Following the shutdown of the Mariposa botnet recently, three alleged members of the group behind the said botnet were finally arrested last week by the Spanish Police, although they are still pursuing another suspect that may still be at large somewhere in South America. The Mariposa botnet was one of the largest botnets to date. It was reportedly responsible for attacking millions of businesses around the world, including Fortune 1000 companies, in a mission to steal online banking, business, and personal ...

As the security industry evolves, underground cybercriminals are constantly looking for ways to counter the technology challenges presented to them. I recently found out that the bad guys have begun offering services to track the blacklisting of domain names through reputation checks. The number of “businesses” offering this type of service is growing and the service itself has now become semi-automated. This semi-automation can trace the list of requested domain names against the different Web reputation databases. The most recent service I studied is ...

Just when you think old-school network bots are dead, a group of cybercriminals revives them from them grave in the name of Chuck Norris. Dubbed the “Chuck Norris botnet,” based on the Italian comment in its source code, in nome di Chuck Norris (translation: “in the name of Chuck Norris”), this botnet infects vulnerable DSL modems and routers to spread a worm Trend Micro detects as WORM_IRCBOT.ABJ. This worm tries to gain access to a target router by guessing the router’s ...

There is a new bot in town and it seems that it has set out to rival the notorious ZBOT botnet. Trend Micro threat researchers recently came across a new spyware detected as TSPY_EYEBOT.A. Certain EYEBOT behaviors cause us to believe that this could lead to a new bot war similar to the worm wars we saw years back between NETSKY and MYDOOM. EYEBOT is still just a “newbie,” but should the ZBOT criminal minds choose to respond, there is some potential for a ...

The PUSHDO botnet has been in the news lately as the culprit in a distributed denial-of-service (DDoS) attack against a variety of well-known websites. Some publications even documented this recent attack extensively. After spending some months last year studying and monitoring the PUSHDO/CUTWAIL botnet and after checking the latest samples, we can affirm that this particular attack is not PUSHDO related. First off, PUSHDO variants are usually downloaders that often report to a command and control (C&C) server. The DDoS malware ...