Compromised (zombie) machines?
I think you mean Compromised (windows) machines.
Cybercrooks have adapted to the takedown of rogue ISPs by building more resilient botnets. An annual security survey by MessageLabs found that the already high level of spam reached 87.7 per cent of email traffic during 2009, with highs and lows of 90.4 percent in May and 73.3 percent in February respectively. Junk volumes …
Sorry, but I just had to allude to the whole "why write virus code for a low percentage population" argument. Personally, an apache-attacking linux virus would be nice to have IMHO, due to high bandwidth and always-on status.
I await the day when Linux (or OSX heaven forbid) take 80+% market share and Windows is able to take the Apple-stance of "Look at me! No viruses to worry about! [because we're insignificant]"
A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.
The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.
It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.
The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear.
What's worse, EnemyBot's core source code, minus its exploits, can be found on GitHub, so any miscreant can use the malware to start crafting their own outbreaks of this software nasty.
The group behind EnemyBot is Keksec, a collection of experienced developers, also known as Nero and Freakout, that have been around since 2016 and have launched a number of Linux- and Windows-based bots capable of launching distributed denial-of-service (DDoS) attacks and possibly mining cryptocurrency. Securonix first wrote about EnemyBot in March.
Something for the Weekend WE BRING ENGLISH TO YOUR FEET! reads the email.
That's nice. I knew I was lacking something in the footwear department. A fine pair of bobby dazzlers, no doubt.
No, that can't be right. Let me run it through another translation app. Ah, how about this?
Microsoft has sounded the alarm on DDoS malware called XorDdos that targets Linux endpoints and servers.
The trojan, first discovered in 2014 by security research group MalwareMustDie, was named after its use of XOR-based encryption and the fact that is amasses botnets to carry out distributed denial-of-service attacks. Over the last six months, Microsoft threat researchers say they've witnessed a 254 percent spike in the malware's activity.
"XorDdos depicts the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things (IoT) devices," Redmond warned.
Automaker General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts.
Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.
In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.
What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).
Elon Musk said his bid to acquire and privatize Twitter "cannot move forward" until the social network proves its claim that fake bot accounts make up less than five per cent of all users.
The world's richest meme lord formally launched efforts to take over Twitter last month after buying a 9.2 per cent stake in the biz. He declined an offer to join the board of directors, only to return asking if he could buy the social media platform outright at $54.20 per share. Twitter's board resisted Musk's plans at first, installing a "poison pill" to hamper a hostile takeover before accepting the deal, worth over $44 billion.
But then it appears Musk spotted something in Twitter's latest filing to America's financial watchdog, the SEC. The paperwork asserted that "fewer than five percent" of Twitter's monetizable daily active users (mDAUs) in the first quarter of 2022 were fake or spammer accounts, which Musk objected to: he felt that figure should be a lot higher. He had earlier proclaimed that ridding Twitter of spam bots was a priority for him, post-takeover.
A prolific threat group known for deploying distributed denial-of-service (DDoS) and cryptomining attacks is running a new botnet that is built using the Linux-based Gafgyt source code along with some code from the Mirai botnet malware.
The group Keksec (also known as Nero and Freakout) is using the fast-evolving Enemybot to target routers from vendors like Seowon Intech and D-Link and is exploiting a remote code execution (RCE) vulnerability (CVE-2022-27226) discovered last month in iRZ mobile routers, according to a report this week by Fortinet's FortiGuard Labs team.
Keksec is using the Enemybot malware as a classic botnet, rolling up compromised Internet of Things (IoT) devices into a larger botnet that can be used to launch DDoS attacks.
More than a year after essentially being shut down, the notorious Emotet malware operation is showing a strong resurgence.
In a March threat index, Check Point researchers put the Windows software nasty at the top of its list as the most widely deployed malware, menacing or infecting as much as 10 percent of organizations around the globe during the month – a seemingly unbelievable estimate, and apparently double that of February.
Now Kaspersky Labs says a rapidly accelerating and complex spam email campaign is enticing marks with fraudulent messages designed to trick one into unpacking and installing Emotet or Qbot malware that can steal information, collect data on a compromised corporate network, and move laterally through the network and install ransomware or other trojans on networked devices.
Microsoft has announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang has been using to spread the remote-control malware and orchestrate infected machines.
The tech giant's Digital Crimes Unit obtained a court order from a US federal judge in Georgia to take down the domains, which are now directed to a Microsoft-controlled sinkhole so they can't be used by the malware's masterminds to communicate with their botnet of commandeered Windows computers.
From what we can tell from the filings submitted by Microsoft to the courts, its justification for the seizure is that ZLoader used the domains to injure the Windows giant as well as residents of the US state and commit computer fraud, infringement of Microsoft trademarks, and other illegal activity. The trademark infringement being that at least one of the domains was used for a website that featured Microsoft trademarks in an attempt to masquerade as a legit Redmond site, and also references in phishing emails to Microsoft-trademarked programs, such as Excel.
Biting the hand that feeds IT © 1998–2022