CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 22nd, 2009

Government And Corporate Systems Found On 1.9 Million Infected Computers Network

Government and corporate Windows PCs were among the ranks of a 1.9 million botnet recently discovered by net security firm Finjan.

Finjan security researchers discovered the control server of the botnet after tracing back an infection from a corporate client. Evidence on the cybercrime server, which was hosted in the Ukraine, showed it had been in use since February 2009, and controlled by a cybergang of six people.

Trojan downloader malware planted on insecure websites was used to distribute the malware that seeded the botnet, via drive-by download attacks. The core group of cybercrooks were assisted by a vast affiliate network.

Yuval Ben-Itzhak, chief technology officer at Finjan, said the malware that created the botnet used a variety of Internet Explorer, Firefox and PDF vulnerabilities to spread. He added that only four out of 39 anti-virus scanners detected the malware.

Ben-Itzhak told El Reg that the cybercrooks behind the botnet made their money by auctioning off access to compromised machines through underground forums, typically charging $100 for 1,000 machines. The miscreants almost made money from selling data looted from compromised machines, he added.

The cybercrooks collectively compromised computers in 77 government-owned domains (.gov) from the UK, US and various other countries.

The malware that featured in the attack allowed hackers complete control of compromised PCs, nearly all of which were running Windows XP. A variety of malicious actions, from reading emails to copying files, keystroke logging, and spam distribution were all possible.

Since discovering the botnet, Finjan has supplied information to the server to UK and US law enforcement agencies. The command server is now out of commission. Finjan has informed affected corporate and government agencies about infected computer names, in a move that will hopefully result in a clean-up operation.

Credit: The Register
Credit: Finjan.com MCRC Blog

Share this item with others:

More on CyberInsecure:
  • Data-stealing Worm Compromise UK National Health Service Computers
  • Breach Involving Health Information In Elliot Health System
  • Investment Firm Clients Personal Data Exposed Over P2P Networks
  • Hackers Attack Canadian Government, Gain Access To Highly Classified Information
  • Military US Base Systems In Afghanistan And Iraq Hit By A Virus, At Least One Classified Network Penetrated

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Government And Corporate Systems Found On 1.9 Million Infected Computers Network

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.