Botnet News, Articles and Updates

Massive IoT botnet infects over one million organisations

Reaper IOT botnet could be worse than Mirai suggest some commentators as it continues to evolve.

Necurs botnet attackers likely gathering intel via downloader screen grabs

The Necurs botnet is on the rise again, this time sporting a downloader that screengrabs the desktops of infected systems.

Linux IoT botnet retooled to send spam email

An IoT botnet has set its hooks in about 4,500 - 5,000 proxy devices to send spam emails which each device capable of sending 400 messages or a total of 1.8 million messages per day.

Sharing IOT malware rife, botnets now child's play as teen arrest shows

A 13 year old hacker caught trying to build up botnet to hack CCTV cameras demonstrates that attacking IoT devices is literally child's play, thanks to widespread sharing of IoTmalware.

Trickbot banking Trojan a significant risk to financial institutions

Vitali Kremez reports how the Necurs botnet is delivering a different type of malware that poses a threat specifically to the financial sector: the "Trickbot" banking Trojan.

ICYMI: Facebook malware; nude celeb hack; logons key; spambot; CeX hack

In Case You Missed It: Facebook spreads malware; Instagram celeb hack; Logon breach id key; Spambot weaponises 711 m accounts; CeX hacked

Spambot weaponises 711M accounts to spread Ursnif malware

A Paris-based security researcher, Benkow, spotted a massive spambot, dubbed Onliner, weaponising 711 million email and server accounts to distribute phishing emails laced with malware looking to steal user data.

'Thingbots' become a 'thing' expected to underpin a future darknet

Botnets built exclusively from IoT devices have very much become a 'thing - thingbots - and they are now becoming a primary infrastructure for a future darknet according to a report from cybersecurity firm F5 Networks.

ICYMI: Skills gap? Mirai; GDPR; £14.5m centre; ApplePay vulnerable

In Case You Missed It: Skills gap real? Mirai hits DT; GDPR ignored; £14.5m cyber-centre; ApplePay vulnerable to two threats

Active Directory botnet establishes C&C inside infected networks

Researchers have developed a potentially devastating new botnet that abuses infected victims' Active Directory Domain Controllers, turning them into internally hosted command and control servers.

Mirai botnet army could have been larger and more destructive

The massive Mirai distributed denial of service (DDoS) attack that took down Dyn DNS last fall knocking out dozens of high-profile websites could have been much worse if the malicious actors had done a bit more research.

Wimax routers found to contain backdoors allowing authentication bypass

Old Wimax routers have been found to contain backdoors and could enable hackers to bypass authentication researchers have now disclosed, aiding use for DDoS attacks.

Hajime malware now has 300,000 strong botnet at disposal say researchers

The Hajime malware has recruited 300,000 IoT devices to its botnet, but researchers are still baffled as to what the botnet 's purpose may be.

Imperva Incapsula uncovers elaborate 80,000-strong spam botnet

Researchers at the security company find that making money online from fake Viagra not so hard.

Hackers use Mirai botnet to mine bitcoins with IoT devices - very slowly

Malware which targeted IoT devices was doing more than launching DDoS attacks, researchers discovered, but they question how effective it would be.

President Trump's microwave and other unnecessary IoT distractions

The only thing worse than the plethora of internet-connected devices is the irrelevant chatter about IoT that could be distracting security teams from the real threats, as Davey Winder found out.

ICYMI: Hotel ransom; Router botnet; Gamer breach; Data loss; insiders

In Case You Missed It: Hotel ransomware report; Routers hijacked for botnet; X-Box, Playstation breach; Data centre vulnerability; insiders paid for secrets.

Google mistakes large volume of NHS traffic to be a botnet

NHS Digital said "We are aware of the current issue concerning NHS IP addresses which occasionally results in users being directed to a simple verification form when accessing Google."

Report: Mirai 'is just the tip of the iceberg'

A new report from the Institute of Critical Infrastructure Technology has placed Mirai as one of the most insidiously profound threats of recent memory, offering a "quantum leap" to even unsophisticated attackers

Flashpoint: "Mirai variant attacked Deutsche Telekom"

Researchers have confirmed that it was a variant form of Mirai that was used to try and turn nearly a million Deutsche Telekom customers routers into a botnet over the weekend.

We could all have been victims of massive Deutsche Telekom botnet

If attackers had succeeded in taking over 900,000 routers in Germany, we wouldn't be thinking of Deutsche Telekom as the victim but the enabler of a massive botnet.

Researcher finds Mirai flaws that could allow counterattack on botnet

IoT botnet blamed for Dyn attack - Mirai - has several code vulnerabilities but questions are raised over legality of its use in defence.

Researchers spot cyber-crooks actively upgrading Mirai botnet

An researcher spotted threat actors actively updating and customising the Mirai botnet source code that was leaked less than two weeks ago.

Chinese IoT device manufacturer recalls products amidst mass DDoS attacks

A large scale DDoS attack, carried out by a botnet of hacked Internet of Things devices, many of which were made by Chinese firm Xiongmai has now prompted a product recall.

Mirai botnets linked to massive DDoS attacks on Dyn DNS, Flashpoint says

DDoS attacks using IOT botnets take down parts of the internet delivering Twitter, Spotify, Netflix, GitHub, Amazon and Reddit among others.

Leaked Mirai source code already being tested in wild, analysis suggests

Since the source code to the Mirai IoT botnet was publicly leaked, researchers at Imperva have uncovered evidence of several low-level DDoS attacks that were likely perpetrated by new users testing out this suddenly accessible tool.

Krebs dropped by Akamai for record DDoS attack, OVH suffers 1100 Gbps DDoS

DDoS mitigation giant Akamai have made the strategic decision to remove Brian Kreb's website from their servers from a huge record-breaking DDoS attack of 626Gbps, now OVH is reporting of a 1100Gbps DDoS.

120k strong botnet found in the wild

Networking and telecomms specialists Level 3 have discovered a botnet of 120,000 devices in the course of conducting DDoS research.