Malware Hunter: Find C&C servers for botnets

Recorded Future and Shodan released Malware Hunter, a specialized crawler for security researchers that explores the Internet to find computers acting as remote access trojan (RAT) command and control centers. Malware Hunter unearths computers hosting RAT controller software that remotely controls malware-infected computers and instructs them to execute malicious activities such as recording audio, video,…

Locky ransomware makes a comeback, courtesy of Necurs botnet

The Necurs botnet has, once again, begun pushing Locky ransomware on unsuspecting victims. The botnet, which flip-flops from sending penny stock pump-and-dump emails to booby-trapped files that lead to malware (usually Locky or Dridex), has been spotted slinging thousand upon thousand of emails in the last three or four days.

Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation

The Avalanche botnet – linked to many of the world’s most troublesome ransomware, RATs, and banking Trojans – has been dealt a critical blow in what Europol called today the “largest-ever use of sinkholing to combat botnet infrastructures.” Five individuals were arrested and 800,000 domains seized, sinkholed, or blocked in an international takedown operation that…

The Internet of Trouble: Securing Vulnerable IoT Devices

There are times when perception will coalesce around something that has been previously known, but not taken seriously. That is what happened recently with the distributed denial-of-service (DDoS) weaponization of the Internet of Things (IoT). Although government agencies have issued warnings about the potential problem of vulnerable IoT devices, nobody has ever really done anything…

Was the Dyn DDoS attack actually a script kiddie v. PSN?

The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint. “Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the…

Sarvdap Spambot Checks IP Blacklists

The Sarvdap spambot was recently observed checking the IP addresses of infected hosts against common blacklists, in an attempt to ensure that its spam email is successfully delivered, Palo Alto Networks security researchers reveal. While other spambots typically start sending spam emails as soon as a host has been infected, Sarvdap first checks to see…

IoT Default Passwords: Just Don’t Do It

Earlier this month, an underground forum released the code for the Mirai malware, which lets attackers hijack the thousands (and counting) of Internet of Things devices that are used to carry out distributed denial-of-service attacks. Panic ensued. Of course it did. This hack means that everyone can now view the code that allowed someone using…