background preloader

BotNet & Virus

Facebook Twitter

Behold, the world’s most sophisticated Android trojan. Recently discovered malware targeting Android smartphones exploits previously unknown vulnerabilities in the Google operating system and borrows highly advanced functionality more typical of malicious Windows applications, making it the world's most sophisticated Android Trojan, a security researcher said. The infection, named Backdoor.AndroidOS.Obad.a, isn't very widespread at the moment. The malware gives an idea of the types of smartphone malware that are possible, however, according to Kaspersky Lab expert Roman Unuchek in a blog post published Thursday. Sharply contrasting with mostly rudimentary Android malware circulating today, the highly stealthy Obad.a exploits previously unknown Android bugs, uses Bluetooth and Wi-Fi connections to spread to near-by handsets, and allows attackers to issue malicious commands using standard SMS text messages.

Google representatives didn't respond to an e-mail seeking comment for this post. A beginner’s guide to building botnets—with little assembly required. Have a plan to steal millions from banks and their customers but can't write a line of code? Want to get rich quick off advertising click fraud but "quick" doesn't include time to learn how to do it?

No problem. Everything you need to start a life of cybercrime is just a few clicks (and many more dollars) away. Building successful malware is an expensive business. In the process, these big botnet platforms have created a whole ecosystem of software and services in an underground market catering to criminals without the skills to build it themselves. The customers of these services often plan more for the short term than the long game played by the big cyber-crime rings. So how easy is it to get into the botnet business? To assemble your list for some of the simplest get-rich-quick schemes, all you need is about $600, a little spare time, and no compunctions about breaking laws to make a profit. It looks like you’re trying to build a botnet… The marketplace of (bad) ideas. New Zeus P2P bots: anonymous cyber-crime ready for mass market. The recent resurgence of the Hlux/Kelihos botnet, taken down last week by a team of security companies, demonstrates how hard it is to detect and permanently shut down the latest generation of botnets.

And the arms race to counter botnets is only going to escalate further now that the sort of peer-to-peer technology used in Kelihos has become commoditized in Zeus, a botnet "platform" at the center of a thriving criminal software ecosystem. Last week, Microsoft and its partners were able to take down a collection of Zeus botnets infecting more than 13 million PCs by seizing associated servers and domain names then disrupting their command and control (C&C) network. But those botnets were built using an older set of Zeus binaries. A newer version of the software incorporates peer-to-peer networking technology in a way that eliminates the need for a C&C server, rendering botnets immune to that sort of decapitating strike.

Where we're going, we don't need servers. DDoS-for-hire service works with blessing of FBI, operator says. A website that accepts payment in exchange for knocking other sites offline is perfectly legal, the proprietor of the DDoS-for-hire service says. Oh, it also contains a backdoor that's actively monitored by the FBI. Ragebooter.net is one of several sites that openly accepts requests to flood sites with huge amounts of junk traffic, KrebsonSecurity reporter Brian Krebs said in a recent profile of the service .

The site, which accepts payment by PayPal, uses so-called DNS reflection attacks to amplify the torrents of junk traffic. The technique requires the attacker to spoof the IP address of lookup requests and bounce them off open domain name system servers. This can generate data floods directed at a target that are 50 times bigger than the original request. Krebs did some sleuthing and discovered the site was operated by Justin Poland of Memphis, Tennessee. "Since it is a public service on a public connection to other public servers this is not illegal," Poland was quoted as saying. Viruses, Trojans, and worms, oh my: The basics on malware.

Some say we're living in a "post-PC" world, but malware on PCs is still a major problem for home computer users and businesses. The examples are everywhere: In November, we reported that malware was used to steal information about one of Japan's newest rockets and upload it to computers controlled by hackers. Critical systems at two US power plants were recently found infected with malware spread by USB drives.

Malware known as "Dexter" stole credit card data from point-of-sale terminals at businesses. And espionage-motivated computer threats are getting more sophisticated and versatile all the time. In this second installment in the Ars Guide to Online Security, we'll cover the basics for those who may not be familiar with the different types of malware that can affect computers. Malware comes in a variety of types, including viruses, worms, and Trojans. Worms are similar to viruses in that they replicate themselves to spread from machine to machine. Backdoors Remote Access Trojans. Espionage malware infects raft of governments, industries around the world. Security researchers have blown the whistle on a computer-espionage campaign that over the past eight years has successfully compromised more than 350 high-profile targets in 40 countries.

"NetTraveler," named after a string included in an early version of the malware, has targeted a number of industries and organizations, according to a blog post published Tuesday by researchers from antivirus provider Kaspersky Lab. Targets include oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies, military contractors, and Tibetan/Uyghur activists. Most recently the group behind NetTraveler has focused most of its efforts on obtaining data concerning space exploration, nanotechnology, energy production, nuclear power, lasers, medicine, and communications.

The highest number of infections were found in Mongolia, followed by India and Russia. Flame, une cybermenace inquiétante ? Malgré une manie avérée de vouloir crier au loup, les éditeurs de solutions de sécurité s'accordent à dire que Flame est un logiciel malveillant particulièrement inquiétant. 'La complexité et les fonctionnalités de cette nouvelle menace dépassent celles de toutes les autres à ce jour'.

Flame a été découvert il y a deux semaines par les équipes de Kaspersky Labs suite à une étude commandée par l’entité américaine Union internationale des télécommunications. Flame a principalement établi ses bases sur les postes sous Windows (mouture 7 incluse) des instances iraniennes gérant le pétrole du pays. Le virus ne se cantonne pas à ces seuls acteurs et s’est vu déployé dans l’ensemble du Moyen-Orient, en Iran, Palestine, Soudan, Syrie et de façon moindre en Egypte et Arabie Saoudite et Liban. C’est dire si le sujet est sensible. Il aurait collecté et également supprimé de nombreuses données confidentielles (documents, copies d’écrans, enregistrements audio ou encore trafic).

Meet 'Flame', The Massive Spy Malware Infiltrating Iranian Computers | Threat Level. Map showing the number and geographical location of Flame infections detected by Kaspersky Lab on customer machines. Courtesy of Kaspersky A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation. The malware, discovered by Russia-based antivirus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.

Dubbed “Flame” by Kaspersky, the malicious code dwarfs Stuxnet in size — the groundbreaking infrastructure-sabotaging malware that is believed to have wreaked havoc on Iran’s nuclear program in 2009 and 2010. Kaspersky Lab is calling it “one of the most complex threats ever discovered.” Mikko Hypponen: Fighting viruses, defending the net. The long arm of Microsoft tries taking down Zeus botnets | Deep Tech. Microsoft and financial services organizations, with an escort of U.S. Marshals, seized command-and-control servers Friday to take down botnets allegedly used to steal more than $100 million using an estimated 13 million computers infected with the Zeus malware. After raids in Scranton, Pa., and Lombard, Ill., "some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide," Microsoft announced Sunday night in a post by Richard Domingues Boscovich, senior attorney with Microsoft's Digital Crimes Unit.

The defendants allegedly installed the Zeus malware and close relatives called Ice-IX and SpyEye onto victims' computers, according to a lawsuit filed against the alleged Zeus botnet creators and operators last week. (See below for the full suit.) To take down the operation, Microsoft also took over Internet traffic that had been used to operate 3,357 botnets, according to the court's temporary restraining order. The seizure was made when the U.S. Analysis of Spear-Phishing File. The following is guest post courtesy of Ned Moran of the Shadowserver Foundation.

This post is a technical analysis of the malware used in a spear phishing attack targeting those interested in ICS security . Dale was kind enough to share a copy of the spear phishing email that he posted about here. This spear phish contained a link to a zip file hosted at The downloaded zip file had the following properties: File: Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.zip Size: 1886505 This archive contained an executable with the following properties: File: Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe Size: 2192363 When executed in a lab environment this executable installed a Trojan downloader with the following properties: File: spoolsvr.exe Size: 73728 Path: C:\Documents and Settings\Administrator\Local Settings\Temp\spoolsvr.exe As shown by this VirusTotal report, this downloader was only detected by 7 of 42 antivirus products.

Un botnet pour les n00bs. On s'imagine souvent que les propriétaires de Botnets qui ont le contrôle sur des milliers d'ordinateurs à travers le monde, pour envoyer des spams, voler des mots de passe ou lancer des attaques Ddos, sont des petits génies informatiques ou des mafieux planqués dans l'arrière boutique d'un cybercafé au fin fond de la Chine ou de la Russie. Mais c'est faux, car chacun peut être à la tête de son propre réseau de Botnet, sans aucune connaissance, ni gros budget.

La preuve avec Aldi Bot, un malware vendu moins de 10 € dans les coins les plus obscurs du net, qui permet à son propriétaire de construire patiemment son réseau de botnet. Aldi Bot v2.0 permet de lancer des attaques Ddos, d'utiliser la machine d'une victime comme un proxy, de voler les mots de passes stockés par Firefox, JDownloader et Pidgin, ou encore d'exécuter à distance n'importe quel binaire. Le créateur de ce "botnet maker" propose même un pack avec assistance à distance pour les acheteurs. [Source et Photo] Botnet TDL4. Botnet TDL4 Cette news m'a fasciné...

La société Kaspersky a mis au jour un réseau de botnet du nom de TDL4 (ou TDSS) de plus de 4,5 millions de machines. D'après l'éditeur d'antivirus, TDL4 a véritablement été conçu pour régner en maitre sur ses machines grâce à : Un système d'affiliation qui permet de rémunérer les gens qui installent (volontairement) ce malware sur les machines d'autres personnes (pas vraiment au courant). Ça rapporterait entre 20 et 200$ pour les 1000 installs. Bref, un beau petit joujou qui fait mal et qui est réparti dans les pays de la manière suivante : TDL4 est utilisé pour collecter des données personnelles (accès à des serveurs, n° de carte de crédit, vol d'identité...etc) mais aussi pour lancer des attaques Ddos...etc.

Pfiou ! [Source] Vous avez aimé cet article ? Location d’un botnet – Combien ça coute ? Une étude menée par Verisign (iDefense Intelligence Operations Team) a permis d'estimer le cout moyen de location d'un botnet. Pour résumer, un botnet est un essaim de milliers d'ordinateurs sous le contrôle d'une seule crapule, qui permet d'envoyer du spam ou encore d'attaquer des sites en les surchargeant (via Ddos).

Et ce "petit service" coûte en moyenne 9 $ l'heure ou 67 $ les 24h. L'étude a porté sur 25 botnets donc les chiffres sont à prendre avec des pincettes car cela dépend surtout du nombre d'ordinateurs présents dans le botnet. Il est possible de tout louer ou juste une partie et les prix se pratiquent très souvent à la tête du client. Pas cher quand même, non ? Evidemment, les propriétaires de botnet en plus de se faire de la thune avec ça, s'amusent à extorquer de l'argent à ceux qu'ils ciblent en échange de l'arrêt des hostilités, et leurs proposent même parfois 30% de réduction si l'attaqué veut se venger.

Voici un exemple d'extorsion : “Hello. [Source et photo]