A distribution channel of the Dridex botnet may have been hacked. Instead of getting loaded with malware, people are getting clean copies of Avira antivirus and we have two theories as to why. Do you know what a “white hat” is?
The post Dridex botnet distributor now serves Avira appeared first on Avira Blog.
Last month, the Norway police arrested five hackers accused of running the MegalodonHTTP Remote Access Trojan (RAT).
The arrests came as part of the joint operation between Norway’s Kripos National Criminal Investigation Service and Europol, codenamed “OP Falling sTAR.”
According to the United States security firm, all the five men, aged between 16 and 24 years and located in Romania,
Law enforcement agencies from around the globe, aided by Microsoft security researchers, today announced the disruption of one of the most widely distributed malware families – Win32/Dorkbot.
The post News from the Dorkside: Dorkbot botnet disrupted appeared first on We Live Security.
You thought you’ve heard the last of the Conficker malware back in 2009? Well – think again.
The post Conficker is kind of back appeared first on Avira Blog.
Ever look at CCTV cameras and think, “Isn’t it great that someone is looking out for me?”
The post Smile! Everyone is watching you. appeared first on Avira Blog.
There’s a big difference between “mostly dead” and “all dead” with film characters … and with malware distributing botnets. The Dridex/Bugat botnet is still slightly alive …
The post Dridex/Bugat botnet is alive, says Miracle Max appeared first on Avira Blog.
On Tuesday, October 13, The United States Department of Justice announced that they had taken down and seized multiple command-and-control (C&C) servers that were part of a network used by the Dridex trojan to upload stolen information and distribute malware.
U.S. Attorney Hickton said, “Through a technical disruption and criminal indictment we have struck a blow to one of the most pernicious malware threats in the world.”
Dridex, also known as ‘Bugat’ and ‘Cridex’, is a malicious trojan used by criminals to steal bank login credentials from an infected PC, in order to gain access to a victim’s bank account—it’s been quite successful too, with losses in the UK estimated at £20 million and in the US at $10 million.
Dridex is commonly distributed in the form of a phishing email, and often contains an infected Word doc attachment. When a victim opens the Word document they unknowingly infect their PC, thereby allowing attackers to eavesdrop on their computer’s activity and automate the theft of data.
Head of Operations at the National Crime Agency’s National Cyber Crime Unit (NCCU), Mike Hulett, said: “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to be made.”
While the FBI and other international agencies continue their investigations, UK’s National Crime Agency (NCA) is still warning UK internet users to be aware of and protect themselves against Dridex.
Even though the distribution network has been crippled, the actual malware still exists and can be used by other criminals.
Mike Hulett goes on to provide sound advice for everyone, “We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails”.
If you don’t already have a suitable antivirus solution in place, we recommend you install one today. Download our award-winning AVG Protection for your PC to help prevent malware and viruses.
If you or anybody you know has been affected by cybercrime fraud you can report it to:
US
Federal Bureau of Investigation, Internet Crime Complaints Center
http://www.ic3.gov/default.aspx
UK
ActionFruad – National Fraud & Cyber Crime Reporting Centre
http://www.actionfraud.police.uk
AUS
ACORN – Australian Cybercrime Online Reporting Network
https://report.acorn.gov.au
US authorities have jailed the administrators and claim to have shut down the Dridex/Bugat botnet, but Avira researchers are finding signs that the botnet is still functioning.
The post Administrators are in jail, Dridex/Bugat botnet may be still alive appeared first on Avira Blog.
At VB2015 in Prague, three experts from the Avira labs – Moritz Kroll, Philipp Wolf & Ayoub Faouzi – spoke on botnet tracking. Here is a summary of their findings:
The post Botnet Milking: Malware Freshly Served From the Source appeared first on Avira Blog.
Newest CryptoWall variant enters systems through a click fraud botnet.
Earlier this year, we told you about the return of CryptoWall, malware that encrypts certain files in your computer and, once activated, demands a fine around $500 as a ransom to provide the decryption key. These kinds of financial fraud schemes target both individuals and businesses, are usually very successful and have a significant impact on victims. The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website.
Recently, a click fraud botnet with ties to CryptoWall has been discovered. The malware, nicknamed ‘RuthlessTreeMafia‘, has been being used to distribute CryptoWall ransomware. What first appears as an attempt to redirect user traffic to a search engine quickly mutates into an alarming threat as infected systems begin to download CryptoWall and system files and data become encrypted, rendering them useless by their owners. Click fraud and ransomware are two types of crimeware that are usually quite different from one another and typically don’t have many opportunities to join forces; therefore, the result of this unlikely yet powerful collaboration can be detrimental to its victims.
In a public service announcement issued on June 23, the FBI warns of the continued spread of this variant of CryptoWall that has the potential to affect not only individuals, but also government entities and businesses. The report reads:
“Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.”
The uncovering of this most recent CryptoWall variant also goes to show just how creative cybercriminals can be when coming up with ways to get their malware onto people’s systems. A simple click fraud botnet compromise can now lead to a potentially serious ransom attack.
How to stay safe against infection
