V3.co.uk

Doctor Web hijacks control of BackDoor botnet from criminals

Massive spam malware discovered sneaking into 100 systems per hour

malware virus security
  •  
  •  
  • Save this article  
0 Comments

Russian antivirus firm Doctor Web has taken control of a botnet found infecting over 100 computers per hour at its peak.

The firm reported wrestling control of the botnet, known as BackDoor.Bulknet.739, from its criminal authors in a blog post on Monday.

"Doctor Web's analysts managed to hijack a server used to control the BackDoor.Bulknet.739 botnet and gathered statistics. As of 5 April, over 7,000 bots were connected to the server," the firm said.

The campaign spread itself using malicious spam messages that were sent automatically from any machine ensnared by the crook's zombie network.

"The Trojan facilitates the sending of massive volumes of spam from infected computers. BackDoor mainly targets machines located in Italy, France, Turkey, the USA, Mexico and Thailand," wrote a Doctor Web researcher.

The firm reported that at its peak the tactic was hugely successful, leading to 100 infections per hour.

The campaign was initially uncovered late in 2012 and has been tied to numerous mass mailing scams.

"The first time BackDoor drew the interest of Doctor Web's analysts was in October 2012. They discovered that the Trojan was being used to connect computers into botnets and was enabling criminals to carry out mass spam mailings," added the alert.

Doctor Web reported that Microsoft's Windows XP and Windows 7 operating were the worst affected, accounting for 42 percent and 52 percent of the known infections respectively.

The risk to XP users from the botnet is timely, as it comes on the one-year anniversary of Microsoft ending support for the ageing operating system.

The botnet's high success rate is systematic of a wider escalation in the complexity and ingenuity of cyber criminal's attack tools and strategies.

Most recently security firm FireEye reported detecting a serious defence dodging threat targeting one of its business customers at least once every three minutes in its H2 2012 threat report.

  •  
  •  
  • Save this article  

V3 Latest

blog comments powered by Disqus