Tag Archives: botnet

Creator of MegalodonHTTP DDoS Botnet Arrested

Last month, the Norway police arrested five hackers accused of running the MegalodonHTTP Remote Access Trojan (RAT).

The arrests came as part of the joint operation between Norway’s Kripos National Criminal Investigation Service and Europol, codenamed “OP Falling sTAR.”

According to the United States security firm, all the five men, aged between 16 and 24 years and located in Romania,

Dridex malware crippled by the FBI

On Tuesday, October 13, The United States Department of Justice announced that they had taken down and seized multiple command-and-control (C&C) servers that were part of a network used by the Dridex trojan to upload stolen information and distribute malware.

U.S. Attorney Hickton said, “Through a technical disruption and criminal indictment we have struck a blow to one of the most pernicious malware threats in the world.”

Dridex, also known as ‘Bugat’ and ‘Cridex’, is a malicious trojan used by criminals to steal bank login credentials from an infected PC, in order to gain access to a victim’s bank account—it’s been quite successful too, with losses in the UK estimated at £20 million and in the US at $10 million.

Dridex is commonly distributed in the form of a phishing email, and often contains an infected Word doc attachment. When a victim opens the Word document they unknowingly infect their PC, thereby allowing attackers to eavesdrop on their computer’s activity and automate the theft of data.

Head of Operations at the National Crime Agency’s National Cyber Crime Unit (NCCU), Mike Hulett, said: “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to be made.”

While the FBI and other international agencies continue their investigations, UK’s National Crime Agency (NCA) is still warning UK internet users to be aware of and protect themselves against Dridex.

Even though the distribution network has been crippled, the actual malware still exists and can be used by other criminals.

Mike Hulett goes on to provide sound advice for everyone, “We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails”.

If you don’t already have a suitable antivirus solution in place, we recommend you install one today. Download our award-winning AVG Protection for your PC to help prevent malware and viruses.

 


If you or anybody you know has been affected by cybercrime fraud you can report it to:

US
Federal Bureau of Investigation, Internet Crime Complaints Center
http://www.ic3.gov/default.aspx

UK
ActionFruad – National Fraud & Cyber Crime Reporting Centre
http://www.actionfraud.police.uk

AUS
ACORN – Australian Cybercrime Online Reporting Network
https://report.acorn.gov.au

CryptoWall joins forces with click fraud botnet to infect individuals and businesses alike

Newest CryptoWall variant enters systems through a click fraud botnet.

Newest CryptoWall variant enters systems through a click fraud botnet.

Earlier this year, we told you about the return of CryptoWall, malware that encrypts certain files in your computer and, once activated, demands a fine around $500 as a ransom to provide the decryption key. These kinds of financial fraud schemes target both individuals and businesses, are usually very successful and have a significant impact on victims. The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website.

Recently, a click fraud botnet with ties to CryptoWall has been discovered. The malware, nicknamed ‘RuthlessTreeMafia‘, has been being used to distribute CryptoWall ransomware. What first appears as an attempt to redirect user traffic to a search engine quickly mutates into an alarming threat as infected systems begin to download CryptoWall and system files and data become encrypted, rendering them useless by their owners. Click fraud and ransomware are two types of crimeware that are usually quite different from one another and typically don’t have many opportunities to join forces; therefore, the result of this unlikely yet powerful collaboration can be detrimental to its victims.

In a public service announcement issued on June 23, the FBI warns of the continued spread of this variant of CryptoWall that has the potential to affect not only individuals, but also government entities and businesses. The report reads:

“Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.”

The uncovering of this most recent CryptoWall variant also goes to show just how creative cybercriminals can be when coming up with ways to get their malware onto people’s systems. A simple click fraud botnet compromise can now lead to a potentially serious ransom attack.

How to stay safe against infection

  • Go with your gut. Don’t click on any emails or attachments that appear as suspicious or unfamiliar to you.
  • Enable popup blockers. Popups are a popular way for hackers to spread malware. To eliminate the chance of accidentally clicking on a popup, it’s best to prevent them from appearing in the first place.
  • Educate employees about the dangers of malware. It’s crucial that SMBs teach their employees about the risks that malware pose to their business. Hold regular workshops to educate employees about common malware attacks, such as phishing emails, and how they can stay safe against them.
  • Always use antivirus software and a firewall. It’s crucial that you download and use antivirus software to best protect yourself against malicious attacks. For the highest level of protection, regularly make sure that your software is updated to the latest version.