We recently received a sample of the bot client that was used by hacker group Lulzsec Brazil in conducting distributed denial-of-service (DDoS) attacks against Brazilian websites. Those affected included the websites of both the Brazilian government and the president. The said attack is not the first of its kind from the group, as the main LulzSec hacking group reportedly attacked other sites, including those of the U.K. Serious Organized Crime Agency, the U.S. Senate, and Sony.
The Lulzsec hacking group ...
We came across the latest SpyEye control panels, CN1 and SYN1. The main control panel CN1 looks a bit different from previous versions. Some of the buttons' names changed. In addition, a Logs button was included so the bot master can view or clear logs (e.g., debug.log, error.log, and tasks.log) created using the SpyEye toolkit.
Accessing the Create Task panel, we can clearly see the modifications the SpyEye author made. This time, users can create a task by selecting a file and choosing three ...
The Mariposa botnet made headlines when three of its alleged operators were arrested in Spain prior to its supposed shutdown. This was followed by a sudden and drastic decrease in Mariposa-related incidents, which was very understandable because the botnet was reported to have already been taken down.
Lately, however, we've been seeing a strange increase in activity related to WORM_PALEVO—the Trend Micro detection name for malware related to the Mariposa botnet. The increase started late in the fourth quarter of 2010.
It seems that despite the Mariposa ...
We're currently monitoring a still-ongoing mass compromise involving a great number of websites. The compromised sites have been injected with a malicious script that triggers redirects to certain URLs that lead to malware such as FAKEAV.
Based on Google searches, there is no common denominator in terms of the industry to which the compromised sites belong. We saw compromised websites related to astronomy, clubs, hospitals, sports, funeral homes, electronics, and others.
More URLs Involved
Investigations revealed that five URLs were used for the attack and ...
In February 2011, we successfully collaborated with CDMON, a registrar, to gain control of a ZeuS botnet command-and-control (C&C) server, thereby rendering it ineffective. Our success gave us the opportunity to capture valuable research information about the bot (compromised computer) types under its control.
ZeuS is a notorious crimeware toolkit that is prolifically used by cybercriminals to instigate monetary and online banking information theft.
ZeuS does not, however, refer to a single botnet. Instead, it refers to a collection of botnets created ...
