|
Finjan recently discovered huge botnet, network of 1.9 million infected computers, whose command and control server is hosted in Ukraine. The botnet has infected machines from some 77 government-owned domains, 51 of which are U.S. government ones. According to report from Ophir Shalitin, marketing director of Finjan, this is one of the largest bot networks controlled by a single team of cybercriminals (six individuals). Discovered botnet appears to be larger than the infamous Storm botnet was in its heyday. Aside from its massive size and scope, what is also striking about the botnet is what its malware can do to an infected machine. It allow an attacker to read the victim's email, inject code into other processes, visit Websites without the user knowing, and register as a background service on the infected machine. The bots communicate with their command and control systems via HTTP protocol. Botnet expert Joe Stewart says it appears to be similar to other botnets, because it has a system for installing malware. Finjan experts say victims are infected when visiting legitimate Websites containing a Trojan that is detected by only four (AVG, DrWeb, NOD32 and Panda) of 39 anti-malware tools. The bots were found in banks and large corporations, as well as consumer machines (run Windows XP operating system), and around 45 percent of the bots are in the U.S. Nearly 80 percent run Internet Explorer, 15 percent Mozilla Firefox, 3 percent Opera, and 1 percent Safari. The original new could be found on the darkREADING web site.
|
