The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for botnets

An Army of Million Hacked IoT Devices Almost Broke the Internet Today

An Army of Million Hacked IoT Devices Almost Broke the Internet Today

October 22, 2016Unknown
A massive Distributed Denial of Service (DDoS) attack against Dyn , a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify. But how the attack happened? What's the cause behind the attack? Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack. Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH. According to security intelligence firm Flashpoint , Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS. Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of
Mr. Grey Hacker (Wanted by FBI) Steals 1.2 BILLION Login Passwords

Mr. Grey Hacker (Wanted by FBI) Steals 1.2 BILLION Login Passwords

November 26, 2015Swati Khandelwal
That's a lot of Login credentials fetch by a single hacker. The FBI believes a single hacker who goes by the moniker Mr.Grey has stolen login credentials for over 1.2 Billion online accounts – apparently the biggest heist of log-in credentials the FBI has investigated thus far. Yeah, that's not Fifty, but 1.2 Billion Shades of Grey . The information came from the court documents the federal agents submitted to support its search warrant request in 2014, Reuters reported . The cyber security firm ' Hold Security ' initially reported the theft of the credentials last year. It found out that Russian hacking group CyberVor has stolen 1.2 Billion login details and an additional 500 Million email accounts. Botnet Breach These data were said to have been harvested from over 420,000 websites via botnets looking for SQL injection flaws ; the same technique recently used to hack TalkTalk . Botnets are usually employed to attack an individual targ
New Citadel Trojan Targets Your Password Managers

New Citadel Trojan Targets Your Password Managers

November 21, 2014Mohit Kumar
Unless we are a human supercomputer, remembering password is not an easy task and that too, if you have a different password for every different site. But luckily to make the whole process easy, there is a growing market for password managers which provides an extra layer of protection. Wait! Wait! Seriously?? Security researchers have discovered a new variant of data-stealing Citadel Trojan program used by cybercriminals to slurp up users' master passwords for a number of password management applications and other authentication programs, which will let you think twice before using one. Citadel Trojan malware program has typically been used to steal online banking credentials and other financial information by masquerading itself as legitimate banking sites when victims open it in their local browser, which is also known as a man-in-the-browser attack . The malware has previously targeted users' credentials stored in the password management applications included
India to Host 3rd Annual 'The Hackers Conference' this Year in August

India to Host 3rd Annual 'The Hackers Conference' this Year in August

June 25, 2014Swati Khandelwal
A crowd of Cyberspace experts along with the best minds in Indian hacking community, leaders in the information security community, policymakers and Government representatives will come together at a common platform to join their efforts in addressing the most critical issues of the Internet Cyberspace. The Groups of Researchers from Information Security and Hacking Community are hosting the 3rd Annual THE HACKERS CONFERENCE (THC) 2014 , on 30th August in the Gulmohar Hall of the India Habitat Center, Delhi. COMMON PLATFORM FOR HACKERS AND GOVERNMENT In its endeavor to secure the cyber-ecosystem, The Hackers Conference will bring both hackers and government officials together on a common platform with a theme of "Building a secure and resilient cyberspace ". " The conference objective is to provide a common and unique platform to the hackers along with the government officials and policymakers wherein both can showcase their expertise, " says the organizers
DDoS attack from Browser-based Botnets that lasted for 150 hours

DDoS attack from Browser-based Botnets that lasted for 150 hours

November 14, 2013Anonymous
Browser-based botnets are the T-1000s of the DDoS world. Just like the iconic villain of the old Judgment Day movie, they too are designed for adaptive infiltration. This is what makes them so dangerous. Where other more primitive bots would try to brute-force your defenses, these bots can simply mimic their way through the front gate. By the time you notice that something`s wrong, your perimeter has already been breached, your servers were brought down, and there is little left to do but to hang up and move on. So how do you flush out a T-1000? How do you tell a browser-based bot from a real person using a real browser? Some common bot filtering methods, which usually rely on sets of Progressive Challenges , are absolutely useless against bots that can retain cookies and execute JavaScripts. The alternative to indiscriminately flashing CAPTCHA's for anyone with a browser is nothing less than a self-inflicted disaster - especially when the attacks can go on for weeks a
Dissecting a mobile malware

Dissecting a mobile malware

January 27, 2013Anonymous
The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a recent report Sophos security firm revealed that in Australia and the U.S. Android threat exposure rates exceeding those of PCs showing the urgency to implement proper countermeasures. The situation appears really critical that why I asked to the expert of Group-IB Forensics Lab to show me how these agents work with a really case study. Several month ago Group-IB Forensics Lab detected mobile-banking malware through Google Play by Sberbank request (Russian leading national bank).  The File associated to the malware was named sber.apk , it was an Android Package having size of 225,905 bytes and digest md5: F27D43DFEEDFFAC2EC7E4A069B3C9516 . Analyzing the functionality of the ag
Botnets, DDoS attacks as weapon against financial sector

Botnets, DDoS attacks as weapon against financial sector

April 13, 2012Mohit Kumar
Botnets, DDoS attacks as weapon against financial sector DDOS attacks against the financial sector almost tripled during the first quarter of this year, according to DDoS mitigation specialist Prolexic. The firm also reported a 3,000 per cent quarter-on-quarter increase in malicious packet traffic targeted at the financial services sector, compared with the final quarter of 2011. China leads the way as the country from where DDoS attacks originate, followed by the U.S., Russia, then India. Prolexic says " more than 10 of the worlds largest banks due to market capitalization ," and " an almost threefold increase in the number of attacks against its financial services ". A distributed denial-of-service attack is one in which several compromised systems attack a single target, causing denial of service for legitimate users. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service. The average attack bandwidth
DHS Investing $40 Million for Cybersecurity Research !

DHS Investing $40 Million for Cybersecurity Research !

February 01, 2011Mohit Kumar
Insider threats, botnets and malware, and assay to abutment the Comprehensive Civic Cyber Initiative (CNCI) are amid areas of cybersecurity advance the Department of Homeland Aegis (DHS) will accomplish in budgetary year 2011. The DHS Science and Technology Homeland Aegis Advanced Assay Projects Bureau (HSARPA) is gluttonous proposals on 14 areas of cybersecurity assay it affairs to focus on this year, bristles of which will accord to the CNCI, a alternation of efforts to accommodate front-line aegis adjoin cybersecurity threats, according to a Broad Bureau Announcement acquaint on FedBizOpps.gov. The absolute amount of the accretion is $40 million. The DHS has been advance in cybersecurity for a brace of years through HSARPA, and this year shows the bureau absorption on both acceptable methods of aegis such ascomputer application assurance, enterprise-level aegis metrics, and arrangement resiliency, as able-bodied as added forward-thinking areas of assay such as authoritative aegi
Microsoft botnet take down will not stop spam !

Microsoft botnet take down will not stop spam !

January 11, 2011Mohit Kumar
A prominent security researcher said he doubts Microsoft's take down of the Waledac botnet would have any impact on spam levels, as the company claimed. "Waledac just is not a hugely prolific spammer," said Joe Stewart, director of malware analysis at SecureWorks and a noted botnet researcher. "So I don't think it's going to affect spam [volume]. What it does do lately... what it's used for, is to install rogue antivirus software." The UK-based anti-spam service Spamhaus echoed Stewart today. "If [Microsoft's take-down] did affect spam, we haven't noticed," said Richard Cox, the chief information officer at Spamhaus. Like Stewart, Cox also dismissed Waledac's threat as a spam engine. "Waledac was not a high threat, it's less than 1% of the spam traffic," Cox said. "What we're worried about is Zeus, which is a far more damaging botnet, which is creating a substantial amount of spam." Postini, t
‘BitTorrent’ exploit could be used to stage massive cyber attacks !

'BitTorrent' exploit could be used to stage massive cyber attacks !

December 31, 2010Mohit Kumar
With the Federal Bureau of Investigations (FBI) treating successful cyber attacks by "Operation Payback" as criminal offenses, a new level of ambiguity is being introduced into the enforcement of cyber crime laws. The FBI was treating efforts by "Anonymous" and "4chan" as an "unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system," according to a search warrant affidavit published online Thursday. Not all distributed denial of service (DDoS) efforts are a crime. This is especially true when systems within the networks staging the attack are placed there voluntarily by their users, with thousands of willing individuals simply flooding a server by asking it to do what it's designed for: loading pages. Botnets of this nature have been compared to cyber "sit-ins": a computer-age echo of civil rights-era protests. However, a newly discovered software exploit in peer-to-pee
Indian hackers focus on botnet attacks

Indian hackers focus on botnet attacks

November 02, 2010Mohit Kumar
A new report released by computer giant Microsoft has revealed that the attack of 'botnets' on computers has increased in India. A botnet is a network of computers, controlled by one computer (bot herder), which attacks another PC and makes it a part of its network. The report says that the Indian cybercriminals are looking at creating botnets. Microsoft Security Intelligence Report version 9, which covered more than 200 countries and territories, ranked India 25th in terms of bot infections detected and removed in the quarter ended Jun 2010.   India had 38,954 computers with bots cleaned in the second quarter of 2010 compared to 37,895 computers in the first quarter.
Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns

Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns

December 01, 2021Ravie Lakshmanan
Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts. Unlike other variants of  banking malware  that bank of overlay attacks to capture sensitive data without the knowledge of the victim, the malicious applications uncovered by Check Point Research are designed to trick the targets into handing over their credit card information by sending them a legitimate-looking SMS message that contains a link, which, when clicked, downloads a malicious app on to their devices. "The malicious application not only collects the victim's credit card numbers, but also gains access to their 2FA authentication SMS, and turn[s] the victim's device into a bot capable of spreading similar phishing SMS to other potential victims," Check Point researcher Shmuel
Researchers Uncover 'Pink' Botnet Malware That Infected Over 1.6 Million Devices

Researchers Uncover 'Pink' Botnet Malware That Infected Over 1.6 Million Devices

November 01, 2021Ravie Lakshmanan
Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Qihoo 360's Netlab security team dubbed the botnet " Pink " based on a sample obtained on November 21, 2019, owing to a large number of function names starting with "pink." Mainly targeting MIPS-based fiber routers, the botnet leverages a combination of third-party services such as GitHub, peer-to-peer (P2P) networks, and central command-and-control (C2) servers for its bots to controller communications, not to mention completely encrypting the transmission channels to prevent the victimized devices from being taken over. "Pink raced with the vendor to retain control over the infected devices, while vendor
Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

July 26, 2021Ravie Lakshmanan
An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. "LemonDuck, an actively updated and robust malware that's primarily known for its botnet and cryptocurrency mining objectives, followed the same trajectory when it adopted more sophisticated behavior and escalated its operations," Microsoft  said  in a technical write-up published last week. "Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity." The malware is notorious for its ability to propagate rapidly across an infected network to facilitate information theft an
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

July 19, 2021Ravie Lakshmanan
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed " Diicot brute ," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to facilitate the intrusions, Bitdefender researchers said in a report published last week. While the goal of the campaign is to deploy Monero mining malware by remotely compromising the devices via brute-force attacks, the researchers connected the gang to at least two  DDoS  botnets, including a  Demonbot  variant called chernobyl and a Perl  IRC bot , with the XMRig mining payload hosted on a domain named mexalz[.]us since February 2021. The Romanian cybersecurity technology company said it began its investigation into the group's hostile online activities in May 2021, leading
Emotet Malware Destroys Itself From All Infected Computers

Emotet Malware Destroys Itself From All Infected Computers

April 26, 2021Ravie Lakshmanan
Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emotet as part of " Operation Ladybird " to seize control of servers used to run and maintain the malware network. The orchestrated effort saw at least 700 servers associated with the botnet's infrastructure neutered from the inside, thus preventing further exploitation. Law enforcement authorities from the Netherlands, Germany, the U.S., U.K., France, Lithuania, Canada, and Ukraine were involved in the international action. Previously, the Dutch police, which seized two central servers located in the country, said it had deployed a software update to counter the threat posed by Emotet effectively. "All infected computer systems will automatically retrieve the update there, a
Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers

March 23, 2021Ravie Lakshmanan
Purple Fox , a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes," according to  Guardicore researchers , who say the attacks have spiked by about 600% since May 2020. A total of 90,000 incidents have been spotted through the rest of 2020 and the beginning of 2021. First discovered in March 2018, Purple Fox is distributed in the form of malicious ".msi" payloads hosted on nearly 2,000 compromised Windows servers that, in turn, download and execute a component with  rootkit capabilities , which enables the threat actors to hide the malware on the machine and make it easy to evade detection. Guardicore says Purple Fox hasn't changed much post-exploitat
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.