botnet | Breaking Cybersecurity News | The Hacker News

In recent months the DDoS world has shifted from complex small scale Botnet attacks to much larger network based DDoS attacks , perpetrated largely by hijacked web servers. How many of these hijacked servers are out there remains to be seen. However, Incapsula recently got a very good idea of just how large these DDoS cannons are getting. Last Saturday Incapsula mitigated a rather small, 4Gbps DDoS attack, but this time it had a different pattern that attracted our attention. At first sight the attack seemed rather simple, generating 8 million DNS queries per second, to many domains, from spoofed IP addresses (using real domain name servers' IPs). But this time it included a hint about where it was coming from: all that traffic was coming from the same source. Probably on the same network, maybe even the same device. Tracing it to a single Source - TTL Giveaway Incapsula were able to trace the attack to a single source because this time the attackers slipped-u

Last April 7th the Anonymous collective hit the Israeli networks with a huge as historic offensive, for the first time an independent group of hackers declared war to a Governments to protest against its policy. Many web sites of the country were hit by DDoS attacks, the data on the event reported by Israel government are totally different from the information published by Anonymous that produced a report for #OpIsrael in which total damage are estimated of $3-plus billion. According security experts at TrendMicro the collective adopted various botnet coordinating large scale attacks, analyzing traffic directed to one of the targeted website, the researchers discovered that meanwhile usually more of 90% of the traffic is originated in Israel, during the attack almost the entire traffic was originated outside the country and internal connections have fallen to 9% as shown in the following chart: What is surprising is that TrendMicro discovered that many IP addre

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Cybercriminals, underground hacking communities, hacker's market and Exploit packs.... Russian  cyberspace is well known for such crazy hacking stuff. Recently, the original Carberp botnet developer   ring that stole millions from bank accounts worldwide has been arrested. According to a report from Russian newspaper, a group of 20 people who served as its malware development team, were arrested by the Sluzhba Bezpeky Ukrayiny and the Federalnaya sluzhba bezopasnosti Rossiyskoy Federatsii (federal security service of Russia, FSB) in cities around Ukraine. Over $250 million has been stolen by the members of the botnet ring, which had roughly 20 members aged between 25 and 30. " Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialized banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order to spread malware infectio

A new botnet emerged from underground and is menacing payment world, the cyber threat dubbed vSkimmer come from Russia according revelation of McAfee security firm .  The security expert Chintan Shah wrote on a blog post that during monitoring of Russian underground forum found a discussion about a Trojan for sale that can steal credit card information from Windows PC for financial transactions and credit card payments.  vSkimmer agent is able to detect card readers on the victim's machine and gather all the information from the Windows machines sending it to a remote control server encrypting it (Base64). The malware collects the following information from the infected machine and sends it to the control server: Machine GUID from the Registry Locale info Username Hostname OS version The vSkimmer malware indicated as the successor of the popular Dexter, a financial malware that targeted Point-of-Sale systems to grab card data as it transmitted during sales flow. Dexter

PokerAgent botnet was discovered in 2012 by ESET Security Research Lab, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats. According to  latest report , the botnet is still active mostly in Israel and 800 computers were infected, where over 16194 Facebook credentials stolen. The Trojan is active with many variants and belongs to MSIL/Agent.NKY family. ESET reveal that, the Trojan is coded in C# language and easy to decompile. After deep analyse, team found that the bot connects to the C&C server. On command, Trojan access the Facebook account of victim and collects the Zynga Poker stats and number of payment methods (i.e. credit cards) saved in the Facebook account. Once collected, information sent back to the C&C server. The Trojan is downloaded onto the system by another downloader component. This downloader component was seen on the

The mastermind Russian Hackers who coded and distributed the Gozi malware,  Nikita Vladimirovich Kuzmin , 25 was charged along with Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28 for infecting more than a million computers worldwide in order to steal banking and other credentials from tens of thousands of victims. They may face a maximum penalty of 95, 60 and 67 years in prison, respectively. Kuzmin allegedly created the Gozi program in 2005, hiring a programmer to write the source code and then leasing it to other criminal customers. According to latest reports , Nikita has agreed to cooperate with the United States. As potential evidence, the feds have been able to retrieve 51 servers in Romania as well as laptops, desktops and external hard drives. The data seized amounts to 250 terabytes. Paunescu, a Romanian national who went by the name " Virus " operated a bulletproof hosting service that provided criminal customers with servers and IP addresses from which to s

Every day we read about an incredible number of successful attacks and data breaches that exploited leak of authentication mechanisms practically in every sector. Often also critical control system are exposed on line protected only by a weak password, in many cases the default one of factory settings, wrong behavior related to the human component and absence of input validation makes many applications vulnerable to external attacks. Today I desire to focus the attention of a report published by the consulting firm's Deloitte titled " Technology, Media & Telecommunications Predictions 2013 " that provide a series of technology predictions, including the outlook for subscription TV services and enterprise social networks. The document correctly express great concern of the improper use of passwords that will continue also in 2013 being causes of many problems, it must to be considered that value of the information protected by passwords continues to grow attracting il

Last week, Happy Hacker   arrested in Thailand on charges of stealing millions from online bank accounts. According to new reports same hacker alleged as ZeuS Mastermind and used to have the profile of a miscreant nicknamed " bx1 ," a hacker fingered by Microsoft before as a major operator of botnets powered by the ZeuS banking trojan .  He remained smiling throughout a press conference in which Thai police explained that Thailand will seek to extradite Mr Bendelladj to the US state of Georgia, where a court has issued a warrant for his arrest. 24-year-old Algerian Hacker , Hamza Bendelladj   arrested at a Bangkok airport enroute from Malaysia to Egypt. The ZeuS botnet is one of the most notorious in existence, and it's also one that has earned its masters some pretty massive payouts. The Email ID's  daniel.h.b@universityofsutton.com , and danieldelcore@hotmail.com  mentioned by Microsoft in a complaint submitted to the U.S. District Court for the Eastern Distr

Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going "Operation Ababil." As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world's largest financial institutions (PNC, HSBC and Fifth Third Bank). At On the eve of the attack, this website sud

A new version of the Zeus botnet was used to steal about $47 million from European banking customers in the past year. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks. Dubbed "Eurograbber"  is more than just another banking Trojan. It's an exploitation of fundamental online banking authentication practices that could strike any institution. With the phone number and platform information, the attacker sends a text message to the victim's phone with a link to a site that downloads what it says is "encryption software" for the device. Customers become victims of Eurograbber by clicking on malicious links that may come in phishing-attack emails and then after injecting scripts to browser , the malware intercepts two-step authentication text messages sent to customers' phones. Customers at an estimated 30 banks fell vic

A new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website (gyalwarinpoche.com) dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal information. Mac in Danger ?  Earlier this spring, a Russian security firm discovered a trojan piece of malware which took advantage of a Java vulnerability on many computers, Macs and PCs alike. This trojan, known as "Flashback," was used to enlist some 600,000 infected computers into a botnet. Malware also provides an interface that allows attackers to download and execute additional malware. Dockster has been found to use the same exploit code as the previous SabPab virus to gain access through a backdoor. Dockster is also said to launch an agent called mac.dockset.deman, which restarts each time a user logs in to their Mac. Dockster is only the latest Mac-based threat to h

Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services range from one-time packages which cost just pennies to sophisticated packages and services which cost purchasers thousands of dollars per month. If you want to buy a botnet it will cost you somewhere in the region of $700. If you just want to hire someone else's botnet for an hour, though, it can cost as little as $2. There are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits. " As the Russian underground community continuously modifies targets and improves technologies, security companies and users must constantly face the challenge of effectively protecting their money and the information they store in their computers and other devices ," the

In march 2011 CERT-Georgia has Discovered Cyber Espionage Attack Incident on country of Georgia.  Advanced Malicious Software was Collecting Sensitive, Confidential Information about Georgian and American Security Documents and then uploading it to some of Command and Control Servers. After a challenging investigating by CERT-Georgia researchers they found that this attack was linked Russian Official Security Agencies, Moreover investigators was able to turn on the webcam of mastermind behind the malware and they caught him on camera. Hacker hack some Georgian news sites and inject " Georbot Botnet " behind that, after visiting that page most of the readers get infected and malware take control of their systems. Malware was able to send any file from the local hard drive to the remote server, Steal certificates, Record audio using the microphone and web cams,  Scan the local network to identify other hosts on the same network. Malware was also using  CVE-2010-0842, CVE-20

A hacker group " Kosova Hacker's Security " based in the Middle East take down Interpol website yesterday. According to claim of Hackers, they are doing this cyber attack on a law enforcement agency to show their protest against the controversial Anti-Islam film, Innocence of Muslims. According to the mail notification from Hackers, they claim to DDOS Interpol servers including DNS servers also with a Botnet army of 770 Bots. In more technical terms, hackers are DDOSing Interpol servers with 770 Bots and 65500 packets/second. Interpol website (  https://www.interpol.int/  ) server 193.22.7.16:80 and DNS server 193.22.7.80:53 was under attack by these hackers. At the time of writing this article, may be the website is working fine. On asking, How they got 770 Bots ? Hacker give a screenshot ( shown above ) of the Exploit pack they are using to infect computers and to make them slave of their Botnet weapon. Recently the six major American banks suffered de