Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 39

Thread: Pandemic of the botnets 2012 ...

  1. #21
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Flashback botnet checker...

    FYI...

    Flashback botnet checker ...
    - http://atlas.arbor.net/briefs/index#-1335098248
    April 09, 2012 - "This resource allows a manual pasting of a OSX systems unique identifier into a form that will show if that machine is part of the Flashback botnet.
    Analysis: This tool is provided by Dr. Web who first published details on the OSX Flashback infections. It does not scale well but allows for manual checking and can be helpful for end users."
    Source: http://public.dev.drweb.com/april/
    "Dear Mac OS user..."

    - http://atlas.arbor.net/briefs/index#-824346427
    April 09, 2012
    ___

    Symantec OSX.Flashback.K Removal Tool
    - http://www.symantec.com/security_res...041214-1825-99
    April 12, 2012

    F-secure Flashback Removal Tool
    - http://www.f-secure.com/weblog/archi...ackRemoval.zip
    "... tool linked above has been updated April 12th..."

    Infection by OSX version - chart
    - https://www.f-secure.com/weblog/arch...OSXVerions.png

    > http://forums.spybot.info/showpost.p...3&postcount=44
    April 12, 2012

    Last edited by AplusWebMaster; 2012-04-24 at 16:26.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #22
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Flashback numbers -not- going down...

    FYI...

    Flashback numbers -not- going down - still over half a million
    - http://www.h-online.com/security/new...ew=zoom;zoom=1
    Graphic - 24 April 2012

    - http://www.intego.com/mac-security-b...hout-password/
    April 23, 2012

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #23
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Google: infected users affected by the DNSChanger malware ...

    FYI...

    Google: infected users affected by the DNSChanger malware
    - http://googleonlinesecurity.blogspot...nschanger.html
    May 22, 2012 - "Starting today we’re undertaking an effort to notify roughly half a million people whose computers or home routers are infected with a well-publicized form of malware known as DNSChanger. After successfully alerting a million users last summer to a different type of malware, we’ve replicated this method and have started showing warnings via a special message* that will appear at the top of the Google search results page for users with affected devices...
    * http://4.bp.blogspot.com/-EY9pz56oz_...er+warning.png
    ... Our goal with this notification is to raise awareness of DNSChanger among affected users. We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results. While we expect to notify over 500,000 users within a week, we realize we won’t reach every affected user. Some ISPs have been taking their own actions, a few of which will prevent our warning from being displayed on affected devices. We also can’t guarantee that our recommendations will always clean infected devices completely, so some users may need to seek additional help. These conditions aside, if more devices are cleaned and steps are taken to better secure the machines against further abuse, the notification effort will be well worth it."
    ___

    DNS Changer Eye Chart:
    >> http://www.dcwg.org/detect/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #24
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Zbot relentless - Anti-emulations ...

    FYI...

    Zbot relentless - Anti-emulations
    - http://www.symantec.com/connect/blog...nti-emulations
    July 3, 2012 - "A couple of months ago, Microsoft took out some Trojan.Zbot servers across the world. The impact was short-lived. Even though for a span of about two weeks, we saw virtually no Trojan.Zbot activity, relentless Trojan.Zbot activity has resumed — with some added new social-engineering techniques as well as some new techniques to help Trojan.Zbot avoid antivirus detection... The effort that has been made by the Trojan.Zbot malware writers is not limited to one, or even a couple of techniques. In most malware variants there are many simple or complicated techniques to help avoid detection... These techniques are part of ever-evolving malware techniques, especially from professional malware writers who invest a large amount of time researching new techniques to -evade- antivirus detection..."

    Botnet infections in the enterprise
    - http://atlas.arbor.net/briefs/index#730205984
    July 03, 2012
    The scope and costs of botnet infections require a change in tactics.
    Analysis: While automation is critical, automated security systems such as IDS's, firewalls, vulnerability scanning solutions, etc. are -not- a fool-proof solution and must be augmented and run by skilled practitioners. Attackers know how to bypass many security systems, and without skilled practitioners in the loop, this trend will continue...

    Last edited by AplusWebMaster; 2012-07-04 at 04:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #25
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy DNSchanger shutdown ...

    FYI...

    DNSchanger shutdown ...
    - http://www.theregister.co.uk/2012/07...tnet_shutdown/
    5 July 2012 - "An estimated 300,000 computer connections are going to get scrambled when the FBI turns off the command and control servers for the DNSChanger botnet on Monday...
    DNSChanger reroutes DNS requests to its own servers and then pushes scareware and advertising to infected machines. Shutting it down, however, will leave computers unable to access websites and email properly without a fix being applied. The FBI had been due to shut down DNSChanger in March, but left it up for an extra three months to allow more time for users to disinfect their systems. Companies and governments have made a big effort to clean systems with the help of the DNS Changer Working Group (DCWG)*, which was set up by security experts to manage the problems. But according to the latest DCWG data, there are still 303,867 infected systems out there..."

    * http://www.dcwg.org/detect/
    "... quick way to determine if you are infected with DNS Changer. Each site is designed for any normal computer user to browse to a link, follow the instructions, and see if they might be infected. Each site has instructions in their local languages on the next steps to clean up possible infections..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #26
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Grum botnet takedown

    FYI...

    Grum botnet takedown ...
    - http://blog.fireeye.com/research/201...fe-havens.html
    2012.07.18 - "... the Grum botnet has finally been knocked down. All the known command and control (CnC) servers are dead, leaving their zombies orphaned... According to data coming from Spamhaus, on average, they used to see around 120,000 Grum IP addresses sending spam each day, but after the takedown, this number has reduced to 21,505. I hope that once the spam templates expire, the rest of the spam with fade away as well..."

    - http://h-online.com/-1647692
    19 July 2012 - "... The botnet is believed to have been responsible for as much as 18% of total global spam, which amounts to approximately 18 billion messages a day..."

    Spam Stats
    - https://www.trustwave.com/support/la...statistics.asp
    Week ending July 22, 2012

    Last edited by AplusWebMaster; 2012-07-23 at 16:41.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #27
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down APTs more prolific ...

    FYI...

    APTs more prolific ...
    - http://www.darkreading.com/taxonomy/...e/id/240004827
    Aug 02, 2012 - "... cyberespionage malware and activity is far more prolific than imagined: (Joe Stewart - Dell Secureworks) has discovered some 200 different families of custom malware used to spy and steal intellectual property, with hundreds of attackers in just two groups out of Shanghai and Beijing... Stewart also unearthed a private security firm located in Asia - not in China - that is waging a targeted attack against another country's military operations, as well as spying on U.S. and European companies and its own country's journalists. He declined to provide details on the firm or its country of origin, but confirmed it's based in a nation that's "friendly" with the U.S... Stewart plans to continue hunting down APT attackers... The full report is here*."
    * http://www.secureworks.com/research/...s/chasing_apt/
    23 July 2012 - "... tracking numerous digital elements involved in cyber-espionage activity:
    • More than 200 unique families of -custom- malware used in cyber-espionage campaigns.
    • More than 1,100 domain names registered by cyber-espionage actors for use in hosting malware C2s or spearphishing.
    • Nearly 20,000 subdomains of the 1,100 domains (plus a significant number of dynamic DNS domains) are used for malware C2 resolution.
    This quantity of elements rivals many large conventional cybercrime operations. However, unlike the largest cybercrime networks that can contain millions of infected computers in a single botnet, cyber-espionage encompasses tens of thousands of infected computers spread across hundreds of botnets, each of which may only control a few to a few hundred computers at a time. Therefore, each time an "APT botnet" is discovered, it tends to look like a fairly small-scale operation. But this illusion belies the fact that for every APT botnet that is discovered and publicized, hundreds more continue to lie undetected on thousands of networks..."
    (More detail at the Secureworks URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #28
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Godaddy DDoS attack in progress

    FYI...

    Godaddy DDoS attack in progress
    - https://isc.sans.edu/diary.html?storyid=14062
    Last Updated: 2012-09-10 21:39:54 UTC ...(Version: 2)
    Update: GoDaddy appears to make some progress getting services back online. The web site is responding again. DNS queries appear to be still timing out and logins into the site fail. (17:30 ET) GoDaddy is currently experiencing a massive DDoS attack. "Anonymous" was quick to claim responsibility, but at this point, there has been no confirmation from GoDaddy. GoDaddy only stated via twitter: "Status Alert: Hey, all. We're aware of the trouble people are having with our site. We're working on it." The outage appears to affect the entire range of GoDaddy hosted services, including DNS*, Websites and E-Mail. You may experience issues connecting to sites that use these services (for example our DShield.org domain is hosted with GoDaddy)..."

    * Alternate DNS: http://208.69.38.205/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #29
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post GoDaddy's network status ...

    GoDaddy's network status:
    - http://support.godaddy.com/system-alerts/

    "Recently Resolved Issues
    Resolved September 10, 2012 at 6:41 PM
    ... Known Issues
    Updated:
    06:22 MST
    No issues to report"
    ___

    - https://www.godaddy.com/newscenter/r...ws_item_id=410
    "... We have determined the service outage was due to a series of internal network events that corrupted router data tables... We have implemented measures to prevent this from occurring again. At no time was any customer data at risk or were any of our systems compromised...
    - Scott Wagner Go Daddy CEO"

    .
    Last edited by AplusWebMaster; 2012-09-11 at 22:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #30
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Nitol botnet takedown

    FYI...

    Nitol botnet takedown
    - https://blogs.technet.com/b/microsof...edirected=true
    13 Sep 2012 - "... the U.S. District Court for the Eastern District of Virginia granted Microsoft’s Digital Crimes Unit permission to disrupt more than 500 different strains of malware with the potential for targeting millions of innocent people. Codenamed “Operation b70,” this legal action and technical disruption proceeded from a Microsoft study which found that cybercriminals infiltrate unsecure supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people’s computers. In disrupting these malware strains, we helped significantly limit the spread of the developing Nitol botnet... On Sept. 10, the court granted Microsoft’s request for an ex parte temporary restraining order against Peng Yong, his company and other John Does. The order allows Microsoft to host the 3322 .org domain, which hosted the Nitol botnet, through Microsoft’s newly created domain name system (DNS). This system enables Microsoft to block operation of the Nitol botnet and nearly 70,000 other malicious subdomains hosted on the 3322 .org domain, while allowing all other traffic for the legitimate subdomains to operate without disruption. This action will significantly reduce the impact of the menacing and disturbing threats associated with Nitol and the 3322 .org domain, and will help rescue people’s computers from the control of this malware... Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware; today’s action is a step toward preventing that... If you believe your computer might be infected with malware, we encourage you to visit http://support.microsoft.com/botnets as this site offers free information and tools to analyze and clean your computer..."

    - https://krebsonsecurity.com/2012/09/...-infected-pcs/
    Sep 19, 2012 - "... Microsoft said that within hours of the takeover order being granted, it saw more than 35 million unique Internet addresses phoning home to those 70,000 malicious domains... graphic* provided by Microsoft..."
    * https://krebsonsecurity.com/wp-conte...09/mal3322.png
    ___

    - https://blog.damballa.com/archives/1806
    Sep 13, 2012 - "... Nitol... employs multiple domains from several free dynamic DNS providers, including -other- four-digit .ORG domain services such as 6600 .org, 7766 .org, 2288 .org and 8866 .org..."

    (Highly recommend blocking those addresses also, if you haven't already.)

    Last edited by AplusWebMaster; 2012-09-19 at 21:25.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •