The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for botnet

Beebone Botnet Taken Down By International Cybercrime Taskforce

Beebone Botnet Taken Down By International Cybercrime Taskforce

April 10, 2015Swati Khandelwal
U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide , allowing hackers to steal victims' banking information and other sensitive data. The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty Beebone (also known as AAEH ) botnet . What's a Botnet? A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. Basically, a "botnet" is a hacker's "robot" that does the malicious work directed by hackers. Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber weapon to carry out multiple crimes such as DDoS attacks
Europol Takes Down RAMNIT Botnet that Infected 3.2 Million Computers

Europol Takes Down RAMNIT Botnet that Infected 3.2 Million Computers

February 25, 2015Mohit Kumar
It seems like the world has declared war against the Cyber Criminals. In a recent update, we reported that FBI is offering $3 Million in Reward for the arrest of GameOver Zeus botnet mastermind, and meanwhile British cyber-police has taken down widely-spread RAMNIT botnet . The National Crime Agency (NCA) in a joint operation with Europol's European Cybercrime Centre (EC3) and law enforcement agencies from Germany, Italy, the Netherlands, and the United Kingdom has taken down the Ramnit "botnet", which has infected over 3.2 million computers worldwide, including 33,000 in the UK. Alike GameOver Zeus, RAMNIT is also a ' botnet ' - a network of zombie computers which operate under criminal control for malicious purposes like spreading viruses, sending out spam containing malicious links, and carrying out distributed denial of service attacks (DDoS) in order to bring down target websites. RAMNIT believes to spread malware via trustworthy links se
Hajime ‘Vigilante Botnet’ Growing Rapidly; Hijacks 300,000 IoT Devices Worldwide

Hajime 'Vigilante Botnet' Growing Rapidly; Hijacks 300,000 IoT Devices Worldwide

April 27, 2017Swati Khandelwal
Last week, we reported about a so-called 'vigilante hacker' who hacked into at least 10,000 vulnerable 'Internet of Things' devices, such as home routers and Internet-connected cameras, using a botnet malware in order to supposedly secure them. Now, that vigilante hacker has already trapped roughly 300,000 devices in an IoT botnet known as Hajime , according to a new report published Tuesday by Kaspersky Lab, and this number will rise with each day that passes by. The IoT botnet malware was emerged in October 2016, around the same time when the infamous Mirai botnet threatened the Internet last year with record-setting distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn. How the Hajime IoT Botnet Works Hajime botnet works much like Mirai by spreading itself via unsecured IoT devices that have open Telnet ports and uses default passwords and also uses the same list of username and password combinations that Mirai is programm
5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws

5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws

May 10, 2018Swati Khandelwal
Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use of the GPON exploit in the wild. As detailed in our previous post, Gigabit-capable Passive Optical Network (GPON) routers manufacturer by South Korea-based DASAN Zhone Solutions have been found vulnerable to an authentication bypass ( CVE-2018-10561 ) and a root-RCE ( CVE-2018-10562 ) flaws that eventually allow remote attackers to take full control of the device. Shortly after the details of the vulnerabilities went public, 360 Netlab researchers warned of threat actors exploiting both the flaws to hijack and add the vulnerable routers into their botnet malware networks. Now, the researche
Dark Nexus: A New Emerging IoT Botnet Malware Spotted in the Wild

Dark Nexus: A New Emerging IoT Botnet Malware Spotted in the Wild

April 08, 2020Ravie Lakshmanan
Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ' distributed denial-of-service ' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named "dark_nexus" by Bitdefender researchers, works by employing credential stuffing attacks against a variety of devices, such as routers (from Dasan Zhone, Dlink, and ASUS), video recorders, and thermal cameras, to co-opt them into the botnet. So far, dark_nexus comprises at least 1,372 bots, acting as a reverse proxy, spanning across various locations in China, South Korea, Thailand, Brazil, and Russia. "While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust," the researchers said . "For example, payloads are compiled for 12 different CPU architectures and dynamically deliver
Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet

Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet

December 13, 2017Mohit Kumar
The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world's biggest and most popular websites by launching the massive DDoS attacks last year. According to the federal court documents unsealed Tuesday, Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old Washington) and Dalton Norman (21-year-old from Louisiana) were indicted by an Alaska court last week on multiple charges for their role in massive cyber attacks conducted using Mirai botnet. Mirai is a piece of nasty IoT malware that scans for insecure routers, cameras, DVRs, and other Internet of Things devices which are still using their default passwords and then add them into a botnet network, which is then used to launch DDoS attacks on websites and Internet infrastructure. According to his plea agreement, Jha " conspired to conduct DDoS attacks against websites and web ho
To Protect Your Devices, A Hacker Wants to Hack You Before Someone Else Does

To Protect Your Devices, A Hacker Wants to Hack You Before Someone Else Does

April 19, 2017Swati Khandelwal
It should be noted that hacking a system for unauthorised access that does not belong to you is an illegal practice, no matter what's the actual intention behind it. Now I am pointing out this because reportedly someone, who has been labeled as a 'vigilante hacker' by media, is hacking into vulnerable 'Internet of Things' devices in order to supposedly secure them. This is not the first time when any hacker has shown vigilance, as we have seen lots of previous incidents in which hackers have used malware to compromise thousands of devices, but instead of hacking them, they forced owners to make them secure. Dubbed Hajime , the latest IoT botnet malware, used by the hacker, has already infected at least 10,000 home routers, Internet-connected cameras, and other smart devices. But reportedly, it's an attempt to wrestle their control from Mirai and other malicious threats. Mirai is an IoT botnet that threatened the Internet last year with record-sett
Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

November 03, 2016Swati Khandelwal
Note — We have published  an updated article on what really happened behind the alleged DDoS attack against Liberia using Mirai botnet. Someone is trying to take down the whole Internet of a country, and partially succeeded, by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware. It all started early October when a cyber criminal publicly released the source code of Mirai – a piece of nasty IoT malware designed to scan for insecure IoT devices and enslaves them into a botnet network, which is then used to launch DDoS attacks. Just two weeks ago, the Mirai IoT Botnet caused vast internet outage by launching massive DDoS attacks against DNS provider Dyn, and later it turns out that just 100,000 infected-IoT devices participated in the attacks. Experts believe that the future DDoS attack could reach 10 Tbps, which is enough to take down the whole Internet in any nation state. One such inciden
Microsoft botnet take down will not stop spam !

Microsoft botnet take down will not stop spam !

January 11, 2011Mohit Kumar
A prominent security researcher said he doubts Microsoft's take down of the Waledac botnet would have any impact on spam levels, as the company claimed. "Waledac just is not a hugely prolific spammer," said Joe Stewart, director of malware analysis at SecureWorks and a noted botnet researcher. "So I don't think it's going to affect spam [volume]. What it does do lately... what it's used for, is to install rogue antivirus software." The UK-based anti-spam service Spamhaus echoed Stewart today. "If [Microsoft's take-down] did affect spam, we haven't noticed," said Richard Cox, the chief information officer at Spamhaus. Like Stewart, Cox also dismissed Waledac's threat as a spam engine. "Waledac was not a high threat, it's less than 1% of the spam traffic," Cox said. "What we're worried about is Zeus, which is a far more damaging botnet, which is creating a substantial amount of spam." Postini, t
KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms

KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms

October 29, 2020Ravie Lakshmanan
An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting "dozens of known vulnerabilities" to target widely-used content management systems (CMS). The "KashmirBlack" campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, Vbulletin, OsCommerence, OpenCart, and Yeager. "Its well-designed infrastructure makes it easy to expand and add new exploits or payloads without much effort, and it uses sophisticated methods to camouflage itself, stay undetected, and protect its operation," Imperva researchers said in a  two-part   analysis . The cybersecurity firm's six-month-long investigation into the botnet reveals a complex operation managed by one command-and-control (C2) server and more than 60 surrogate servers that communicate with the bots to send new targets, allowing it to expand the size of the botn
FBI Mapping 'Joanap Malware' Victims to Disrupt the North Korean Botnet

FBI Mapping 'Joanap Malware' Victims to Disrupt the North Korean Botnet

January 31, 2019Swati Khandelwal
The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade. Dubbed Joanap , the botnet is believed to be part of " Hidden Cobra "—an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of Peace and backed by the North Korean government. Hidden Cobra is the same hacking group that has been allegedly associated with the WannaCry ransomware menace in 2016, the SWIFT Banking attack in 2016, as well as Sony Motion Pictures hack in 2014. Dates back to 2009, Joanap is a remote access tool (RAT) that lands on a victim's system with the help an SMB worm called Brambul , which crawls from one computer to another by brute-forcing Windows Server Message Block (SMB) file-sharing services using a list of common passwords. Once there, Brambul downloads Jo
Microsoft's Digital Crimes Unit successfully disrupted the ZeroAccess Botnet

Microsoft's Digital Crimes Unit successfully disrupted the ZeroAccess Botnet

December 07, 2013Mohit Kumar
Microsoft today announced that its Digital Crimes Unit ( a center of excellence for advancing the global fight against cybercrime ) has successfully disrupted the ZeroAccess botnet, one of the world's largest and most rampant botnet .The Botnet is " disrupted ," not "fully destroyed" , Microsoft itself admits that " do not expect to fully eliminate the ZeroAccess botnet due to the complexity of the threat. " This is the Microsoft's 8th botnet takedown operation in the past three years. With the help of U.S. Federal Bureau of Investigation  ( FBI ) and Europol's European Cybercrime Centre (EC3), Microsoft led to the seizure of servers that had been distributing malware which has infected nearly 2 million computers all over the world, and with that, ZeroAccess botnet's masters are earning more than $2.7 million every month. ZeroAccess was first identified in 2011 by Symanetc, being used for click fraud, the malware can also be used to illicitly mine the v
Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks

Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks

September 02, 2021Ravie Lakshmanan
The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019. News of the arrest, which originally  happened  in June, was  disclosed  by researchers from Netlab, the network research division of Chinese internet security company Qihoo 360, earlier this Monday, detailing its involvement in the operation. "Mozi uses a P2P [peer-to-peer] network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019. The development also comes less than two weeks after Microsoft Security Threat Intelligence Center  revealed  the botnet's new capabilities that enable it to inter
ALERT! Hackers targeting IoT devices with a new P2P botnet malware

ALERT! Hackers targeting IoT devices with a new P2P botnet malware

October 07, 2020Ravie Lakshmanan
Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the  HEH Botnet  — written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a brute-force attack of the Telnet service on ports 23/2323 and can execute arbitrary shell commands. The researchers said the HEH botnet samples discovered so far support a wide variety of CPU architectures, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III), and PowerPC (PPC). The botnet, despite being in its early stages of development, comes with three functional modules: a propagation module, a local HTTP service module, and a P2P module. Initially downloaded and executed by a malicious Shell script named "wpqnbw.txt," the HEH sample then uses the Shell script to download rogue programs for all
Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month

Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month

September 18, 2019Swati Khandelwal
Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading computer viruses that is now infecting over 90,000 machines each month around the world. Though the campaigns that are hacking computers with the Smominru botnet have not been designed to go after targets with any specific interest, the latest report from Guardicore Labs researchers shed light on the nature of the victims and the attack infrastructure. According to the researchers, just last month, more than 4,900 networks were infected by the worm without any discrimination, and many of these networks had dozens of internal machines infected. Infected networks include US-based higher-educ
An Army of Thousands of Hacked Servers Found Mining Cryptocurrencies

An Army of Thousands of Hacked Servers Found Mining Cryptocurrencies

May 05, 2017Swati Khandelwal
A new botnet consisting of more than 15,000 compromised servers has been used to mine various cryptocurrencies, earning its master around $25,000 per month. Mining cryptocurrencies can be a costly investment, as it requires an enormous amount of computing power, but cybercriminals have found an easy money-making solution. Dubbed BondNet, the botnet was first spotted in December 2016 by GuardiCore researchers, who traced back the botnet malware developer, using online handle Bond007.01, to China. According to the GuardiCore researchers, Bond007.01 is currently using BondNet for mining cryptocurrencies — primarily Monero, but also ByteCoin, RieCoin, and ZCash — but they warn that the hacker could easily take full control of compromised servers for malicious purposes, like mounting Mirai-style DDoS attacks. BondNet Attacks only Windows Server Machines Since mining cryptocurrencies require large amounts of CPU/GPU power, the botnet master goes after Windows Server machin
Alleged Skynet Botnet creator arrested in Germany

Alleged Skynet Botnet creator arrested in Germany

December 09, 2013Mohit Kumar
The German Federal Criminal Police Office (BKA) has arrested a gang of cyber criminals believed to be responsible for creating the Skynet Botnet. Skynet was first detected by Security Firm G DATA in December 2012. It is a variant of the famous Zeus malware to steal banking credentials with DDoS attack and Bitcoin mining capabilities. The Botnet was controlled from an Internet Relay Chat (IRC) server hidden behind Tor network in order to evade sinkholing. According to a press release from German police, they arrested two people suspected of illegally generating Bitcoins worth nearly $1 million using a modified version of existing malware i.e. Skynet Botnet. German police conducted raids earlier this week on 3rd December and found evidence of other hacking activities i.e. Fraud and distribution of copyrighted pornographic material. A third person is under suspicion but has not been arrested. However, Police didn't mention Skynet Botnet in their press release, but just a day
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.