botnet | Breaking Cybersecurity News | The Hacker News

ZeuS , or Zbot is one of the oldest families of financial malware , it is a Trojan horse capable to carry out various malicious and criminal tasks and is often used to steal banking information. It is distributed to a wide audience, primarily through infected web pages, spam campaigns and drive-by downloads. Earlier this month, Comodo AV labs identified a dangerous variant of ZeuS Banking Trojan which is signed by stolen Digital Certificate belonging to Microsoft Developer to avoid detection from Web browsers and anti-virus systems.  FREE! FREE! ZeuS BRINGS ROOTKIT UPDATE Recently, the security researcher, Kan Chen at Fortinet has found that P2P Zeus botnet is updating its bots/infected systems with updates version that has the capability to drop a rootkit into infected systems and hides the trojan to prevent the removal of malicious files and registry entries. The new variant also double check for the earlier installed version (0x38) of ZeuS trojan on the infecte

An application layer or 'layer 7' distributed denial of service ( DDoS ) attacks is one of the most complicated web attack that disguised to look like legitimate traffic but targets specific areas of a website, making it even more difficult to detect and mitigate. Just Yesterday Cloud-based security service provider ' Incapsula ' detected a unique application layer DDoS attack, carried out using traffic hijacking techniques. DDoS attack flooded one of their client with over 20 million GET requests, originating from browsers of over 22,000 Internet users. What makes this case especially interesting is the fact that the attack was enabled by persistent XSS vulnerability in one of the world's largest and most popular site - one of the domains on Alexa's " Top 50 " list. XSS  vulnerability  to Large-Scale DDoS Attack Incapsula has not disclosed the name of vulnerable website for security reasons, but mentioned it as a high profile video content provider

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Again the sophisticated piece of malware, " njRAT " has come to picture targeting the government agencies and organizations in the Middle East, according to the research carried out by Symantec security researchers. The researchers analyzed 721 samples of malicious code ' njRAT ' and revealed that a large number of about 24,000 infected computers worldwide were targeted by the malware infections with 542 control-and-command (C&C) server domain names. njRAT is not a new piece of malware in the market, it is available since June 2013. Till now its three variants have been released and all of which can be propagated through infected USB keys or networked drives. njRAT is a Remote Access Trojan (RAT) intensive in its data-stealing capabilities. In addition to log keystrokes, the malware is capable to access the victim's camera, steal credentials stored in browsers, upload and download files, perform process and file manipulations, view the victim's desktop. Thi

The devices are becoming smarter, therefore the chances to abuse them have increased. As the share of Android has become 87% in the global Smartphone market, so the Android is by far an elementary target of the mobile malware developers. The number of malware variants has increased rapidly and today 99 out of 100 mobile viruses are targeting Android Devices. Most of the sophisticated malware has the capability to steal keylogs , send text messages to the premium numbers, steal personal data without requesting permission from the device user, also have the caliber to modify SMS and MMS messages and contacts.  Mobile Malware can modify or steal the content stored on your device's SD card and some advance botnet  malware even can give complete remote control of your device to an attacker. DENDROID Beginning this month, we warned our readers from one such sophisticated android malware toolkit discovered by the Symantec researchers that dubbed as ' Dendroid ', which runs on HTTP prot

Defending and Analysis of online threats and malwares   have become more challenging nowadays and especially for larger businesses like the popular social networking site - Facebook. To encounter malware, phishing, and other online threats, Facebook has taken an important step forward. Facebook has unveiled its latest security-focused platform, dubbed as ' ThreatData ', which is a framework that aims to standardize its methods for collecting and analyzing data. The ThreatData framework is implemented to import information about the various online threats, malware, phishing and other internet risks, then storing it proficiently for real-time and long-term analysis as well. It consists of three high level components i.e. Feeds, Data storage, and Real-time response. FEEDS:  Feeds will collect data from a distinct source and implement them via a lightweight interface. " Here are some examples of feeds we have implemented: Malware file hashes from VirusTotal; Malicious

Zeus Trojan is one of the most popular families of Banking Trojan, which was also used in a targeted malware campaign against a Salesforce.com customer at the end of the last month and researchers found that the new variant of Zeus Trojan has web crawling capabilities that are used to grab sensitive business data from that customer's CRM instance. 'GameOver' Banking Trojan is also a variant of Zeus financial malware that spreads via phishing emails. GameOver Zeus Trojan makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet , which involves multiple computers flooding the financial institution's server with traffic in an effort to deny legitimate users access to the site. TAREGET - EMPLOYMENT WEBSITES Now, a new variant of GameOver Zeus Trojan has been spotted, targeting users of popular employment websites with social engineering attacks , implemented t

Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. But it also has the Dark side, as Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities by making themselves anonymous. Kaspersky security researcher reported that Tor network is currently being used to hide 900 botnet and other illegal hidden services, through its 5,500 plus nodes i.e. Server relays and 1,000 exit nodes i.e. Servers from which traffic emerges. These days, Cyber criminals are hosting malware's Command-and-control server on an anonymous Tor network to evade detection i.e., difficult to identify or eliminate. Illegal use of the Tor network boosted up after the launch of the most popular underground Drug Market - Silk road  that also offered arms and malware to their users against Bitcoin , one of the popular crypto currency . ChewBacca , a point-

We use our Smartphone devices to do almost everything, from Internet Banking to Sharing private files and at the same pace, the mobile malware sector is also growing. The number of variants of malicious software aimed at mobile devices has reportedly risen about 185% in less than a year.  Security researchers have observed a growth in the numbers of computer malware families starting to use TOR-based communications, but recently the Security Researchers at anti-virus firm Kaspersky Lab have spotted  the world's first Tor-Based Malware for Android Operating system. The Android Malware dubbed as ' Backdoor. AndroidOS .Torec.a ', using Tor hidden service protocol for stealth communication with Command-and-Control servers. Researchers detected that the Trojan is running from .Onion Tor domain and working on the functionality of an open source Tor client for Android mobile devices, called ' Orbot ', thus eliminating the threat of the botnet being de

The Major US Financial institution, Bank of America is being targeted by a stealthy malicious financial malware campaign, according to AppRiver report. Last month the researchers at AppRiver has noticed enormous volumes of traffic through their data centers, with the peaks of traffic reaching three or four times than their normal network traffic.  They caught and blocked a malware campaign that was using the new and novel tactics designed specifically to beat the filtering engines. Last Wednesday the company experienced huge spam traffic i.e. 10 to 12 times the normal amount of their normal routine traffic. " These spikes have been driven by a tremendous increase in the number of incoming messages being sent with viruses attached. " and some user experienced delays in sending and receiving mail. They found the malware campaign, distributing a Financial Trojan designed to target, the Bank of America customers, known as ' Bredo virus ', capable of stealing informa

The year begins with the number of new variants of malware that were discovered by various security researchers. The new variants are more complex, sophisticated and mostly undetectable. Two years back in 2012, the FBI warned us about the ' GameOver ' banking Trojan, a variant of Zeus financial malware that spreads via phishing emails. GameOver makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution's server with traffic in an effort to deny legitimate users access to the site. But that wasn't the end; a new variant of the same family of banking Trojan has been discovered by researchers that are being delivered by cyber criminals to users' machines, making it easier for the banking malware to evade detection and steal victim's banking credentials. Malcovery's Gary Warner explains

These days botnets are all over the news. In simple terms, a botnet is a group of computers networked together, running a piece of malicious software that allows them to be controlled by a remote attacker. A major target for most of the malware is still Windows, but the growing market of Mac OS X, Linux and Smartphones, is also giving a solid reason to cyber criminals to focus. Recently, Kaspersky Lab has detected another cross-platform Java-Bot , capable of infecting computers running Windows, Mac OS X, and Linux that has Java Runtime Environment installed. Last year, Zoltan Balazs - CTO at MRG Effitas submitted the samples of malicious Java application for analysis to Kaspersky Lab and they identified it as HEUR : Backdoor.Java.Agent.a . According to researchers, to compromise computers, Java-Bot is exploiting a previously known critical Java vulnerability CVE-2013-2465 that was patched in last June. The vulnerability persists in Java 7 u21 and earlier vers

A New day begins with a Cup of Coffee and with new massive Data Breach News. This time in Germany, the Digital identities of about 16 million online users had been stolen, and posing a risk to their accounts linked to social media and other services. Federal Office for Information Security (BSI) discovered a security breach after running an analysis of the botnet network of computers infected with malware . The compromised accounts have email addresses as their username and also the passwords were stolen, that could also be sold to spammers and people looking to " phish " account holders. Until now it hasn't been known that how and when the analysis was carried out and who exactly were involved behind this massive data breach, as the BSI refused to give details on the source of the information. Authorities have set up a German-language website which allows users to enter their email address and check whether their email accounts are compromised or not.

In October 2013, Microsoft adopted a silent, offensive method to tackle infection due to a Tor-based botnet malware called ' Sefnit '. In an effort to takedown of the Sefnit botnet to protect windows users, Microsoft r emotely removes the older versions of installed Tor Browser software and infection from 2 Million systems, even without the knowledge of the system's owner. Last year in August, after Snowden revelations about the National Security Agency's ( NSA ) Spying programs, the Internet users were under fear of being spied. During the same time Tor Project leaders noticed almost 600% increase in the number of users over the anonymizing networks of Tor i.e. More than 600,000 users join Tor within few weeks. In September, researchers identified the major reason of increased Tor users i.e. A Tor-based botnet called ' Sefnit malware ', which was infecting millions of computers for click fraud and bitcoin mining. To achieve the maximum number

Have you given shed to Zombies in your house? No???? May be you have no idea about it. After Computers, Servers, Routers, Mobiles, Tablets…. Now its turn of your home appliances to be a weapon or a victim of cyber war. Recently Security Researchers from Proofpoint  found more than 100,000 Smart TVs, Refrigerator, and other smart household appliances compromised by hackers to send out 750,000 malicious spam emails. As the ' Internet of Things ' becoming smart and popular it became an easy weapon for cyber criminals to launch large scale of cyber attacks. " The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide." Previously, such attacks were only drafted theoretically by researchers, but this is the first such proven attack involved smart household appliances that are used as ' thingB

Data breaches and security incidents are a constant in the headlines these days. Hackers and cyber criminals   are motivated by status or money and finding new innovative and more creative attacks to achieve this. One of them are, Digital Bank robbery  - where the thieves didn't need masks and guns to pull off the job, all they need are - Hacking Skills, a computer and the Internet. Another way is  Cyber extortion  - threat of attack against an enterprise or a bank, coupled with a demand for money to avert or stop the attack. According to Haaretz news, A Hacker - who is the operator of a biggest botnet malware network in the Israel, has threatens 3 major Israeli banks, i.e. Israel Discount Bank, Bank Yahav and the First International Bank of Israel. " Bank received an e-mail message threatening that unless they handed over a certain sum in Bitcoins by the end of next week, a list of customers' details would be given to hostile elements. " Banks database, network an

Cyber Criminal activity associated with the financial Trojan programs has increased rapidly during the past few months. However, the Tor -based architecture is the favorite one with online criminals, to hide their bots and the botnet's Command-and-Control real location from the security researchers. Security Researchers at anti-virus firm  Kaspersky Lab have discovered a new Tor-based  banking trojan , dubbed " ChewBacca " (" Trojan . Win32 . Fsysna . fej ")  , that steal banking credentials and hosted on a Tor . onion domain. This protects the location of a server as well as the identity of the owner in most cases. Still there are drawbacks preventing many criminals from hosting their servers within Tor. Due to the overlay and structure, Tor is slower and timeouts are possible. Massive botnet activity may influence the whole network, as seen with Mevade, and therefore let researchers spot them more easily. ChewBacca   malware is not first that adopt Tor for

The German Federal Criminal Police Office (BKA) has arrested a gang of cyber criminals believed to be responsible for creating the Skynet Botnet. Skynet was first detected by Security Firm G DATA in December 2012. It is a variant of the famous Zeus malware to steal banking credentials with DDoS attack and Bitcoin mining capabilities. The Botnet was controlled from an Internet Relay Chat (IRC) server hidden behind Tor network in order to evade sinkholing. According to a press release from German police, they arrested two people suspected of illegally generating Bitcoins worth nearly $1 million using a modified version of existing malware i.e. Skynet Botnet. German police conducted raids earlier this week on 3rd December and found evidence of other hacking activities i.e. Fraud and distribution of copyrighted pornographic material. A third person is under suspicion but has not been arrested. However, Police didn't mention Skynet Botnet in their press release, but just a day