drew its last dying breath on Wednesday, after six servers in Ukraine and one in Russia were shut down. In a tense faceoff with whitehats, the botnet operators had deployed those servers following the disconnection earlier this week of separate servers in the Netherlands and Panama. Faced with the threat of losing a 100,000-computer network that generated an estimated 18 billion spam messages a day, the Grum operators were desperately trying to transition to those machines when they stopped working.

"Grum's takedown resulted from the efforts of many individuals," Mushtaq wrote. "This collaboration is sending a strong message to all the spammers: 'Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonalds, or sell hotdogs, but don't send us spam." We would also like to give you reminder that, this year Microsoft closed two C&C server of Zeus, another dangerous botnet. Also researcher from different parts of the world have unveiled the mystery of few other botnets like Bredolab, Rustock, Duqu and so on. 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BoNeSi- A New DDoS Botnet Simulator Tool Available For Download

Posted by Avik Sarkar On 7/08/2012 01:12:00 pm

BoNeSi- A New DDoS Botnet Simulator Tool Available For Download 

After Armageddon now we got BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks. BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly configurable and rates, data volume, source IP addresses, URLs and other parameters can be configured. There are plenty of other tools out there to spoof IP addresses with UDP and ICMP, but for TCP spoofing, there is no solution. BoNeSi is the first tool to simulate HTTP-GET floods from large-scale bot networks. BoNeSi also tries to avoid to generate packets with easy identifiable patterns (which can be filtered out easily).
It is highly recommend to run BoNeSi in a closed testbed environment. However, UDP and ICMP attacks could be run in the internet as well, but you should be carefull. HTTP-Flooding attacks can not be simulated in the internet, because answers from the webserver must be routed back to the host running BoNeSi. A demo video of BoNeSi in action can be found here.

To Download BoNeSi Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Russian Botnet Operator Busted For Infecting 6 Millions of Computers & Stealing £2.9 Million

Posted by Avik Sarkar On 6/25/2012 10:26:00 pm

Russian Botnet Operator Busted For Infecting 6 Millions of Computers & Stealing £2.9 Million

Russian Police authorities have arrested  a 22 year hacker from Southern Russia known as "Hermes" and "Arashi" in online communities. According to the reports the suspect was running a botnet which comprised more than 4.5 million computers while making it the largest publicly known botnet to date. It has been also found that the hacker used banking trojans to steal more than 150 million roubles, almost £2.9 million, from private individuals and organisations.  According to the statement of Russian Interior Ministry the trojan is believed to have infected more than six million computers. On some days, more than 100,000 new computers were recruited.  The authorities also confirmed that the arrest of "Hermes" and other members of his hacker group was carried out with the assistance of anti-virus company Dr. Web. Most of the accomplices lived in Moscow and St. Petersburg. We also like to give you reminder that couple of months ago another Russian hacker who was the creator of the Bredolab botnet received a four-year imprisonment by Armenian court.









SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Bredolab Botnet Author -Georgiy Avanesov Received 4 Years Imprisonment

Posted by Avik Sarkar On 5/27/2012 10:14:00 pm

Bredolab Botnet Author -Georgiy Avanesov Received 4 Years Imprisonment


Georgiy Avanesov, a 27-year-old Russian man, the creator of the Bredolab botnet received a four-year imprisonment by Armenian court. In October 2010, Dutch investigators were able to take control of the Bredolab botnet's 143 command & control servers and take them offline. The Dutch law enforcement authorities worked with security specialist Fox IT to track down Avanesov, which eventually led to his arrest at an airport in the Armenian capital of Yerevan. At the time it was running, the Bredolab trojan was estimated to have infected more than 30 million Windows PCs around the world and was capable of infecting three million new PCs a month through infected emails. 
Avanesov was found guilty of computer sabotage, started operating the botnet in 2009 and used it for distributed denial-of-service (DDoS) attacks and for sending over 3.6 billion spam email messages per day. The BBC estimates that Avanesov earned approximately €100,000 (£80,000) per month with Bredolab, also known as Oficla.













SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Four LulzSec Hackers Appeared In Court Together For The First Time

Posted by Avik Sarkar On 5/14/2012 03:48:00 pm


Four LulzSec Hackers Appeared In Court Together For The First Time

For the first time the four men, Ryan Ackroyd, 25, Ryan Cleary, 20, Jake Davis, 19 and a 17-year-old male who could not be named appeared in Court together. They are charged with taking part in cyber attacks under hacking group LulzSec, an offshoot of Anonymous, appeared in court Friday afternoon, appearing side-by-side for first time before a judge.  British prosecutors allege that the quartet last engaged with one another under the guises of online pseudonyms to wreak havoc on the web. These LulzSec key members are accused of accessing computers operated by News Corp. (NWSA) (NWSA)’s Twentieth Century Fox, Sony Corp. (6758), the U.K.’s National Health Service, the Arizona State Police, and technology-security company HBGary Inc.
Four of the eight counts listed in the updated British indictment today, were levelled solely on 20-year-old Cleary. He is accused of supplying a botnet — or a network of thousands of infected computers that can be used to paralyze websites — to others, and operating one himself to attack the website of DreamHost, a web hosting company. He is also accused of “installing and/or altering computer programs” on computers at the Pentagon controlled by the U.S. Air Force, between May 1 and June 22, 2011.
Cleary was the only one of the four defendants who was still in police custody. He was arrested on March 6 of this year — the same day Hector “Sabu” Monsegur was unveiled as an informant — for breaching his bail conditions. 
According to the new indictment, the four men also targeted denial of service attacks against: Westboro Baptist Church, which has staged anti-homosexual demonstrations at military funerals; the online role-playing game Eve Online; the U.S. Central Intelligence Agency; and Britain’s Serious Organised Crime Agency.





-Source (Forbes) 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pastie.org - Popular Online Paste Tool Under DDoS Attack

Posted by Avik Sarkar On 4/24/2012 11:07:00 pm

Pastie.org - Popular Online Paste Tool Under DDoS Attack  

Popular online paste tool Pastie faced massive cyber attack. Last night an un-named hacker performed distributed denial of service attack twice which immediately send the website offline. Most probably the attack was generated from a botnet. "To protect it's network and other customers Rails Machine has decided to no longer host and sponsor the site. I did not see this coming and did not expect my hosting company to just pull the plug so quickly. I'm in the middle of RailsConf 2012 right now but working on a migration plan to deal with this..." said official spokesman of Pastie. The site is still not performing 

The above screen shot is taken from the index page. Earlier we have such scenario when  Pastebin, another widely paste tool faced DDoS attack and in counter measure authorities blocked 20K IP address.  






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Posted by Avik Sarkar On 4/22/2012 02:21:00 pm

Flashback Botnet Originated From Hacked & Malware-rigged WordPress Sites -Said Researchers

Massive Flashback botnet that hit more than 60K Mac PC world wide originated from hacked and malware-rigged WordPress blog sites. Researchers figure out there were between 30,000 and 100,000 WordPress sites infected in late February and early March, 85% of which are in the United States.
Kaspersky Lab researchers say the infected WordPress blog sites were rigged with code that silently redirected visitors to a malicious server. "When the connection was made to the malicious server, that server would determine which OS was running and serve exploits accordingly," says Roel Schouwenberg, senior researcher for Kaspersky. It was a pay-per-install scheme to spread malware, including the Flashback Trojan.
Most researchers say a gradual decline in machines infected by the Trojan is still underway: As of Thursday, there were about 140,000 infected Macs still out there, according to Symantec, and Kaspersky says it sees only about 30,629 Flashback-infected bots in its sinkhole. Still on the horizon, too, is the possibility of a Flashback comeback, with the command-and-control servers sending their bots updates. "We are watching the command-and-control domains used to control this botnet for any updates ... We haven't seen any new updates being delivered," said Liam O Murchu, manager of operations for Symantec Security Response. "Flashback generates new domains every day, which shows us the attackers have probably written malicious code before. They are aware that their botnet could be taken down with a single domain, so they generate a new one every day." To see the full story click here


Earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Another Mac Trojan "Backdoor.OSX.SabPub" Discovered, Exploiting Java Vulnerability

Posted by Avik Sarkar On 4/20/2012 11:17:00 pm

Another Mac Trojan "Backdoor.OSX.SabPub" Discovered, Exploiting Java Vulnerability 
Few weeks ago security experts found Flashback Trojan infected more than 60,000 Mac users around the world. Immediately after this incident Apple issued patches that curb the vulnerability. Yet again it has been found that another Mac trojan that is also spread through Java exploits. The malware, called Backdoor.OSX.SabPub, can take screen-shots of a user’s current session, execute commands on an infected machine and connect to a remote website to transmit the data. It is not clear how users get infected with the trojan, but because of the low number of instances and the trojan’s backdoor functionality, Securelist speculates that it is most likely used in targeted attacks, possibly launched through emails containing a URL pointing to two one of websites hosting the exploit. Two versions of SabPub were discovered in the wild this past weekend, flying undedected for about two months now. Kaspersky's Costin Raiu wrote in a blog post that SabPub was probably written by the LuckyCat authors.
Version 1: Microsoft Office
One version of SabPub traps Mac (and potentially Windows) users with booby-trapped Microsoft Word documents which exploit the vulnerability 'MSWord.CVE-2009-00563.a.'
The spear-phishing emails containment a malicious Word attachment entitled '10thMarch Statemnet' (with typo) to Tibet sympathizers. March 10, 2011 refers to the day the Dalai Lama delivered his annual speech observing the Tibetan Uprising of 1959. The Word doc was created in August 2010 and updated in February with SabPub thrown in; "quite normal" for such attacks and seen in other APT's like Duqu, Raiu notes.
Version 2: Java
A March version of Sabpub also discovered last weekend exploits the same drive-by Java vulnerability seen in Flashback, one of the biggest botnet attacks seen in OS X. Once the backdoor Trojan is downloaded, a victim's system is connected to a command-and-control center via HTTP. From there the botnet can grab screenshots, upload/download files, and remotely execute commands, Sophos' Graham Cluley writes. SabPub drops the following two files on a user's system, so if you are concerned about infection Cluley recommends searching for these files:
/Users//Library/Preferences/com.apple.PubSabAgent.pfile
/Users//Library/LaunchAgents/com.apple.PubSabAGent.plist

Earlier also Mac users faced such attacks where OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations. 


-Source (Securelist & PC Mag)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Popular Gaming Site of France Infecting Visitors With ZeuS

Posted by Avik Sarkar On 4/17/2012 12:29:00 pm

Popular Gaming Site of France Infecting Visitors With ZeuS 

Researcher from Anti-virus company and security firm Avast, has find out that a French website of popular game Assassin’s Creed has been serving ZeuS malware variants to its visitors for over 8 weeks. The site has been infected with a Trojan java script redirector that sends visitors to a Russian malware site and connects them to a ZeuS powered botnet. The infection was last confirmed by the AVAST Virus Lab at 12.00 CET, April 10, 2012. And, just to make it clear, this Assassinscreedfrance.fr site is not affiliated with Ubisoft, the developers of the Assassin’s Creed franchise. 
The web site is currently returning a Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /homepages/23/d207590046/htdocs/wp-content/plugins/countdown-timer/fergcorp_countdownTimer.php on line 1050 error message. 
According to Avast official blog post - So far, Avast has blocked over 179,800 visits by its users to this site. And, Assassinscreedfrance.fr is just one of 1,841 sites around the globe that has been infected with this specific Trojan during the month of March. The infection, a Trojan redirector, sends users to Russian malware distribution server with an IP registered in Saint Petersburg, Russia. And yes, this sever is still working, even after Microsofts’ recent takedown of a few dozen botnet servers. The infection at Assassinscreedfrance.fr is located in the countdown timer in the JavaScript module, a common WordPress plugin. Other sites had infections hitting a wide range of WordPress vulnerabilities. “The bad guys are using an automatic tool that is looking for some holes,” said Jan Sirmer, analyst from the AVAST Virus Lab. “Assassinscreedfrance.fr may have become vulnerable by using an outdated version of WordPress, even though their JavaScript plugin is up-to-date. For the rest of these sites, we can safely say that older programs and plugins are common ways to get infected.” 

-Source (Avast Blog)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

European Parliament Proposed Strict Punishment For Hackers

Posted by Avik Sarkar On 4/02/2012 03:18:00 am

European Parliament Proposed Strict Punishment For Hackers 

Europe countries are now taking cyber crimes more seriously. Recently The Civil Liberties Committee of the European Parliament has backed a draft law which immediately increases punishment for cyber criminals for attacks on IT systems within EU member states to at least two years of prison. Possessing or distributing hacking software and tools would also be regarded as an offense, and companies would be liable for cyber attacks committed for their benefit. If an attacker engaged a Denial of Service attack (DoS) or an attack through botnet, then immediately he will be sent behind bar for at-least five years
The proposal, which would update existing EU legislation on cyber attacks, was approved with by 50 votes in favour, 1 against and 3 abstentions. "We are dealing here with serious criminal attacks, some of which are even conducted by criminal organizations. The financial damage caused for companies, private users and the public side amounts to several billions each year" said rapporteur Monika Hohlmeier (EPP, DE). "No car manufacturer may send a car without a seatbelt into the streets. And if this happens, the company will be held liable for any damage. These rules must also apply in the virtual world" she added. 
  • Other Punishable Offenses :- 
IP spoofing-
Using another person's electronic identity (e.g. by "spoofing" their IP address), to commit an attack, and causing prejudice to the rightful identity owner would also be an aggravating circumstance - for which MEPs say Member States must set a maximum penalty of at least three years. MEPs also propose tougher penalties if the attack is committed by a criminal organisation and/or if it targets critical infrastructure such as the IT systems of power plants or transport networks. However, no criminal sanctions should apply to "minor cases", i.e. when the damage caused by the offence is insignificant.
Cyber-attack tools -
The proposal also targets tools used to commit offences: the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences. Liability of legal persons Legal persons would be liable for offences committed for their benefit (e.g. a company would be liable for hiring a hacker to get access to a competitor's database), whether deliberately or through a lack of supervision. They would also face penalties such as exclusion for entitlement to public benefits or judicial winding-up. To resist cross-border cyber-attacks, Member States need to ensure that their networks of national contact points are available round the clock, and can respond to urgent requests within a maximum of eight hours, says the text.
Background -
Large-scale cyber-attacks took place in Estonia in 2007 and Lithuania in 2008. In March 2009, public and private sector IT systems in more than 103 countries were attacked using a "zombie" network of compromised, infected computers.
Next steps -
The Rapporteur aims for a political agreement between Parliament and Council on this Directive by the summer.


-Source (European Parliament / News)



 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Seized Two Command & Control Server of Zeus Botnet

Posted by Avik Sarkar On 3/28/2012 12:42:00 am

Microsoft Seized Two Command & Control Server of Zeus Botnet 
Cyber crime investigator at Microsoft have shutdown two botnet server powered by "Zeus". It has been reported that Microsoft’s Digital Crimes Unit coordinated with several financial services organizations and the United States seized the two command-and-control servers of Zeus on Friday, March 23. After shutting down the servers, It has been found that more than $100 million have already been stolen and also an estimated 13 million computers ware infected and connected with those two CNC server of Zeus. The raid came after Microsoft filed a civil lawsuit, partly under the Racketeer Influenced and Corrupt Organizations Act. The company has combined legal tactics with cyberforensics three other times since 2010 to shut down command-and-control servers used to direct large botnets. Last week Microsoft officially declared that they are working closely with US authorities and financial services companies to disrupt two Zeus botnets. So there is no doubt that this is indeed a huge success for Microsoft. 
Brief Overview of Zeus Trojan:- 
The Zeus banking Trojan intercepted user credentials for online banking accounts with a keylogger and transferred money out of victims’ bank accounts. The malware was sophisticated enough to display a fake page showing the normal account balance instead of the actual amount, which meant victims weren’t aware of the thefts immediately. Zeus crimeware kits are available on underground forums for anywhere between $700 and $15,000. There’s even an “open source” version of the toolkit which is available for free.

"Cybercriminals have built hundreds of botnets using variants of Zeus malware," Richard Boscovich, a senior attorney with Microsoft’s Digital Crimes Unit, wrote on the Official Microsoft Blog.
Last week we have also discussed about another dangerous botnet or in other word the next generation cyber weapon named Duqu. After a decent period finally the researchers have solved the Duqu Mystery

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search