Locky ransomware makes a comeback, courtesy of Necurs botnet
The Necurs botnet has, once again, begun pushing Locky ransomware on unsuspecting victims. The botnet, which flip-flops from sending penny stock pump-and-dump emails to booby-trapped files that lead to malware (usually Locky or Dridex), has been spotted slinging thousand upon thousand of emails in the last three or four days.
Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation
The Avalanche botnet – linked to many of the world’s most troublesome ransomware, RATs, and banking Trojans – has been dealt a critical blow in what Europol called today the “largest-ever use of sinkholing to combat botnet infrastructures.” Five individuals were arrested and 800,000 domains seized, sinkholed, or blocked in an international takedown operation that…
Mirai Evolving: New Attack Reveals Use of Port 7547
When the source code for the Mirai botnet was made public in late September, a top concern was that bad actors might modify the code to increase the number of Internet of Things (IoT) devices they can compromise. It seems these fears have been realized. A few weeks ago, Reverse Engineering Blog disclosed a vulnerability…
The Internet of Trouble: Securing Vulnerable IoT Devices
There are times when perception will coalesce around something that has been previously known, but not taken seriously. That is what happened recently with the distributed denial-of-service (DDoS) weaponization of the Internet of Things (IoT). Although government agencies have issued warnings about the potential problem of vulnerable IoT devices, nobody has ever really done anything…
Was the Dyn DDoS attack actually a script kiddie v. PSN?
The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint. “Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the…
Sarvdap Spambot Checks IP Blacklists
The Sarvdap spambot was recently observed checking the IP addresses of infected hosts against common blacklists, in an attempt to ensure that its spam email is successfully delivered, Palo Alto Networks security researchers reveal. While other spambots typically start sending spam emails as soon as a host has been infected, Sarvdap first checks to see…
IoT Default Passwords: Just Don’t Do It
Earlier this month, an underground forum released the code for the Mirai malware, which lets attackers hijack the thousands (and counting) of Internet of Things devices that are used to carry out distributed denial-of-service attacks. Panic ensued. Of course it did. This hack means that everyone can now view the code that allowed someone using…